Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Is Going On Here


  • Please log in to reply
33 replies to this topic

#16 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 March 2007 - 07:36 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1041
Exit Hijackthis.

*****************************

Launch IE7.
From the Tools menu,choose Internet Options.
Click on the 'Connections' tab.
Click on the 'LAN Settings' button.
If checked,uncheck the box next to 'Use a proxy server for your LAN'.
Ok your way out,restart your pc.

Then check the following registry entry:
Click on Start/Run,type regedit then press Ok,navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
In the right hand pane,double click on the value 'ProxyEnable'.
In the opening 'Edit DWORD Value' box under 'Value data:',edit that to a 0 [thats a zero].
Click Ok,reboot.
Post a new Hijackthis log into your next reply,let me know if there's any change.
Posted Image
Posted Image

BC AdBot (Login to Remove)

 


#17 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 09:29 AM

Rick, I did everything you said--twice. But both times, after rebooting, the LAN box had somehow rechecked itself and the proxy thing returned.

This thing is pretty persistant. Any idea what it is?

Kat

Logfile of HijackThis v1.99.1
Scan saved at 9:19:40 AM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\interMute\AdSubtract\AdSub.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1040
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171028648023
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#18 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 March 2007 - 10:21 AM

Launch HJThis,click 'Open the Misc Tools Section'.
Click 'Open Uninstall Manager'.
Click on 'Save List',save it to your desktop.
Copy and paste the content of that list into your next reply please.

*****************************

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).

Post the Comboscan.txt from the Comboscan into your next reply.

You may need several replies to post the logs.
Posted Image
Posted Image

#19 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 11:27 AM

UNINSTALL LIST

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe GoLive 6.0
Adobe Photoshop CS
Adobe Reader 7.0
Adobe SVG Viewer 3.0
AdSubtract PRO 3
AIM 6.0
Apple Software Update
avast! Antivirus
AVG Anti-Spyware 7.5
CA eTrust PestPatrol
CVSNT
DeskPins (remove only)
Disk Investigator 1.31
Duplicate Email Remover
EndItAll 2.0
EscapeClose
Folder Marker v 1.3
GTK+ 2.6.7-2 runtime environment
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Image Resizer Powertoy for Windows XP
Inspiration 8
Ipswitch WS_FTP Pro
IrfanView (remove only)
iTunes
Kaspersky Online Scanner
Macromedia Fireworks MX
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.2)
Mozilla Thunderbird (1.5)
MSXML 6.0 Parser (KB927977)
MySQL Query Browser 1.1
PCI Audio Applications
PCI Audio Driver
PDF4Free 2.0
QuickTime
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Spybot - Search & Destroy 1.4
StrokeIt (remove only)
Sunbelt CounterSpy
SUPERAntiSpyware Free Edition
The GIMP 2.2.7
Tweak UI
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB931836)
Viewpoint Media Player
WinCvs 2.0
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger
ZoneAlarm

#20 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 11:28 AM

ComboScan v20070226.18 run by Owner on 2007-03-05 at 11:20:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:21:08 AM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\interMute\AdSubtract\AdSub.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KK3POW6D\comboscan[1].exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1040
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171028648023
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\backups\) ----------------

backup-20070227-142008-421 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1035
backup-20070305-085654-482 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1040
backup-20070305-085654-702 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070305-085654-768 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070305-091107-282 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1045

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R cmpci (C-Media PCI Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\cmaudio.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\system32\drivers\ptserlp.sys
3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys
1R SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
3R SASENUM - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
1R SASKUTIL - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
3R trid3d - C:\WINDOWS\system32\drivers\trid3dm.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3S VIAudio (VIA AC'97 Audio Controller (WDM)) - C:\WINDOWS\system32\drivers\ac97via.sys
0R Vmodem (XP Vmodem) - C:\WINDOWS\system32\drivers\vmodem.sys
0R Vpctcom (XP Vpctcom) - C:\WINDOWS\system32\drivers\vpctcom.sys
2R vsdatant - C:\WINDOWS\system32\vsdatant.sys
0R Vvoice (XP Vvoice) - C:\WINDOWS\system32\drivers\vvoice.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
2S SBCSSvc (Sunbelt CounterSpy Antispyware) - "C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe"
3R usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
2S WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-03-03 20:23:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-02-05 and 2007-03-05 ------------------------------

2007-03-05 09:38:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-03-05 09:38:52 0 d-------- C:\Program Files\Uniblue
2007-03-03 20:33:47 0 d-------- C:\Program Files\iPod
2007-03-03 20:33:34 0 d-------- C:\Program Files\iTunes
2007-03-01 19:20:07 0 d-------- C:\Documents and Settings\Owner\.thumbnails<THUMBN~1>
2007-03-01 18:39:25 0 d-------- C:\Documents and Settings\Owner\.gimp-2.2<GIMP-2~1.2>
2007-02-28 23:34:50 0 d-------- C:\Documents and Settings\Owner\DoctorWeb<DOCTOR~1>
2007-02-28 23:18:56 2164 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-27 12:22:03 0 d-a------ C:\WINDOWS\zts2.exe
2007-02-27 12:22:03 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-02-27 12:22:03 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-02-27 12:22:03 0 d-a------ C:\WINDOWS\rundll16.exe
2007-02-27 12:22:03 0 d-a------ C:\WINDOWS\rundl132.dll
2007-02-27 12:22:03 0 d-a------ C:\WINDOWS\logo1_.exe
2007-02-27 12:20:55 135680 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-02-27 12:20:55 135680 --a------ C:\WINDOWS\system32\T.COM
2007-02-27 12:20:55 146432 --a------ C:\WINDOWS\REGEDIT.COM
2007-02-27 12:20:55 146432 --a------ C:\WINDOWS\R.COM
2007-02-27 11:48:38 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-27 11:48:38 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-27 11:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software<SUNBEL~1>
2007-02-27 11:44:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-26 21:09:26 0 d-------- C:\Program Files\MAPILab Ltd<MAPILA~1>
2007-02-26 21:09:26 0 d-------- C:\Program Files\Common Files\MAPILab Ltd<MAPILA~1>
2007-02-24 00:26:14 0 d-------- C:\WINDOWS\system32\NtmsData
2007-02-21 21:27:26 0 d-------- C:\Program Files\Windows Live Safety Center<WIE5D0~1>
2007-02-21 10:28:44 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-02-21 10:28:43 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-02-21 10:28:43 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-02-21 10:28:41 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-02-21 10:28:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-02-21 10:28:32 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-02-21 10:28:32 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-02-21 10:28:32 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-02-21 10:28:25 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-02-20 22:17:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision<MACROV~1>
2007-02-20 22:17:43 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-20 21:53:29 0 d-------- C:\Program Files\Common Files\Vbox
2007-02-20 07:34:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-19 23:51:43 266360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-02-18 21:21:47 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-02-18 21:21:47 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-02-18 21:21:47 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-02-18 21:21:47 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-02-18 21:21:47 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-02-18 21:21:41 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-02-16 23:02:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-16 23:02:19 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-16 19:12:36 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-15 23:38:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-02-15 23:36:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird<THUNDE~1>
2007-02-15 23:35:54 3485 --a------ C:\WINDOWS\mozver.dat
2007-02-15 23:35:52 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-02-14 20:34:52 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-02-14 20:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-02-14 20:33:00 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-02-14 20:32:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint<VIEWPO~1>
2007-02-14 20:32:56 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-14 20:32:24 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-02-14 20:31:50 0 d-------- C:\Program Files\Common Files\AOL
2007-02-14 20:31:35 0 d-------- C:\Program Files\AIM6
2007-02-14 20:29:35 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-02-13 23:07:28 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-13 15:42:37 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-13 15:42:34 0 d-------- C:\Program Files\Grisoft
2007-02-13 11:22:18 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-13 10:46:36 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-02-13 10:38:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-13 10:38:05 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-02-13 10:38:05 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-12 20:09:33 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-02-12 20:09:25 0 d-------- C:\Program Files\Common Files\Scanner
2007-02-12 20:09:24 0 d-------- C:\Program Files\CA
2007-02-12 19:47:54 335 --a------ C:\WINDOWS\nsreg.dat
2007-02-12 19:47:36 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-12 15:58:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-11 17:48:07 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-02-10 17:57:59 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 10:24:54 24816 --a------ C:\WINDOWS\system32\SBBD.exe
2007-02-09 21:48:29 0 d-------- C:\Program Files\GIMP-2.0
2007-02-09 21:47:43 0 d-------- C:\Program Files\Common Files\GTK
2007-02-09 21:45:03 0 d-------- C:\Documents and Settings\Owner\Contacts
2007-02-09 21:42:27 0 d-------- C:\Program Files\Strokeit
2007-02-09 21:40:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-09 21:40:30 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-09 21:39:21 1143440 --a------ C:\WINDOWS\system32\ASUninstall.exe<ASUNIN~1.EXE>
2007-02-09 21:39:21 172032 --a------ C:\WINDOWS\system32\adsubtb.dll
2007-02-09 21:39:21 0 d-------- C:\Program Files\interMute<INTERM~1>
2007-02-09 21:11:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-09 21:08:58 0 d-------- C:\Program Files\Disk Investigator<DISKIN~1>
2007-02-09 21:04:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech<LEADER~1>
2007-02-09 21:03:45 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-09 10:51:16 0 d-------- C:\Documents and Settings\Owner\Application Data\MySQL
2007-02-09 02:05:38 24816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-02-09 02:04:11 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-09 02:03:48 0 d-------- C:\WINDOWS\SHELLNEW
2007-02-09 02:03:48 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-09 01:56:28 0 dr-h----- C:\MSOCache
2007-02-08 23:03:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-08 22:58:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-02-08 21:37:34 0 d-------- C:\RMP
2007-02-08 21:10:54 0 d-------- C:\Program Files\cvsnt
2007-02-08 21:10:33 0 d-------- C:\Program Files\GNU
2007-02-08 12:58:43 0 d--h----- C:\BJPrinter<BJPRIN~1>
2007-02-08 12:58:42 7680 --a------ C:\WINDOWS\system32\CNMVS71.DLL
2007-02-08 12:58:42 124928 --a------ C:\WINDOWS\system32\CNMLM71.DLL
2007-02-08 12:48:29 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-08 12:31:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-02-08 12:28:58 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-08 00:48:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-02-08 00:48:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-08 00:24:54 0 d-------- C:\Program Files\EndItAll
2007-02-08 00:21:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Inspiration Software<INSPIR~1>
2007-02-08 00:20:40 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-08 00:20:30 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-08 00:20:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-08 00:18:34 0 d-------- C:\WINDOWS\speech
2007-02-08 00:17:32 0 d-------- C:\Program Files\Inspiration 8<INSPIR~1>
2007-02-07 23:54:56 122880 --a------ C:\WINDOWS\system32\pdfmont.dll
2007-02-07 23:54:55 0 d-------- C:\Program Files\PDF4Free
2007-02-07 23:11:32 0 d-------- C:\Program Files\Folder Marker<FOLDER~1>
2007-02-07 23:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-07 23:08:00 0 d-------- C:\Program Files\Yahoo!
2007-02-07 20:22:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Ipswitch
2007-02-07 20:22:04 0 d-------- C:\Program Files\Ipswitch
2007-02-07 19:45:57 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-07 19:45:45 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-07 19:45:10 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-02-07 19:40:09 0 d-------- C:\Program Files\Network Associates<NETWOR~1>
2007-02-07 19:38:13 0 d-------- C:\Program Files\Lavasoft
2007-02-07 19:35:52 39040 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys
2007-02-07 19:35:52 54016 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys
2007-02-07 19:35:52 0 d-------- C:\WINDOWS\Drivers
2007-02-07 19:34:21 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-07 19:34:11 0 d-------- C:\Program Files\Microsoft IntelliType Pro<MICROS~2>
2007-02-07 19:25:45 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-02-07 19:25:45 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-02-07 19:25:42 73728 -----n--- C:\WINDOWS\system\CMedia.dll
2007-02-07 19:25:35 0 d-------- C:\Program Files\PCI Audio Applications<PCIAUD~1>
2007-02-07 19:25:21 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-02-07 19:25:10 0 d-------- C:\Program Files\C-Media
2007-02-07 19:14:56 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-02-07 19:14:56 0 d-------- C:\WINDOWS\system32\Adobe
2007-02-07 19:14:00 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-07 19:14:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-07 19:10:27 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-07 19:08:49 122880 --a------ C:\WINDOWS\UnGins.exe
2007-02-07 19:08:49 0 d-------- C:\Program Files\EscapeClose<ESCAPE~1>
2007-02-07 19:08:21 0 d-------- C:\Program Files\MySQL
2007-02-07 19:07:53 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-02-07 19:06:44 0 d-------- C:\Program Files\DeskPins
2007-02-07 18:52:51 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-02-07 18:52:49 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-02-07 18:52:28 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-07 14:05:53 0 d--hs---- C:\RECYCLER
2007-02-07 13:57:25 0 d-------- C:\WINDOWS\WBEM
2007-02-07 13:56:28 0 d--h---c- C:\WINDOWS\ie7
2007-02-07 13:55:53 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-07 13:55:37 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-07 13:53:19 0 d-------- C:\Program Files\MSBuild
2007-02-07 13:49:25 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-02-07 13:48:40 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-02-07 13:47:52 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-02-07 13:47:30 0 d-------- C:\34f8e090abb16e000edcc997f2<34F8E0~1>
2007-02-07 13:47:06 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-07 13:46:11 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-07 13:46:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-07 13:45:45 0 d-------- C:\WINDOWS\system32\en-us
2007-02-07 13:45:30 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-02-07 13:36:55 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-07 13:29:50 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-02-07 13:29:50 0 dr--s---- C:\WINDOWS\assembly
2007-02-07 13:29:48 0 d-------- C:\WINDOWS\system32\URTTemp
2007-02-07 13:24:21 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-02-07 13:24:21 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-02-07 13:24:21 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-02-07 12:58:42 0 d-------- C:\Program Files\Windows Defender<WINDOW~4>
2007-02-07 12:54:47 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-07 12:54:46 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-07 12:54:45 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-07 12:15:19 0 d--hs---- C:\Documents and Settings\Owner\UserData
2007-02-07 12:14:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-07 12:13:53 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-07 11:57:16 4980736 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-02-07 11:25:24 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-07 11:25:12 0 d-------- C:\WINDOWS\Prefetch
2007-02-07 11:25:10 786432 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-02-07 11:25:02 786432 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-02-07 11:21:20 0 d-------- C:\WINDOWS\system32\xircom
2007-02-07 11:21:20 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-07 11:21:17 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-02-07 11:21:09 0 -rahs---- C:\MSDOS.SYS
2007-02-07 11:21:09 0 -rahs---- C:\IO.SYS
2007-02-07 11:21:09 0 --a------ C:\CONFIG.SYS
2007-02-07 11:21:09 0 -----n--- C:\AUTOEXEC.BAT
2007-02-07 11:20:49 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-07 11:19:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-07 11:19:35 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-07 11:19:35 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-07 11:19:22 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-07 11:19:00 0 d-------- C:\WINDOWS\system32\DirectX
2007-02-07 11:18:38 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-07 11:18:29 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-07 11:18:28 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-07 11:18:25 0 d---s---- C:\WINDOWS\Tasks
2007-02-07 11:18:25 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-07 11:18:24 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-07 11:18:21 0 d-------- C:\WINDOWS\srchasst
2007-02-07 11:18:20 0 d-------- C:\WINDOWS\system32\Macromed
2007-02-07 11:18:18 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-07 11:18:18 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-07 11:18:18 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-07 11:18:17 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-07 11:18:17 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-07 11:18:17 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-07 11:18:17 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-07 11:18:17 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-07 11:18:17 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-07 11:18:17 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-02-07 11:18:16 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-07 11:18:16 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-07 11:18:16 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-02-07 11:18:13 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-07 11:18:10 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-07 11:18:10 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-07 11:18:10 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-07 11:18:09 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-07 11:18:06 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-07 11:18:06 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-07 11:18:06 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-07 11:18:06 0 d-------- C:\WINDOWS\system32\Restore
2007-02-07 11:18:06 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-07 11:18:06 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-07 11:18:06 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-07 11:18:06 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-07 11:18:05 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-07 11:18:05 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-07 11:18:05 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-07 11:18:05 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-07 11:18:05 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-07 11:18:05 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-07 11:18:02 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-07 11:18:02 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-07 11:18:02 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-07 11:18:01 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-07 11:18:00 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-07 11:17:59 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-07 11:17:59 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-07 11:17:59 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-07 11:17:59 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-07 11:17:59 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-07 11:17:59 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-07 11:17:50 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-07 11:17:34 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-02-07 11:16:55 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-07 11:16:49 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-07 11:16:46 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-07 11:16:46 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-07 11:16:37 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-07 11:16:37 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-07 11:16:37 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-07 11:16:37 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-07 11:16:37 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-07 11:16:36 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-07 11:16:31 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-07 11:16:31 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-07 11:16:31 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-07 11:16:30 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-07 11:16:30 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-07 11:16:30 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-07 11:16:30 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-07 11:16:30 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-07 11:16:29 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-07 11:16:29 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-07 11:16:29 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-07 11:16:29 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-07 11:16:29 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-07 11:16:29 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-07 11:16:29 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-07 11:16:29 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-07 11:16:29 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-07 11:16:29 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-07 11:16:29 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-07 11:16:29 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-07 11:16:29 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-07 11:16:29 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-07 11:16:28 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-07 11:16:28 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-07 11:16:28 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-07 11:16:28 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-07 11:16:28 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-07 11:16:28 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-07 11:16:27 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-07 11:16:27 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-07 11:16:11 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-07 11:16:11 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-07 11:16:11 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-07 11:16:10 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-07 11:16:10 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-07 11:16:10 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-07 11:16:10 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-07 11:16:10 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-07 11:16:09 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-07 11:16:09 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-07 11:16:09 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-07 11:16:09 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-07 11:16:09 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-07 11:16:09 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-07 11:16:09 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-07 11:16:09 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-07 11:16:09 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-07 11:16:09 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-07 11:16:08 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-07 11:16:08 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-07 11:16:08 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-07 11:16:08 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-07 11:16:08 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-07 11:16:08 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-07 11:16:08 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-07 11:16:08 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-07 11:16:08 0 d-------- C:\WINDOWS\system32\MsDtc
2007-02-07 11:16:08 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-07 11:16:08 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-07 11:16:07 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-07 11:16:07 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-07 11:16:07 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-07 11:16:07 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-07 11:16:07 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-07 11:16:07 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-07 11:16:06 0 d-------- C:\WINDOWS\system32\Com
2007-02-07 11:16:06 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-07 11:16:06 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-07 11:16:06 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-07 11:16:06 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-07 11:16:06 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-07 11:16:05 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-07 11:16:05 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-07 11:16:05 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-07 11:16:01 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-07 11:16:00 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-07 11:16:00 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-07 11:16:00 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-07 11:15:58 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-07 11:15:57 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-07 06:06:39 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-07 06:06:37 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-07 06:06:31 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-07 06:06:29 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-07 06:06:27 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-02-07 06:06:24 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-02-07 06:06:23 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-07 06:06:21 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-07 06:06:20 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-07 06:06:18 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-07 06:06:16 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-02-07 06:06:12 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-07 06:05:56 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-02-07 06:05:35 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-07 06:05:28 222336 --a------ C:\WINDOWS\system32\drivers\trid3dm.sys
2007-02-07 06:05:23 315520 --a------ C:\WINDOWS\system32\trid3d.dll
2007-02-07 06:04:44 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-02-07 06:04:37 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-07 06:04:34 84480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2007-02-07 06:04:33 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-07 06:04:33 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-07 06:04:33 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-07 06:04:30 42240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-02-07 06:04:29 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat
2007-02-07 06:04:27 64605 --a------ C:\WINDOWS\system32\drivers\vvoice.sys
2007-02-07 06:04:26 397502 --a------ C:\WINDOWS\system32\drivers\vpctcom.sys
2007-02-07 06:04:25 456 --a------ C:\WINDOWS\system32\pthsp.dat
2007-02-07 06:04:25 604253 --a------ C:\WINDOWS\system32\drivers\vmodem.sys
2007-02-07 06:04:25 112574 --a------ C:\WINDOWS\system32\drivers\ptserlp.sys
2007-02-07 06:04:21 86016 --a------ C:\WINDOWS\system32\pctspk.exe
2007-02-07 06:03:15 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-02-07 06:03:14 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-07 06:03:11 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-07 06:03:10 0 d-------- C:\Program Files<PROGRA~1>
2007-02-07 06:03:07 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-07 06:03:07 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-07 06:03:07 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-07 06:03:06 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-07 06:03:06 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-07 06:03:04 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-07 06:03:04 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-07 06:03:04 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-07 06:03:04 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-07 06:03:04 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-07 06:03:04 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-07 06:03:04 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-07 06:03:03 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-07 06:03:03 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-07 06:03:03 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-07 06:03:03 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-07 06:03:03 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-07 06:03:01 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-07 06:03:01 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-07 06:03:01 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-07 06:03:01 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-07 06:03:01 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-07 06:02:58 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-07 06:02:58 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-07 06:02:58 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-07 06:02:58 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-07 06:02:58 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-07 06:02:58 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-07 06:02:58 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-07 06:02:57 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-07 06:02:57 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-07 06:02:57 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-07 06:02:57 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-07 06:02:57 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-07 06:02:57 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-07 06:02:57 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-07 06:02:57 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-07 06:02:56 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-07 06:02:56 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-07 06:02:56 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-07 06:02:56 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-02-07 06:02:56 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-02-07 06:02:55 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-07 06:02:46 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-07 06:02:33 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-02-07 06:02:33 0 d-------- C:\WINDOWS\system32\CatRoot
2007-02-07 06:02:08 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-07 06:02:08 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-02-07 05:54:07 0 d-------- C:\WINDOWS
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\WinSxS
2007-02-07 05:54:07 0 dr------- C:\WINDOWS\Web
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\twain_32
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\wins
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\wbem
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\usmt
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\spool
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\ShellExt
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\Setup
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\ras
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\oobe
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\npp
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\mui
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\inetsrv
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\IME
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\icsxml
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\ias
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\export
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\drivers
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-02-07 05:54:07 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\dhcp
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\config
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\3076
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\2052
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1054
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1042
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1041
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1037
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1033
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1031
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1028
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system32\1025
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\system
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\security
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\repair
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\PeerNet
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\pchealth
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\mui
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\msapps
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\msagent
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Media
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\java
2007-02-07 05:54:07 0 d--h----- C:\WINDOWS\inf
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\ime
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Help
2007-02-07 05:54:07 0 dr--s---- C:\WINDOWS\Fonts
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Debug
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Cursors
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\Config
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\AppPatch
2007-02-07 05:54:07 0 d-------- C:\WINDOWS\addins


-- Find3M Report ----------------------------------------------------------------

2007-02-24 00:55:50 0 d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft<MICROS~1>
2007-02-20 21:54:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia<MACROM~1>
2007-02-20 21:53:27 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-02-20 21:53:22 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-02-14 20:30:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-02-07 11:57:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities<IDENTI~1>
2007-02-07 06:02:46 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2007-01-29 03:58

#21 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 March 2007 - 11:57 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text:

Folders to delete:
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Viewpoint

Files to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\TASKMGR.COM
C:\WINDOWS\REGEDIT.COM


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
Posted Image
Posted Image

#22 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 01:11 PM

I did as you said, but there is no textfile to show for it.

Kat

Edited by wannabeanerd, 05 March 2007 - 01:11 PM.


#23 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 March 2007 - 01:16 PM

Download Killbox by Option^Explicit:
http://www.killbox.net/downloads/KillBox.exe
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\TASKMGR.COM
C:\WINDOWS\REGEDIT.COM


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.


After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.
Let me know how your pc is running now please.

Edited by RichieUK, 05 March 2007 - 01:18 PM.

Posted Image
Posted Image

#24 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 05:03 PM

The computer is running about the same as it was before.


Pocket Killbox version 2.0.0.881
Running on Windows XP as Owner(Administrator)
was started @ Monday, March 05, 2007, 4:51 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\zts2.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\vcmgcd32.dll


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\iifgfgf.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\rundll16.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\rundl132.dll


# 6 [Delete on Reboot]
Path = C:\WINDOWS\logo1_.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\TASKMGR.COM


# 8 [Delete on Reboot]
Path = C:\WINDOWS\REGEDIT.COM


I Rebooted @ 4:54:14 PM
Killbox Closed(Exit) @ 4:54:17 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Owner(Administrator)
was started @ Monday, March 05, 2007, 4:57 PM

#25 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 05:10 PM

Although you didn't ask for this, below is a HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:06:14 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\interMute\AdSubtract\AdSub.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1041
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171028648023
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



I also checked my IE options, and found that the LAN settings have reverted to a proxy setup.

#26 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 March 2007 - 05:47 PM

Delete these files using Killbox please:

C:\WINDOWS\system32\3076
C:\WINDOWS\system32\2052
C:\WINDOWS\system32\1054
C:\WINDOWS\system32\1042
C:\WINDOWS\system32\1041
C:\WINDOWS\system32\1037
C:\WINDOWS\system32\1033
C:\WINDOWS\system32\1031
C:\WINDOWS\system32\1028
C:\WINDOWS\system32\1025


Post back if anythings changed
Posted Image
Posted Image

#27 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 March 2007 - 06:05 PM

Ok,lets try this.

Go to Control Panel/Add or Remove Programs and remove/uninstall IE7 and Firefox,then reboot.
You'll then be using only IE6,if that's made no difference at all,try this.

Disconnect from the internet.
Click on Start/Run,type msconfig then press Ok.
Under the Startup tab uncheck everything but Avast.
Reboot when prompted,reconnect to the internet.
Let me know what's happening now please.

Edited by RichieUK, 05 March 2007 - 06:05 PM.

Posted Image
Posted Image

#28 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 07:19 PM

Pocket Killbox version 2.0.0.881
Running on Windows XP as Owner(Administrator)
was started @ Monday, March 05, 2007, 5:58 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\3076


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\2052


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\1054


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\1042


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\1041


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\1037


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\1033


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\1031


# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\1028


# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\1025


I Rebooted @ 5:58:34 PM
Killbox Closed(Exit) @ 5:58:41 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Owner(Administrator)
was started @ Monday, March 05, 2007, 7:17 PM

#29 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 PM

Posted 05 March 2007 - 07:24 PM

I don't have IE 6.0 installed. These problems cropped up shortly after my machine was reformatted (I had to take it into a shop for a new case, and have some partition issues fixed). So you can't find IE 7.0 on here.

Kat

#30 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 March 2007 - 04:39 AM

These problems cropped up shortly after my machine was reformatted (I had to take it into a shop for a new case, and have some partition issues fixed)

.
Why did'nt you mention this earlier.

********************************

Go to Control Panel/Add or Remove Programs and remove/uninstall IE7 and Firefox,then reboot.
You'll then be using only IE6,if that's made no difference at all,try this.

Disconnect from the internet.
Click on Start/Run,type msconfig then press Ok.
Under the Startup tab uncheck everything but Avast.
Reboot when prompted,reconnect to the internet.
Let me know what's happening now please.


Go to Control Panel/Add or Remove Programs.
Place a check in the box 'Show updates' at the top of the Add\Remove list,you should then see the IE7 uninstaller.
Uninstall IE7 and Firefox,then reboot.
You'll now automatically have IE6 as your default web browser,which has been in your OS since it was upgraded to IE7.

If you still cannot see the IE7 uninstaller,follow these steps please:
You cannot uninstall Windows Internet Explorer 7 Beta 2:
http://support.microsoft.com/kb/923721

Let me know whats happening now please.

Edited by RichieUK, 06 March 2007 - 04:39 AM.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users