Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.trojan.downloader To Name But A Few ....


  • Please log in to reply
8 replies to this topic

#1 Hobbers

Hobbers

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 February 2007 - 06:41 AM

Hello All

I am trying to sort out a relative's poorly PC - this is what I have done to try and get to the bottom of its dire performance and constant HDD activity when idle so far :-

They didn't have much protection to start off with, so I have loaded Avast Anti-Virus, Sygate Firewall and left Windows XP firewall enabled too.

(1) cleaned out all temporary files and cookies
(2) ran XP's disc cleanup
(3) installed XP Service Pack 2 and all outstanding updates
(4) ran AVast Anti-Virus both in normal and safe modes
(5) ran AVG Anti-Spyware
(6) ran Adaware SE
(7) ran Spybot S&D
(8) ran Mcafee Stinger
(9) ran Coolwebsearch Trojan Removal
(9) ran Regseeker and Beclean regostry cleaners
(10) ran XP's Check Disk Now and Disc Defragmenter
(11) ran Mcafee Rootkit Detector 1.0
(12) ran Hijack This 1.99

These packages found several infections (e.g. Win32:IRC-Flood, Win32:CTX, Win32:Trojan-gen., Win32:Qoologic-AQ, Funwebproducts, Smitfraud-c, Mywebsearch, Hotbar, CoolWWWsearch, Win32.Trojan.Downloader and quite a few besides), but all seemed to have now been removed.

On my first run of Hijack This, I did remove some obvious problems (an F2 - REG:system.ini: Userinit=C:\WINDOWS\System32\userinit.exe,MS32.exe and pages and pages of duplicated O18 references to Logitech Desktop Messenger) and am left with the resulting scan below.

Mcafee Rootkit also finds some hidden registry, processes and hooks but I can't seem to google any reliable results on what to do with those. I know this is a Hijack This forum, but in case they bear relevance, the main ones are :-

-- Mcafee Rootkit --
Object-Type: File/Folder
Object-Name: _restore{9F4B95E8-98A9-463B-8F87-7A812C663600}(2)
Pid: n/a
Object-Path: C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}(2)
Status: Hidden

Object-Type: File/Folder
Object-Name: catalog.wci
Pid: n/a
Object-Path: C:\System Volume Information\catalog.wci
Status: Hidden

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys

Object-Type: Registry-value
Object-Name: AppInit_DLLs
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Status: Registy value-data mismatch

Object-Type: Registry-value
Object-Name: AppInit_DLLs
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows.REN
Status: Registy value-data mismatch
---------------------

Other things I have noticed is that there should be no HDD activity, yet the HDD is going mad (Windows Task Manager showed SMC.EXE hogging 60 to 80% of the CPU) so I removed Sygate and now the processor is around 5% to 20% and the HDD still rattling away when I'm not doing anything on it (and the Internet is disconnected until I am happy the PC is fixed). I do intend to put Sygate back on. Also, now and again when it is running real slow the video doesn't refresh leaving old windows and duplicated windows up on the desktop. CPU, PSU and Case fan all running okay.

Oh, and Norton was removed a while ago (I have a particular aversion to Norton products - apologies to anybody to likes Norton's stuff!) but there is an O23 referencing SymWSC.exe that just won't go away).

Any help much appreciated

-- Hijack This Log ---

Logfile of HijackThis v1.99.1
Scan saved at 00:34:05, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\termsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\RunServices: [*Wssocks] wssocks.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://becky60.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/271d1a2d33ac55...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141398597656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151570558328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsan...ploader_v10.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Terminal Server-Services - Unknown owner - C:\WINDOWS\termsrv.exe
O23 - Service: Microsoft Print Spooler (WINDRIVER) - Conexant Systems, Inc. - (no file)

Cheers

Hobbers

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 February 2007 - 09:29 AM

Welcome to BC Hobbers :thumbsup:

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O4 - HKLM\..\RunServices: [*Wssocks] wssocks.exe

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

**************************

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).

Post the AVG Anti Spyware report,the Comboscan.txt from the Comboscan,and a new Hijackthis log into your next reply.

You may need several replies to post the logs in case they won't fit in one reply.
Posted Image
Posted Image

#3 Hobbers

Hobbers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 February 2007 - 05:41 PM

Hi RichieUK

Thank you for responding and the warm welcome. {Bienvenido}

**********************************************************
**** SAFE MODE REMOVAL OF O4 ENTRY AND AVG A/S REPORT ****
**********************************************************

--- Start of AVG A/S Report ---
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:07:53 23/02/2007
+ Scan result:

C:\Program Files\SearchRelevant\uninstall.exe -> Backdoor.Lot.e : Cleaned.
C:\WINDOWS\system32\bdv.exe -> Backdoor.SdBot.bdu : Cleaned.
C:\WINDOWS\system32\mzu.exe -> Backdoor.SdBot.bdu : Cleaned.
C:\WINDOWS\system32\yex.exe -> Backdoor.SdBot.bdu : Cleaned.
C:\Documents and Settings\Patricia\Local Settings\Temp\Cookies\patricia@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP15\A0008112.exe -> Trojan.Dialer.fn : Cleaned.
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP15\A0008113.exe -> Trojan.Dialer.fn : Cleaned.
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP16\A0012262.exe -> Trojan.Dialer.fn : Cleaned.
C:\y5m5u1r4r7.exe -> Trojan.Dialer.fn : Cleaned.

::Report end
--- End of AVG A/S Report ---

**************************************
**** NORMAL MODE RUN OF COMBOSCAN ****
**************************************

--- Start of Comboscan Report ---
ComboScan v20070221.16 run by Patricia on 2007-02-23 at 23:21:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Patricia.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:21:57, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\termsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Patricia\Desktop\comboscan.exe
C:\Program Files\HijackThis\Patricia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://becky60.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/271d1a2d33ac55...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141398597656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151570558328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsan...ploader_v10.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Terminal Server-Services - Unknown owner - C:\WINDOWS\termsrv.exe
O23 - Service: Microsoft Print Spooler (WINDRIVER) - Conexant Systems, Inc. - (no file)


-- HijackThis Fixed Entries (C:\Program Files\HijackThis\backups\) --------------

backup-20070223-003016-482 O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
backup-20070223-003218-491 O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
backup-20070223-003231-416 O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
backup-20070223-003425-278 O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
backup-20070223-220148-210 O4 - HKLM\..\RunServices: [*Wssocks] wssocks.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
3S ac97intc (Intel® 82801 Audio Driver Install Service (WDM)) - C:\WINDOWS\system32\drivers\ac97intc.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1S Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1S Avg7RsXP (AVG7 Rezident Driver) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
3S basic2 - C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys (not found)
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
2R CdaD10BA - C:\WINDOWS\system32\drivers\CdaD10BA.SYS
3S cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys
3R ctac32k (Creative AC3 Software Decoder) - C:\WINDOWS\system32\drivers\CTAC32K.SYS
3R ctaud2k (Creative Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\ctaud2k.sys
3S ctljystk (Creative SBLive! Gameport) - C:\WINDOWS\system32\drivers\ctljystk.sys
3R ctprxy2k (Creative Proxy Driver) - C:\WINDOWS\system32\drivers\CTPRXY2K.SYS
3R ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\CTSFM2K.SYS
3R emupia (E-mu Plug-in Architecture Driver) - C:\WINDOWS\system32\drivers\EMUPIA2K.SYS
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R ha10kx2k (Creative Hardware Abstract Layer Driver) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
3S hap16v2k (Creative P16V HAL Driver) - C:\WINDOWS\system32\drivers\HAP16V2K.SYS
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWBS2 - C:\WINDOWS\system32\drivers\hsfbs2s2.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\hsfdpsp2.sys
3S hsf_msft - C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys (not found)
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
1R incdrm (InCD EasyWrite Reader) - C:\WINDOWS\system32\drivers\incdrm.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3S L8042pr2 (Logitech PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042pr2.Sys
3S LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S msloop (Microsoft Loopback Adapter Driver) - C:\WINDOWS\system32\drivers\loop.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3S nm (Network Monitor Driver) - C:\WINDOWS\system32\drivers\nmnt.sys
3R ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
2R PfModNT - C:\WINDOWS\system32\drivers\PFMODNT.SYS
3S QCMerced (Logitech QuickCam Communicate) - C:\WINDOWS\system32\drivers\lvcm.sys
3S Rksample - C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys (not found)
3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3R StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3S SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
2R Vcs (Vcs support) - C:\WINDOWS\system32\drivers\Vcs.sys
3R winachsf - C:\WINDOWS\system32\drivers\hsfcxts2.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3S avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3S avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2S AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
4S Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
4S Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\System32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
2S Register DLL Driver -
2S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{B5458CF9-88EA-47AE-9E34-D175ADFBC155}
2S SymWSC (SymWMI Service) - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Terminal Server-Services - "C:\WINDOWS\termsrv.exe"
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\System32\svchost.exe -k usnsvc
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2S WINDRIVER (Microsoft Print Spooler) -
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2005-07-21 13:24:23 348 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1105449232.job<FRUTAS~1.JOB>


-- Files created between 2007-01-23 and 2007-02-23 ------------------------------

2007-02-23 21:50:35 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 00:28:55 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-22 22:40:55 0 d-------- C:\Program Files\BeClean
2007-02-22 22:18:28 0 d-------- C:\Trojan Removal<TROJAN~1>
2007-02-22 20:41:53 11868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-22 20:41:45 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-02-22 07:45:54 48128 --a------ C:\z8p2d9s5v1u3.exe<Z8P2D9~1.EXE>
2007-02-18 19:45:13 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-17 20:45:46 159744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-02-17 20:37:51 114688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-02-17 20:37:51 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-02-17 20:37:51 344064 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-02-17 20:37:51 1097728 --a------ C:\WINDOWS\system32\igfxress.dll
2007-02-17 20:37:50 225280 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-02-17 20:37:50 126976 --a------ C:\WINDOWS\system32\igfxhk.dll
2007-02-17 20:37:49 106496 --a------ C:\WINDOWS\system32\igfxext.exe
2007-02-17 20:37:49 36864 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-02-17 20:37:49 221184 --a------ C:\WINDOWS\system32\igfxeud.dll
2007-02-17 20:37:49 86016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-02-17 20:37:49 151552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2007-02-17 20:37:49 45056 --a------ C:\WINDOWS\system32\igfxdgps.dll
2007-02-17 20:37:49 139264 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-02-17 20:37:49 487424 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-02-17 20:37:49 37951 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2007-02-17 20:37:49 49152 --a------ C:\WINDOWS\system32\ialmrem.dll
2007-02-17 20:37:48 2285568 --a------ C:\WINDOWS\system32\ialmgicd.dll
2007-02-17 20:37:48 495616 --a------ C:\WINDOWS\system32\ialmgdev.dll
2007-02-17 20:37:48 99388 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2007-02-17 20:37:48 151259 --a------ C:\WINDOWS\system32\ialmdev5.dll
2007-02-17 20:37:48 748091 --a------ C:\WINDOWS\system32\ialmdd5.dll
2007-02-17 20:37:48 61440 --a------ C:\WINDOWS\system32\iAlmCoIn_v3865.dll<IALMCO~1.DLL>
2007-02-17 20:37:48 118784 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-02-17 20:37:48 118784 --a------ C:\WINDOWS\system32\hccutils.dll
2007-02-17 20:37:48 724221 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-02-17 20:30:57 0 d-------- C:\Drivers
2007-02-17 20:16:13 0 d-------- C:\WINDOWS\Prefetch
2007-02-17 20:06:24 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-17 20:04:20 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-02-17 20:04:20 59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-02-17 20:04:13 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-17 20:04:13 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-17 20:04:13 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-17 20:04:13 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-17 20:04:13 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-17 20:04:13 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-17 20:04:13 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-17 20:04:13 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-17 20:04:13 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-17 20:04:13 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-17 20:04:13 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-17 20:04:13 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-17 20:04:13 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-17 20:04:13 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-17 20:04:13 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-17 20:04:13 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-17 20:04:13 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-17 20:04:13 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-17 20:04:13 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-17 20:04:12 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-17 20:04:12 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-17 20:04:12 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-17 20:04:12 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-17 20:04:12 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-17 20:04:12 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-17 20:04:12 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-17 20:04:12 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-17 20:04:12 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-17 20:04:12 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-17 20:04:12 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-17 20:04:12 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-17 20:04:12 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-17 20:04:12 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-17 20:04:12 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-17 20:04:12 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-17 20:04:12 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-17 20:04:12 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-17 20:04:12 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-17 20:04:11 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-17 20:04:11 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-17 20:04:11 25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-17 20:04:11 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-17 20:04:11 124800 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-17 20:04:11 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-17 20:04:11 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-17 20:04:11 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-17 20:04:11 274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-17 20:04:11 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-17 20:04:11 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-17 20:04:11 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-17 20:04:10 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-17 20:04:10 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-17 20:04:10 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-17 20:04:10 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-17 20:04:10 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-17 20:04:10 15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-17 20:04:10 29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-17 20:04:10 36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-17 20:04:10 263040 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-17 20:04:10 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-17 20:04:10 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-17 20:04:09 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-17 20:04:09 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-17 20:04:09 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-17 20:04:09 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-17 20:04:09 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-17 20:04:09 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-17 20:04:09 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-17 20:04:09 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-17 20:04:09 11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-17 20:04:09 67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-17 20:04:09 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-17 20:04:09 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-17 20:04:09 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-17 20:04:09 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-17 20:04:09 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-17 20:04:08 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-17 20:04:08 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-17 20:04:08 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-17 20:04:08 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-17 20:04:08 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-17 20:04:08 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-17 20:04:08 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-17 20:04:08 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-17 20:04:08 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-17 20:04:08 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-17 20:04:08 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-17 20:04:08 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-17 20:04:08 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-02-17 20:04:08 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-17 20:04:08 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-17 20:04:07 30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-17 20:04:07 20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-17 20:04:07 71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-17 20:04:07 14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-17 20:04:07 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-02-17 20:04:07 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-17 20:04:07 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-02-17 20:04:07 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-17 20:04:06 13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-17 20:04:06 50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-17 20:04:05 81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-17 20:04:05 24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-17 20:04:05 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-17 20:04:05 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-17 20:04:05 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-17 20:04:05 22528 -----n--- C:\WINDOWS\system32\fltmc.exe
2007-02-17 20:04:05 16896 -----n--- C:\WINDOWS\system32\fltlib.dll
2007-02-17 20:04:04 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-17 20:04:04 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-17 20:04:04 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-17 20:04:04 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-17 20:04:04 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-17 20:04:04 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-17 20:04:04 6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-17 20:04:04 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-17 20:04:04 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-17 20:04:03 118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-17 20:04:03 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-17 20:04:03 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-17 20:04:02 48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-17 20:04:02 526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-17 20:04:02 88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-17 20:04:02 312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-17 20:04:02 86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-17 20:04:02 116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-17 20:04:02 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-17 20:04:02 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-17 20:04:01 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-17 20:04:01 44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-17 20:04:01 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-17 20:04:01 8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-17 20:04:01 73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-17 20:04:01 32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-17 20:04:01 188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-17 20:04:01 286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-17 20:04:01 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-17 20:04:01 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-17 20:04:01 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-17 20:04:01 49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-17 20:04:00 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-17 20:04:00 129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-17 20:04:00 108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-17 20:04:00 81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-17 20:04:00 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-17 20:04:00 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-17 20:03:59 32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-17 20:03:57 0 d-------- C:\WINDOWS\peernet
2007-02-17 19:50:40 15872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-17 19:44:53 0 d-------- C:\WINDOWS\EHome
2007-02-17 19:30:16 0 --ah----- C:\Documents and Settings\Administrator.PATRICIA\hpothb07.dat
2007-02-17 19:30:15 524288 --ah----- C:\Documents and Settings\Administrator.PATRICIA\NTUSER.DAT
2007-02-17 18:19:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-17 15:56:53 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-02-17 15:56:53 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-02-17 15:56:52 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-02-17 15:56:40 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-02-17 15:56:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-02-17 15:56:23 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-02-17 15:56:23 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-02-17 15:56:12 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-02-15 22:24:44 0 d--h----- C:\Program Files\Common Files\tjd
2007-02-15 19:51:36 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-15 19:51:36 75264 --a------ C:\WINDOWS\system32\locator.exe
2007-02-15 19:51:36 60416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-02-15 19:51:36 597504 --a------ C:\WINDOWS\system32\crypt32.dll
2007-02-15 19:51:36 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-15 19:51:36 10752 --a------ C:\WINDOWS\hh.exe
2007-02-15 19:51:35 1281536 --a------ C:\WINDOWS\system32\ole32.dll
2007-02-15 19:51:35 53760 --a------ C:\WINDOWS\system32\narrator.exe
2007-02-15 19:51:35 72704 --a------ C:\WINDOWS\system32\magnify.exe
2007-02-15 19:51:34 581120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-02-15 19:51:34 215552 --a------ C:\WINDOWS\system32\osk.exe
2007-02-15 19:51:33 395776 --a------ C:\WINDOWS\system32\rpcss.dll
2007-02-15 19:51:33 143872 --a------ C:\WINDOWS\system32\itircl.dll
2007-02-15 19:51:32 151552 --a------ C:\WINDOWS\system32\shmedia.dll
2007-02-15 19:51:31 248832 --a------ C:\WINDOWS\system32\newdev.dll
2007-02-15 19:51:31 134144 --a------ C:\WINDOWS\system32\itss.dll
2007-02-15 19:51:30 337920 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-02-15 19:51:29 38912 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-02-15 19:51:23 0 d-------- C:\1bf1e78aa822e1e4ab10b82a<1BF1E7~1>
2007-02-14 20:49:40 119808 --a------ C:\WINDOWS\system32\yzf.exe
2007-02-14 20:10:52 119808 --a------ C:\WINDOWS\system32\mhc.exe
2007-02-14 18:42:11 119808 --a------ C:\WINDOWS\system32\gts.exe
2007-02-14 18:14:27 0 d-------- C:\Program Files\Classic PhoneTools<CLASSI~1>
2007-02-14 18:12:28 16128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-02-14 18:11:42 126976 --a------ C:\WINDOWS\autoras.exe
2007-02-14 14:16:07 0 d--h----- C:\Program Files\Common Files\delsim
2007-02-13 22:26:56 119808 -r-hs---- C:\WINDOWS\termsrv.exe
2007-02-12 19:39:46 119808 --a------ C:\WINDOWS\system32\dqj.exe
2007-02-12 18:06:22 0 d-------- C:\Program Files\RegistryFix<REGIST~2>
2007-02-12 14:59:23 0 d-------- C:\Program Files\Lavasoft
2007-02-12 14:59:23 0 d-------- C:\Documents and Settings\Patricia\Application Data\Bamzooki
2007-02-12 14:59:19 0 d-------- C:\Program Files\BAMZOOKi
2007-02-12 14:58:43 0 d-------- C:\Documents and Settings\Patricia\Application Data\MailFrontier<MAILFR~1>
2007-02-03 20:43:33 6684672 --a------ C:\Documents and Settings\Patricia\ntuser.dat
2007-02-03 16:16:17 0 d-------- C:\Documents and Settings\All Users\Application Data\VideoEgg
2007-01-27 23:57:26 0 --a------ C:\WINDOWS\nsreg.dat


-- Find3M Report ----------------------------------------------------------------

2007-02-23 23:10:22 16896 --a------ C:\WINDOWS\system32\tftp.exe
2007-02-23 23:10:22 40448 --a------ C:\WINDOWS\system32\ftp.exe
2007-02-23 23:07:48 0 d-------- C:\Program Files\SearchRelevant<SEARCH~2>
2007-02-23 21:59:27 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000002-80661102}.dat<DVCSTA~2.DAT>
2007-02-23 21:59:27 288 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000002-80661102}.dat<DVCSTA~1.DAT>
2007-02-23 21:50:27 0 d-------- C:\Program Files\Grisoft
2007-02-22 08:33:46 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-19 16:22:54 0 d-------- C:\Program Files\Google
2007-02-19 16:18:35 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-19 16:09:38 0 d-------- C:\Program Files\PromptCast<PROMPT~1>
2007-02-19 15:52:27 0 d-------- C:\Program Files\Yahoo!
2007-02-19 15:51:33 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-19 15:49:48 0 d-------- C:\Program Files\Logitech
2007-02-19 15:47:30 0 d-------- C:\Program Files\Symantec
2007-02-19 12:43:08 16 --a------ C:\WINDOWS\popcinfo.dat
2007-02-19 09:44:52 0 d-------- C:\Documents and Settings\Patricia\Application Data\Skype
2007-02-19 08:42:03 0 d---s---- C:\Documents and Settings\Patricia\Application Data\Microsoft<MICROS~1>
2007-02-17 20:04:22 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-17 20:03:57 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-17 19:59:52 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-17 17:55:42 0 d-------- C:\Program Files\ArcadeRockstar<ARCADE~1>
2007-02-16 15:53:16 0 d-------- C:\Program Files\iTunes
2007-02-16 15:53:02 0 d-------- C:\Program Files\iPod
2007-02-13 20:20:19 0 d-------- C:\Program Files\Microsoft Home Publishing 2000<MICROS~3>
2007-02-13 18:16:32 0 d-------- C:\Program Files\QuickTime<QUICKT~2>
2007-02-13 17:02:27 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-12 18:45:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-12 14:59:26 0 d-------- C:\Program Files\Three Rings Design<THREER~1>
2007-02-12 14:59:25 0 d-------- C:\Program Files\CyberLink DVD Solution<CYBERL~1>
2007-02-12 14:59:24 0 d-------- C:\Program Files\AOL Games<AOLGAM~1>
2007-02-12 14:59:23 0 d-------- C:\Documents and Settings\Patricia\Application Data\Lavasoft
2007-02-11 18:47:44 0 d-------- C:\Program Files\MSN Games<MSNGAM~2>
2007-02-11 12:30:12 512 --a------ C:\ScanSectorLog.dat<SCANSE~1.DAT>
2007-02-09 12:04:17 0 d-------- C:\Program Files\Zylom Games<ZYLOMG~1>
2007-01-04 21:01:47 0 d-------- C:\Documents and Settings\Patricia\Application Data\RootsMagic<ROOTSM~1>
2007-01-03 21:41:19 0 d-------- C:\Program Files\MFInstall<MFINST~1>
2006-12-28 22:32:50 0 d-------- C:\Program Files\Common Files\Skype
2006-12-28 22:32:07 0 d-------- C:\Program Files\Skype
2006-12-26 14:17:48 0 d-------- C:\Program Files\Fire International<FIREIN~1>
2006-12-24 20:47:18 0 d-------- C:\Program Files\Smilebox
2006-12-23 06:26:01 0 d-------- C:\Documents and Settings\Patricia\Application Data\Smilebox


-- Registry Dump ----------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"MS-DOS Security Service"="ms-dos.pif"
"MS Java for Windows XP & NT"="javanet.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"MS-DOS Security Service"="ms-dos.pif"
"MS Java for Windows XP & NT"="javanet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{f04aff5e-362e-11d3-81ab-00c04fb932ba}\\4AA756BB.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView6\\NkvMon.exe "
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\

#4 Hobbers

Hobbers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 February 2007 - 05:45 PM

<=== and this is the remainder of the post

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView6\\NkvMon.exe "
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*Wssocks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wssocks"
"hkey"="HKCU"
"command"="wssocks.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgemc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CapFax"
"hkey"="HKLM"
"command"="C:\\Program Files\\Classic PhoneTools\\CapFax.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="carpserv"
"hkey"="HKLM"
"command"="carpserv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADGJDet"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ms Java for Windows NT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MS32"
"hkey"="HKCU"
"command"="MS32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
"item"="NAV Agent"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromptCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PromptCast"
"hkey"="HKCU"
"command"="C:\\Program Files\\PromptCast\\PromptCast.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSHAVE"
"hkey"="HKLM"
"command"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RepairRegistryPro"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tracert]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bnwkdxlm"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"item"="UpdReg"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="4DMAIN"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\OPTICA~1\\4DMAIN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YaplockTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YaplockTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yaplock\\YaplockTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"*Wssocks"="wssocks.exe"
"MS-DOS Security Service"="ms-dos.pif"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"*Wssocks"="wssocks.exe"
"MS-DOS Security Service"="ms-dos.pif"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"="wssocks.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"="wssocks.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"="wssocks.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"="wssocks.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WINDRIVER

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-02-23 at 23:24:23 -------------------------

ComboScan v20070221.16 run by Patricia on 2007-02-23 at 23:21:30
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 247.48 MiB / 47.66 MiB
Pagefile Memory (total/avail): 2234.65 MiB / 1959.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1995.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 21.78 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
I: is Removable (FAT32)


-- Security Center --------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.942 [VPS 000715-1] v4.7.942 (ALWIL Software) Disabled


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Patricia\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PATRICIA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Patricia
LOGONSERVER=\\PATRICIA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Patricia\LOCALS~1\Temp
TMP=C:\DOCUME~1\Patricia\LOCALS~1\Temp
USERDOMAIN=PATRICIA
USERNAME=Patricia
USERPROFILE=C:\Documents and Settings\Patricia
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Patricia (admin)
GsUNGLUbKvcIUADSAR (admin)
Administrator.PATRICIA (admin)


-- Add/Remove Programs ----------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D-Album --> c:\program files\3D-Album\uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead InCD EasyWrite Reader --> C:\WINDOWS\UNMrw.exe /UNINSTALL
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft Panorama Maker 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0x9 -uninst
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BeClean --> "C:\Program Files\BeClean\unins000.exe"
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bumper Deluxe --> C:\PROGRA~1\FUNKIT~1\BUMPER~1\UNWISE.EXE C:\PROGRA~1\FUNKIT~1\BUMPER~1\INSTALL.LOG
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Delsim Dialer --> C:\Program Files\Common Files\delsim\uninstall.bat
Diner Dash (remove only) --> "C:\Program Files\PlayFirst\Diner Dash\Uninstall.exe"
Diner Dash 2 (remove only) --> "C:\Program Files\PlayFirst\Diner Dash 2\Uninstall.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Etomi (remove only) --> "C:\Program Files\Etomi\bt-uninst.exe"
Feeding Frenzy (remove only) --> "C:\Program Files\iWin.com\Feeding Frenzy\Uninstall.exe"
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 1.99.1 --> C:\DOCUME~1\Patricia\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2100 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2100 series --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2005-09-23 -->
iPod for Windows 2006-01-10 -->
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Jewel Quest (remove only) --> "C:\Program Files\iWin.com\Jewel Quest\Uninstall.exe"
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{466B21EE-2858-4845-B2B3-056FC544DAA3}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Home Publishing 2000 --> MsiExec.exe /I{f04aff5e-362e-11d3-81ab-00c04fb932ba}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MicroStaff WINASPI NT --> C:\MWASPINT\uninst.exe
mIRC --> "C:\WINDOWS\System32\driveres.exe" -uninstall
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
NDS Xploder Gamesaves --> "C:\Program Files\Fire International\DSXploder\uninstall.exe"
Nikon View 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Optical Mousemate V1.0 --> C:\PROGRA~1\OPTICA~1\UNINSTAL.EXE
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegistryFix v6.0 --> "C:\Program Files\RegistryFix\unins000.exe"
SkillJam SecurePlayer --> C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super SpongeBob Collapse! --> C:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG
WebFldrs XP -->
Wild West Wendy (remove only) --> "C:\Program Files\iWin.com\Wild West Wendy\Uninstall.exe"
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Mail Quick Select Tool (PhotoMail) --> C:\PROGRA~1\Yahoo!\Common\unymb.exe
Yaplock --> C:\Program Files\Yaplock\Uninstall.exe

-- End of ComboScan: finished at 2007-02-23 at 23:24:23 -------------------------

--- End of Comboscan Report ---

**************************************
**** AND HERE IS THE RERUN OF HJT ****
**************************************

--- Start of HJT ---
Logfile of HijackThis v1.99.1
Scan saved at 23:26:44, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\termsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://becky60.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/271d1a2d33ac55...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141398597656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151570558328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsan...ploader_v10.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Terminal Server-Services - Unknown owner - C:\WINDOWS\termsrv.exe
O23 - Service: Microsoft Print Spooler (WINDRIVER) - Conexant Systems, Inc. - (no file)

--- End of HJT ---

Many thanks

Hobbe

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 February 2007 - 06:38 PM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Find and delete:
C:\z8p2d9s5v1u3.exe
C:\1bf1e78aa822e1e4ab10b82a
C:\Program Files\SearchRelevant

Copy and paste the following bold blue text below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.
==============================================
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*Wssocks]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"*Wssocks"=-
"MS-DOS Security Service"=-
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"*Wssocks"=-
"MS-DOS Security Service"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"=-
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"*Wssocks"=-

==============================================

Reboot,post a new Hijackthis log into your next reply.
Let me know how your pc is running now.
Posted Image
Posted Image

#6 Hobbers

Hobbers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 February 2007 - 04:58 AM

Hi RichieUK

Those settings in Folder Options were already set as you suggested. Deleted that file and 2 folders.

Made the registry change and rebooted.

I put Sygate 5.6 back on it's looking a lot better. I still see Symantec in the HJT - is that destined to stay ? I did find a Norton Cleaner once that removed all traces of Norton - should I rerun that ? I am now just doing a quick AVG A/S rerun in safe mode for consitency.

Many thanks again RichieUK!

--- Start HJT Log ---
Logfile of HijackThis v1.99.1
Scan saved at 10:52:31, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\termsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://becky60.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/271d1a2d33ac55...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141398597656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151570558328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsan...ploader_v10.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Terminal Server-Services - Unknown owner - C:\WINDOWS\termsrv.exe
O23 - Service: Microsoft Print Spooler (WINDRIVER) - Conexant Systems, Inc. - (no file)

Hobbers

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 February 2007 - 05:55 AM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
SymWMI Service (SymWSC)
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

Have Hijack This fix the following if present, by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
Exit Hijackthis.

Find and delete if present:
C:\Program Files\Common Files\Symantec Shared

******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Revert the following settings back to default:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#8 Hobbers

Hobbers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 February 2007 - 06:58 AM

Hi RichieUK

My AVG A/S still found some infections (and I have not connected this PC back up to the internet yet).

The report is :-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:39:47 24/02/2007

+ Scan result:

C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP18\A0012763.exe -> Backdoor.Lot.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP18\A0012765.exe -> Backdoor.SdBot.bdu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP18\A0012766.exe -> Backdoor.SdBot.bdu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP18\A0012767.exe -> Backdoor.SdBot.bdu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9F4B95E8-98A9-463B-8F87-7A812C663600}\RP18\A0012764.exe -> Trojan.Dialer.fn : Cleaned with backup (quarantined).

::Report end

I have stopped and disabled that Symantec service it no longer appears in HJT - thank you !!!

I am downloading the Java update and will install that. Then I'll create the system store point and rerun AVG AS again from safe mode. Fingers crossed - wish me luck and thanks again !!!!!!!!!!!!!!!!!!!!!!!!!!

Hobbers

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 February 2007 - 07:14 AM

Make sure you do the following before running AVG again:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users