Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Remove Url.cpvfeed.com Popups


  • This topic is locked This topic is locked
13 replies to this topic

#1 jai55

jai55

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 22 April 2007 - 08:47 AM

hi,
ive been having these popups for nearly a week now. tried countless virus and spyware scans but no joy.
any help would be greatly appriciated.
many thanks :thumbsup:

BC AdBot (Login to Remove)

 


#2 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 22 April 2007 - 09:08 AM

sorry forgot to add my logfile.

Logfile of HijackThis v1.99.1
Scan saved at 15:04:39, on 22/04/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EF3A5E8A-EC1E-4086-BEFE-38DF7B9857B5} - C:\Program Files\Movie Maker\mexobanib.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\Windows\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


there you go any help would be great.

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 AM

Posted 23 April 2007 - 07:18 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 25 April 2007 - 01:16 PM

hey sam cheers for the help.
i cant run combofix.
it says i have an incompatable OS (vista).
:thumbsup:
is there a way to make it work or any othe programs?
:flowers:

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 AM

Posted 25 April 2007 - 02:28 PM

Aahh! My fault. :thumbsup:
I'm still getting used to seeing Vista more and more.

Here's another tool that should get us a similar log and it will work with Vista.

Please download Deckard's System Scanner (DSS)

1. Download Deckard's System Scanner (DSS) to your Desktop (or other convenient location).
2. Close any open applications and windows.
3. Double-click on dss.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - main.txt
5. Copy the text from that log and paste it into your post.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet. Please allow it permission to do so.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 25 April 2007 - 02:38 PM

Deckard's System Scanner v20070423.42
Run by Jai on 2007-04-25 at 20:27:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
13: 2007-04-25 08:29:09 UTC - RP87 - Windows Update
12: 2007-04-23 17:33:20 UTC - RP86 - Removed Ad-Aware SE Personal
11: 2007-04-22 11:46:02 UTC - RP85 - Scheduled Checkpoint
10: 2007-04-21 12:03:05 UTC - RP84 - Scheduled Checkpoint
9: 2007-04-20 13:06:36 UTC - RP83 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-04-12 10:16:52 UTC - RP75 - Scheduled Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jai.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:33:05, on 25/04/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Jai\Downloads\dss.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HIJACK~1\Jai.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EF3A5E8A-EC1E-4086-BEFE-38DF7B9857B5} - C:\Program Files\Movie Maker\mexobanib.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\Windows\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 IDSvix86 (Symantec Intrusion Prevention Driver) - \??\c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070419.001\idsvix86.sys
R1 SRTSP - c:\windows\system32\drivers\srtsp.sys <Verified; Symantec Corporation; AutoProtect; 10.1; 10.1.4.1>
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys <Verified; Symantec Corporation; AutoProtect; 10.1; 10.1.4.1>
R2 nmsgopro (GoProto Protocol Driver for NMS) - c:\windows\system32\drivers\nmsgopro.sys <Verified; Gteko Ltd.; Gteko Diagnostics Network Module; 2, 2, 0, 28; 2, 2, 0, 28>
R2 nmsunidr (UniDriver for NMS) - c:\windows\system32\drivers\nmsunidr.sys <Verified; Gteko Ltd.; Gteko Diagnostics; 1, 0, 0, 9; 1, 0, 0, 9>
R2 pnarp (Network Magic Device Discovery Driver) - c:\windows\system32\drivers\pnarp.sys <Verified; Pure Networks, Inc.; Network Magic; 4.1.7039.0; 4.1.7039.0>
R3 atikmdag - c:\windows\system32\drivers\atikmdag.sys <Verified; ATI Technologies Inc.; ATI Radeon Family; 7.01.01.613; 7.01.01.613>
R3 CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - c:\windows\system32\drivers\camdrl.sys <Verified; Logitech Inc.; Logitech QuickCam; 10.5.1.2023; 10.5.1.2023>
R3 hcwPP2 (Hauppauge WinTV PVR PCI II ([23|25|26]xxx)) - c:\windows\system32\drivers\hcwpp2.sys <Verified; Hauppauge Computer Works, Inc.; WinTV; 2.0.43.25005; 2.0.43.25005>
R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\stwrt.sys <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 6.10.5343.1 nd544 cp1 built by: WinDDK>
R3 SYMNDISV - c:\windows\system32\drivers\symndisv.sys <Verified; Symantec Corporation; Symantec Security Drivers; 7.2; 7.2.0.14>

S1 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1016; 5.0.2.1016>
S1 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1025; 5.0.2.1025>
S1 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1018; 5.0.2.1018>
S1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1017; 5.0.2.1017>
S2 TimerStop - \??\c:\windows\system32\timerstop.sys
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\c:\windows\system32\drivers\bvrpmpr5.sys
S3 IntelDH (IntelDH Driver) - c:\windows\system32\drivers\inteldh.sys <Verified; Intel Corporation; Intel® software driver for Intel® Viiv™ technology; 1. 6. 0. 307; 1. 6. 0. 307>
S3 R300 - c:\windows\system32\drivers\atikmdag.sys <Verified; ATI Technologies Inc.; ATI Radeon Family; 7.01.01.613; 7.01.01.613>
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Verified; Symantec Corporation; AutoProtect; 10.1; 10.1.4.1>
S3 TSHWMDTCP - \??\c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AlertService (Intel® Alert Service) - "c:\program files\intel\inteldh\ccu\alertservice.exe" <Verified; Intel® Corporation; Intel® Viiv™ Software; 1.6.414.0; 1.6.414.0>
R2 Ati External Event Utility - c:\windows\system32\ati2evxx.exe <Verified; ATI Technologies Inc.; ATI External Event Utility for Windows; 6.14.10.4162; 6.14.10.4162>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application; 1, 0, 0, 8; 1, 0, 0, 8>
R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon <Verified; Symantec Corporation; Symantec Security Technologies; 106.2.0.21; 106.2.0.21>
R2 nmservice (Pure Networks Network Magic Service) - "c:\program files\pure networks\network magic\nmsrvc.exe" <Verified; Pure Networks, Inc.; Network Magic; 4.0.6277.0; 4.0.6277.0>
R2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe <Verified; PC Tools; ; 5.0; 5.0.0.19>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1>

S2 Client IP-IPX - "c:\windows\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
S2 ISSM (Intel® Software Services Manager) - "c:\program files\intel\inteldh\intel media server\media server\bin\issm.exe" <Verified; Intel® Corporation; Intel® Viiv™ Software; 1.6.368.0; 1.6.368.0>
S2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll" <Verified; Symantec Corporation; LiveUpdate Notice; 1.2; 1.2.0.18>
S2 M1 Server (Intel® Viiv™ Media Server) - c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe
S2 MCLServiceATL (Intel® Application Tracker) - "c:\program files\intel\inteldh\intel media server\shells\mclserviceatl.exe" <Verified; Intel® Corporation; Intel® Viiv™ Software; 1.6.412.0; 1.6.412.0>
S2 Remote UI Service (Intel® Remoting Service) - "c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe" <Verified; Intel® Corporation; Intel® Viiv™ Software; 1.6.412.0; 1.6.412.0>
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service; 2.0.54; 2.0.54>
S3 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe <Verified; PC Tools; ; 5.0; 5.0.0.56>


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-23 18:34:01 0 d-------- C:\Windows\system32\appmgmt
2007-04-22 15:04:05 0 d-------- C:\hijackthis
2007-04-22 14:52:45 0 d-------- C:\HJT
2007-04-22 14:19:44 0 d-------- C:\kav
2007-04-22 13:31:32 0 d-------- C:\Windows\system32\Kaspersky Lab <KASPER~1>
2007-04-22 13:21:00 0 d-------- C:\Windows\BDOSCAN8
2007-04-21 14:45:05 22112 -ra------ C:\Windows\system32\drivers\COH_Mon.sys <Verified; Symantec Corporation; Confidence Online Utility Driver; 6,1,1,4; 6,1,1,4>
2007-04-17 18:19:38 0 d-------- C:\Windows\Sun
2007-04-17 17:13:06 0 d-------- C:\Program Files\Common Files\{6C7A5D76-084F-2057-0323-07060606002c}
2007-04-17 16:58:27 26064 --a------ C:\Windows\system32\drivers\kcom.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1006; 5.0.2.1006>
2007-04-17 16:58:27 83536 --a------ C:\Windows\system32\drivers\iksyssec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1017; 5.0.2.1017>
2007-04-17 16:58:27 59984 --a------ C:\Windows\system32\drivers\iksysflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1018; 5.0.2.1018>
2007-04-17 16:58:27 52304 --a------ C:\Windows\system32\drivers\ikfilesec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1025; 5.0.2.1025>
2007-04-17 16:58:27 39248 --a------ C:\Windows\system32\drivers\ikfileflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1016; 5.0.2.1016>
2007-04-17 16:58:18 0 d-------- C:\Program Files\Spyware Doctor
2007-04-17 16:58:11 626688 --a------ C:\Windows\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® 2005; 8.00.50727.42; 8.00.50727.42>
2007-04-16 20:08:18 0 d-------- C:\Program Files\Lavasoft
2007-04-15 13:08:20 0 d-------- C:\Program Files\Common Files\{6C7A5D76-0850-2057-0323-07060606002c}
2007-04-14 21:27:18 0 d-------- C:\Users\Harry\.limewire
2007-04-12 11:53:04 0 d-------- C:\Program Files\Common Files\{3C7A5D76-084F-2057-0323-07060606002c}
2007-04-12 11:52:55 72320 --a------ C:\Windows\system32\drivers\core.sys
2007-04-12 11:52:52 105434 --a------ C:\Windows\VTTC.exe
2007-04-12 11:52:48 8464 --a------ C:\Windows\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System; 5.00.2095.1; 5.00.2095.1>
2007-04-12 11:52:46 0 d-------- C:\Windows\system32\micro1
2007-04-12 11:52:39 0 d-------- C:\Windows\system32\bund1
2007-04-10 16:47:31 90112 --a------ C:\Windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1>
2007-04-10 16:47:30 1458176 --a------ C:\Windows\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1>
2007-04-10 16:47:30 303104 --a------ C:\Windows\sttray.exe <Not Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1>
2007-04-10 16:47:12 0 d-------- C:\Program Files\SigmaTel
2007-04-09 21:31:55 0 d-------- C:\Users\All Users\Adobe Systems
2007-04-09 21:08:32 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-09 21:01:45 0 d-------- C:\Users\All Users\Adobe
2007-04-09 21:01:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-09 19:26:04 0 d-------- C:\Users\Jai\Shared
2007-04-09 19:26:02 0 d-------- C:\Users\Jai\Incomplete
2007-04-09 19:25:30 0 d-------- C:\Program Files\LimeWire
2007-04-09 19:15:10 0 d-------- C:\Users\Jai\.limewire
2007-04-07 18:13:01 2692608 --a------ C:\Windows\system32\atiumdva.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver; 7.14.10.0144; 7.14.10.0144>
2007-04-07 18:13:01 2762752 --a------ C:\Windows\system32\atiumdag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 7.14.10.0487; 7.14.10.0487>
2007-04-07 18:13:00 3107788 --a------ C:\Windows\system32\atiumdva.dat
2007-04-06 23:28:09 3584 --a------ C:\Windows\system32\timerstop.sys <TIMERS~1.SYS>
2007-04-06 17:29:36 0 d-------- C:\Program Files\Common Files\Java
2007-04-06 17:29:33 0 d-------- C:\Program Files\Java
2007-04-06 09:44:20 0 d-------- C:\Program Files\Google
2007-04-06 09:44:02 116472 -----n--- C:\Windows\system32\pxcpyi64.exe <Verified; Sonic Solutions; ; ; 1.00.39a>
2007-04-06 09:44:01 118520 -----n--- C:\Windows\system32\pxinsi64.exe <Verified; Sonic Solutions; ; ; 3.00.43J>
2007-04-06 09:44:00 129784 -----n--- C:\Windows\system32\pxafs.dll <Verified; Sonic Solutions; PxAFS Dynamic Link Library; 1, 0, 0, 0; 3.4.46.500>
2007-04-06 09:43:17 0 d-------- C:\Program Files\DivX
2007-04-06 09:39:31 0 d-------- C:\Program Files\VideoLAN
2007-04-06 00:28:04 0 d-------- C:\Users\All Users\Azureus
2007-04-06 00:26:47 0 d-------- C:\Program Files\Azureus
2007-03-29 17:11:44 0 d-------- C:\Users\All Users\Logishrd
2007-03-29 17:11:40 0 d-------- C:\Users\All Users\Logitech
2007-03-29 16:58:08 0 d-------- C:\Users\All Users\WEBREG
2007-03-29 16:53:43 0 d-------- C:\Users\All Users\HPSSUPPLY
2007-03-29 16:51:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-03-29 16:50:59 0 d-------- C:\Program Files\Hewlett-Packard
2007-03-29 16:50:40 0 d-------- C:\Program Files\Common Files\HP
2007-03-29 16:45:13 0 d-------- C:\Program Files\HP
2007-03-29 16:43:10 148946 --a------ C:\Windows\hpoins19.dat
2007-03-29 16:41:15 0 d-------- C:\Users\All Users\HP
2007-03-29 16:41:08 258048 --a------ C:\Windows\system32\hpzids01.dll <Not Verified; Hewlett-Packard; HP Installer; 8,5,0,60; 8,5,0,60>
2007-03-29 16:41:08 675840 --a------ C:\Windows\system32\hpowiav1.dll <Not Verified; Hewlett-Packard; hpowiav1.dll; 8.1.0.52; 8.1.0.52>
2007-03-29 16:41:08 303104 --a------ C:\Windows\system32\hpovst01.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series; 082.000.175.000; 82.0.175.000>
2007-03-29 16:41:07 897024 --a------ C:\Windows\system32\hpotiop1.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series; 082.000.175.000; 82.0.175.000>
2007-03-29 16:41:02 26952 --a------ C:\Windows\hpomdl19.dat
2007-03-29 16:30:58 0 d-------- C:\Program Files\iPod
2007-03-29 16:30:49 0 d-------- C:\Program Files\iTunes
2007-03-29 16:29:50 0 d-------- C:\Program Files\QuickTime
2007-03-29 16:29:35 0 d-------- C:\Program Files\Apple Software Update
2007-03-29 16:29:26 0 d-------- C:\Users\All Users\Apple Computer
2007-03-29 16:08:12 0 d-------- C:\Program Files\BitLocker
2007-03-29 15:37:33 0 d-------- C:\Program Files\Microsoft Works
2007-03-29 15:36:30 0 d-------- C:\Program Files\Microsoft.NET
2007-03-29 15:33:20 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-03-29 15:30:05 0 d-------- C:\Users\All Users\Microsoft Help
2007-03-29 15:29:32 0 dr-h----- C:\MSOCache
2007-03-29 15:25:22 0 d-------- C:\Users\Jai\Office
2007-03-29 15:07:37 0 d-------- C:\Program Files\ATI
2007-03-29 15:07:18 0 d-------- C:\Program Files\ATI Technologies
2007-03-28 22:32:11 0 d-------- C:\Program Files\DAEMON Tools
2007-03-28 22:26:01 0 d-------- C:\ATI
2007-03-28 22:16:01 646392 --a------ C:\Windows\system32\drivers\sptd.sys
2007-03-28 15:55:00 0 d-------- C:\Program Files\Logitech
2007-03-28 15:52:11 0 d-------- C:\Program Files\Common Files\logishrd
2007-03-27 18:09:35 0 dr------- C:\Users\Harry\Searches
2007-03-27 18:09:29 0 dr------- C:\Users\Harry\Contacts
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Videos
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\Templates
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\Start Menu
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\SendTo
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Saved Games
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\Recent
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\PrintHood
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Pictures
2007-03-27 18:09:20 1048576 --ahs---- C:\Users\Harry\NTUSER.DAT
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\NetHood
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\My Documents
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Music
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\Local Settings
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Links
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Favorites
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Downloads
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Documents
2007-03-27 18:09:20 0 dr------- C:\Users\Harry\Desktop
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\Cookies
2007-03-27 18:09:20 0 d--hs---- C:\Users\Harry\Application Data
2007-03-27 18:09:20 0 d--h----- C:\Users\Harry\AppData
2007-03-27 15:57:12 0 dr------- C:\Users\George\Searches
2007-03-27 15:56:58 0 dr------- C:\Users\George\Contacts
2007-03-27 15:56:49 0 dr------- C:\Users\George\Videos
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\Templates
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\Start Menu
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\SendTo
2007-03-27 15:56:49 0 dr------- C:\Users\George\Saved Games
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\Recent
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\PrintHood
2007-03-27 15:56:49 0 dr------- C:\Users\George\Pictures
2007-03-27 15:56:49 1048576 --ahs---- C:\Users\George\NTUSER.DAT
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\NetHood
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\My Documents
2007-03-27 15:56:49 0 dr------- C:\Users\George\Music
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\Local Settings
2007-03-27 15:56:49 0 dr------- C:\Users\George\Links
2007-03-27 15:56:49 0 dr------- C:\Users\George\Favorites
2007-03-27 15:56:49 0 dr------- C:\Users\George\Downloads
2007-03-27 15:56:49 0 dr------- C:\Users\George\Documents
2007-03-27 15:56:49 0 dr------- C:\Users\George\Desktop
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\Cookies
2007-03-27 15:56:49 0 d--hs---- C:\Users\George\Application Data
2007-03-27 15:56:49 0 d--h----- C:\Users\George\AppData
2007-03-27 10:39:42 0 dr------- C:\Users\Mary-Ann\Searches
2007-03-27 10:39:37 0 dr------- C:\Users\Mary-Ann\Contacts
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Videos
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\Templates
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\Start Menu
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\SendTo
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Saved Games
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\Recent
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\PrintHood
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Pictures
2007-03-27 10:39:29 1048576 --ahs---- C:\Users\Mary-Ann\NTUSER.DAT
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\NetHood
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\My Documents
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Music
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\Local Settings
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Links
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Favorites
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Downloads
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Documents
2007-03-27 10:39:29 0 dr------- C:\Users\Mary-Ann\Desktop
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\Cookies
2007-03-27 10:39:29 0 d--hs---- C:\Users\Mary-Ann\Application Data
2007-03-27 10:39:29 0 d--h----- C:\Users\Mary-Ann\AppData
2007-03-27 10:05:32 0 dr------- C:\Users\Trevor\Searches
2007-03-27 10:05:13 0 dr------- C:\Users\Trevor\Contacts
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\Templates
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\Start Menu
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\SendTo
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\Recent
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\PrintHood
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\NetHood
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\My Documents
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\Local Settings
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\Cookies
2007-03-27 10:04:38 0 d--hs---- C:\Users\Trevor\Application Data
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Videos
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Saved Games
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Pictures
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Music
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Links
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Favorites
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Downloads
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Documents
2007-03-27 10:04:35 0 dr------- C:\Users\Trevor\Desktop
2007-03-27 10:04:35 0 d--h----- C:\Users\Trevor\AppData
2007-03-27 10:04:34 786432 --ahs---- C:\Users\Trevor\NTUSER.DAT
2007-03-27 08:55:57 524288 --a------ C:\Windows\system32\DivXsm.exe <Not Verified; DivX Inc.; DivX Inc. divxsm; 6, 5, 1, 0; 6, 5, 1, 0>
2007-03-27 08:55:48 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-03-27 08:55:23 200704 --a------ C:\Windows\system32\ssldivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit; 0.9.8b; 0.9.8b>
2007-03-27 08:55:23 1044480 --a------ C:\Windows\system32\libdivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit; 0.9.8b; 0.9.8b>
2007-03-27 08:49:07 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100; 1, 2, 0, 12; 1, 2, 0, 12>
2007-03-27 08:49:07 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100; 1, 2, 0, 12; 1, 2, 0, 12>
2007-03-27 08:49:05 53248 --a------ C:\Windows\system32\dpuGUI10.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI10; 1, 1, 1, 3; 1, 1, 1, 3>
2007-03-27 08:49:03 593920 --a------ C:\Windows\system32\dpuGUI11.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI11; 1, 1, 1, 3; 1, 1, 1, 3>
2007-03-27 08:49:02 57344 --a------ C:\Windows\system32\dpv11.dll <Not Verified; DivXNetworks; DivXNetworks dpv11; 1, 1, 1, 3; 1, 1, 1, 3>
2007-03-27 08:49:02 344064 --a------ C:\Windows\system32\dpus11.dll <Not Verified; DivXNetworks; DivXNetworks dpus11; 1, 1, 1, 3; 1, 1, 1, 3>
2007-03-27 08:49:02 294912 --a------ C:\Windows\system32\dpu11.dll <Not Verified; DivXNetworks; DivXNetworks dpu11; 1, 1, 1, 3; 1, 1, 1, 3>
2007-03-27 08:49:02 294912 --a------ C:\Windows\system32\dpu10.dll <Not Verified; DivXNetworks; DivXNetworks dpu11; 1, 1, 1, 3; 1, 1, 1, 3>
2007-03-27 08:48:59 823296 --a------ C:\Windows\system32\divx_xx07.dll <DIVX_X~2.DLL> <Not Verified; DivX, Inc.; DivX®; 6.5.0.53; 6.5.0.53>
2007-03-27 08:48:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <DIVX_X~3.DLL> <Not Verified; DivX, Inc.; DivX?; 6.5.0.53; 6.5.0.53>
2007-03-27 08:48:58 823296 --a------ C:\Windows\system32\divx_xx0c.dll <DIVX_X~1.DLL> <Not Verified; DivX, Inc.; DivX®; 6.5.0.53; 6.5.0.53>
2007-03-27 08:48:58 639066 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®; 6.5.0.53; 6.5.0.53>
2007-03-27 01:28:56 0 d-------- C:\Windows\Panther
2007-03-27 01:28:49 438840 -rahs---- C:\bootmgr
2007-03-27 01:28:49 0 d--hs---- C:\Boot
2007-03-26 20:47:55 0 d-------- C:\Program Files\MSXML 4.0
2007-03-26 20:47:32 0 d-------- C:\b467f6a9c60ea8c644384a4088
2007-03-26 20:03:56 0 d-------- C:\Windows\PCHEALTH
2007-03-26 20:03:56 0 d-------- C:\Program Files\MSN Messenger
2007-03-26 19:58:18 44224 --a------ C:\Windows\system32\drivers\BVRPMPR5.SYS <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows; 1.00.00.01; 1.00.00.01>
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\Templates
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\Start Menu
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\SendTo
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\Recent
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\PrintHood
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\NetHood
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\My Documents
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\Local Settings
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\Cookies
2007-03-26 19:37:09 0 d--hs---- C:\Users\IUSR_NMPR\Application Data
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Videos
2007-03-26 19:37:08 0 d-------- C:\Users\IUSR_NMPR\Saved Games
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Pictures
2007-03-26 19:37:08 262144 --ahs---- C:\Users\IUSR_NMPR\NTUSER.DAT
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Music
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Links
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Favorites
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Downloads
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Documents
2007-03-26 19:37:08 0 dr------- C:\Users\IUSR_NMPR\Desktop
2007-03-26 19:37:08 0 d--h----- C:\Users\IUSR_NMPR\AppData
2007-03-26 19:36:20 0 d-ah----- C:\Users\All Users\GTek
2007-03-26 19:34:56 0 d-------- C:\Users\All Users\Intel
2007-03-26 19:34:52 0 d-------- C:\Program Files\Common Files\Intel
2007-03-26 19:33:05 5504 --a------ C:\Windows\system32\drivers\IntelDH.sys <Verified; Intel Corporation; Intel® software driver for Intel® Viiv™ technology; 1. 6. 0. 307; 1. 6. 0. 307>
2007-03-26 19:31:58 0 d-------- C:\Windows\Downloaded Installations
2007-03-26 19:28:17 535552 --a------ C:\Windows\system32\stapo.dll <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1>
2007-03-26 19:28:17 238592 --a------ C:\Windows\system32\stapi32.dll <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1>
2007-03-26 19:28:17 647680 --a------ C:\Windows\system32\drivers\stwrt.sys <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 6.10.5343.1 nd544 cp1 built by: WinDDK>
2007-03-26 19:28:17 45568 --a------ C:\Windows\system32\ctppld.dll <Verified; Creative Technology Ltd; Creative Property Page Loader Module; 1.0.0.71; 1.0.0.71>
2007-03-26 19:28:17 416256 --a------ C:\Windows\system32\ctapo32.dll <Verified; Creative Technology Ltd.; Creative Audio Processing Object Module; 1.0.0.71; 1.0.0.71>
2007-03-26 18:44:08 0 d-------- C:\Program Files\Norton Internet Security
2007-03-26 18:43:39 274432 --a------ C:\Windows\system32\pmxutil.dll <Not Verified; Primax Electronics Ltd.; Mouse Suite 98; 1, 0, 0, 0; 1, 0, 9, 8>
2007-03-26 18:43:39 131072 --a------ C:\Windows\system32\PmxSCRLL.dll <Not Verified; Primax Electronics Ltd.; MouseSuite 98; 1.0.0.0; 1, 0, 9, 9>
2007-03-26 18:42:50 115000 --a------ C:\Windows\system32\drivers\SYMEVENT.SYS <Verified; Symantec Corporation; SYMEVENT; 12.3.0.14; 12.3.0.14>
2007-03-26 18:38:55 0 d-------- C:\Program Files\Intel
2007-03-26 18:38:48 0 d-------- C:\Program Files\Symantec
2007-03-26 18:38:46 0 d-------- C:\Users\All Users\Symantec
2007-03-26 18:38:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-26 18:21:27 0 d-------- C:\Windows\system32\Macromed
2007-03-26 18:08:46 282624 -----n--- C:\Windows\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio; 1.0.4991.0 nd444 cp1; 1.0.4991.0 nd444 cp1>
2007-03-26 18:08:33 141824 --a------ C:\Windows\system32\staco.dll <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.5343.1 nd544 cp1; 1.0.5343.1 nd544 cp1 built by: WinDDK>
2007-03-26 18:08:33 208896 --a------ C:\Windows\system32\stacapi.dll <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.4991.0 nd444 cp1; 1.0.4991.0 nd444 cp1>
2007-03-26 18:08:33 1156648 --a------ C:\Windows\system32\drivers\sthda.sys <Verified; SigmaTel, Inc.; C-Major Audio; 1.0.4991.0 nd444 cp1; 5.10.4991.0 nd444 cp1>
2007-03-26 18:08:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-26 18:08:31 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-26 18:06:32 0 d-------- C:\dell
2007-03-26 18:03:23 0 d-------- C:\Users\Jai\Setup Files
2007-03-26 17:57:09 0 d------c- C:\Windows\system32\DRVSTORE
2007-03-26 17:57:09 25792 --a------ C:\Windows\system32\drivers\pnarp.sys <Verified; Pure Networks, Inc.; Network Magic; 4.1.7039.0; 4.1.7039.0>
2007-03-26 17:57:07 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-03-26 17:57:05 0 d-------- C:\Program Files\Pure Networks
2007-03-26 17:52:46 0 d--hs---- C:\Windows\Installer
2007-03-26 17:52:40 0 d-------- C:\Users\All Users\Pure Networks
2007-03-26 17:36:06 0 --a------ C:\Windows\nsreg.dat
2007-03-26 16:45:41 4153344 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll <Verified; Microsoft; Legacy GDF resource DLL; 1.0.0.1; 1.0.0.1>
2007-03-26 16:41:57 0 dr------- C:\Users\Jai\Searches
2007-03-26 16:41:49 0 dr------- C:\Users\Jai\Contacts
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Videos
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\Templates
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\Start Menu
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\SendTo
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Saved Games
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\Recent
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\PrintHood
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Pictures
2007-03-26 16:41:45 1310720 --ahs---- C:\Users\Jai\NTUSER.DAT
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\NetHood
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\My Documents
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Music
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\Local Settings
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Links
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Favorites
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Downloads
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Documents
2007-03-26 16:41:45 0 dr------- C:\Users\Jai\Desktop
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\Cookies
2007-03-26 16:41:45 0 d--hs---- C:\Users\Jai\Application Data
2007-03-26 16:41:45 0 d--h----- C:\Users\Jai\AppData
2007-03-26 16:31:26 0 d-------- C:\Windows\SoftwareDistribution
2007-03-26 16:30:32 0 d-------- C:\Windows\Debug
2007-03-26 16:30:31 0 d-------- C:\Windows\CSC
2007-03-26 16:29:34 0 d-------- C:\Windows\Prefetch
2007-03-26 16:29:26 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-04-24 19:05:07 0 d-------- C:\Users\Jai\AppData\Roaming\Azureus
2007-04-21 23:32:06 0 d-------- C:\Users\Jai\AppData\Roaming\Apple Computer
2007-04-17 19:14:51 0 d-------- C:\Users\Jai\AppData\Roaming\Adobe
2007-04-17 16:58:18 0 d-------- C:\Users\Jai\AppData\Roaming\PC Tools
2007-04-16 20:09:10 0 d-------- C:\Users\Jai\AppData\Roaming\Lavasoft
2007-04-12 18:33:15 0 d-------- C:\Program Files\Windows Defender
2007-04-12 18:32:21 0 d-------- C:\Program Files\Windows Mail
2007-04-12 12:24:39 0 d-------- C:\Program Files\Windows NT
2007-04-12 11:52:54 0 d-------- C:\Program Files\Movie Maker
2007-04-06 09:45:10 0 d-------- C:\Users\Jai\AppData\Roaming\DivX
2007-04-06 09:40:46 0 d-------- C:\Users\Jai\AppData\Roaming\vlc
2007-03-29 17:13:32 0 d-------- C:\Users\Jai\AppData\Roaming\HP
2007-03-29 16:02:04 0 d-------- C:\Program Files\Microsoft Games
2007-03-29 15:37:25 0 d-------- C:\Program Files\MSBuild
2007-03-26 19:36:23 0 d--h----- C:\Users\Jai\AppData\Roaming\GTek
2007-03-26 18:43:21 0 d-------- C:\Users\Jai\AppData\Roaming\InstallShield
2007-03-26 18:29:28 0 d-------- C:\Users\Jai\AppData\Roaming\ATI
2007-03-26 18:21:46 0 d-------- C:\Users\Jai\AppData\Roaming\Macromedia
2007-03-26 17:57:56 0 d-------- C:\Users\Jai\AppData\Roaming\Registry Booster
2007-03-26 17:36:42 0 d-------- C:\Users\Jai\AppData\Roaming\Talkback
2007-03-26 17:36:05 0 d-------- C:\Users\Jai\AppData\Roaming\Mozilla
2007-03-26 16:41:50 0 d-------- C:\Users\Jai\AppData\Roaming\Identities
2007-03-02 21:57:28 307200 --a------ C:\Windows\system32\ATIDEMGX.dll <Verified; ATI Technologies Inc.; Catalyst® Control Centre; 2.0.2617.28723; 2.0.2617.28723>
2007-03-02 21:57:17 159744 --a------ C:\Windows\system32\atitmmxx.dll <Verified; ; TMM Com Clone Control Module; 6, 14, 11, 17; 6, 14, 11, 17>
2007-03-02 21:57:05 241664 --a------ C:\Windows\system32\atipdlxx.dll <Verified; ATI Technologies, Inc.; ATI Desktop Component; 6, 14, 10, 2516; 6, 14, 10, 2516>
2007-03-02 21:56:55 225280 --a------ C:\Windows\system32\Oemdspif.dll <Verified; ATI Technologies, Inc.; ATI Driver Interface Component; 6.14.0020; 6.14.0020>
2007-03-02 21:56:44 42496 --a------ C:\Windows\system32\ati2edxx.dll <Verified; ATI Technologies, Inc.; ATI External Device Utility; 6, 14, 10, 2511; 6, 14, 10, 2511>
2007-03-02 21:56:28 229376 --a------ C:\Windows\system32\Ati2evxx.dll <Verified; ATI Technologies Inc.; ATI External Event Utility for Windows; 6.14.10.4162; 6.14.10.4162>
2007-03-02 21:55:23 565248 --a------ C:\Windows\system32\Ati2evxx.exe <Verified; ATI Technologies Inc.; ATI External Event Utility for Windows; 6.14.10.4162; 6.14.10.4162>
2007-03-02 21:34:46 7307264 --a------ C:\Windows\system32\atioglxx.dll <Verified; ATI Technologies Inc.; ATI OpenGL driver; 6.14.10.0717; 6.14.10.0717>
2007-02-26 16:44:06 147685 --a------ C:\Windows\system32\atiicdxx.dat
2007-02-16 02:40:35 124472 --a------ C:\Windows\system32\DivXCodecUpdateChecker.exe <DIVXCO~1.EXE> <Verified; DivX, Inc.; DivX codec Update Checker; 6, 2, 5, 7; 6, 2, 5, 7>
2007-02-03 10:32:22 527136 --a------ C:\Windows\system32\LVUI2RC.dll <Verified; Logitech Inc.; Logitech QuickCam; 10.5.1.2023; 10.5.1.2023>
2007-02-03 10:32:22 215840 --a------ C:\Windows\system32\LVUI2.dll <Verified; Logitech Inc.; Logitech QuickCam; 10.5.1.2023; 10.5.1.2023>
2007-02-03 10:29:20 129824 --a------ C:\Windows\system32\lvci1051.dll <Verified; Logitech Inc.; Logitech QuickCam; 10.5.1.2023; 10.5.1.2023>
2007-02-03 10:29:08 264992 --a------ C:\Windows\system32\lvcodec2.dll <Verified; Logitech Inc.; Logitech QuickCam; 10.5.1.2023; 10.5.1.2023>
2007-02-03 09:01:44 13398 --a------ C:\Windows\system32\Repository.reg <REPOSI~1.REG>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{EF3A5E8A-EC1E-4086-BEFE-38DF7B9857B5} C:\Program Files\Movie Maker\mexobanib.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
"RegistryMechanic"=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"CCUTRAYICON"="C:\\Program Files\\Intel\\IntelDH\\CCU\\CCU_TrayIcon.exe"
"NMSSupport"="\"C:\\Program Files\\Common Files\\Intel\\IntelDH\\NMS\\Support\\IntelHCTAgent.exe\" /startup"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="sttray.exe"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{6C7A5D76-084F-2057-0323-07060606002c}"="\"C:\\Program Files\\Common Files\\{6C7A5D76-084F-2057-0323-07060606002c}\\Update.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 AM

Posted 25 April 2007 - 03:04 PM

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\Program Files\Common Files\{6C7A5D76-084F-2057-0323-07060606002c}
    C:\Windows\VTTC.exe
    C:\Windows\system32\micro1
    C:\Windows\system32\bund1



  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
  • Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



================



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 25 April 2007 - 03:07 PM

C:\Program Files\Common Files\{6C7A5D76-084F-2057-0323-07060606002c} moved successfully.
C:\Windows\VTTC.exe moved successfully.
C:\Windows\system32\micro1 moved successfully.
C:\Windows\system32\bund1 moved successfully.

Created on 04/25/2007 21:03:17

#9 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 25 April 2007 - 03:08 PM

thanks for the help so far but panda's not compatable with vista either :thumbsup: .
anythign els ei could use instead?
thanks

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 AM

Posted 25 April 2007 - 03:13 PM

Hmmm...you'd think by now these security companies would have updated their programs. :thumbsup:
We need to get a thorough scan with at least one of these programs. I'll post instructions for both in hopes that at least one of them is Vista compatible. Unfortunately I haven't confirmed that yet, so you'll be able to help me out in that regard. :flowers:

OPTION ONE


Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please post the results of the AVG Anti-Spyware scan report along with a new Hijackthis log.



==============


OPTION TWO

Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 29 April 2007 - 11:48 AM

counterspy report.

Scan History Details
Start Date: 29/04/2007 15:55:35
End Date: 29/04/2007 17:05:40
Total Time: 70 Min 5 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@atdmt[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@atdmt[2].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@atdmt[2].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@atdmt[2].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@atdmt[2].txt


Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@bs.serving-sys[1].txt
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@serving-sys[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@doubleclick[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@doubleclick[1].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@doubleclick[2].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@doubleclick[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@doubleclick[2].txt


Cookie: Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@hitbox[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@hitbox[2].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@hitbox[2].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@hitbox[2].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@hitbox[2].txt


Cookie: FastClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@fastclick[1].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@fastclick[1].txt


Cookie: HC2.HumanClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@hc2.humanclick[1].txt
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@hc2.humanclick[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@hc2.humanclick[1].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@hc2.humanclick[2].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@hc2.humanclick[2].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@hc2.humanclick[3].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@hc2.humanclick[2].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@hc2.humanclick[3].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@hc2.humanclick[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@hc2.humanclick[2].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@mediaplex[1].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@mediaplex[1].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@mediaplex[1].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@mediaplex[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@mediaplex[1].txt


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Files detected
C:\_OTMoveIt\MovedFiles\Windows\system32\bund1\ClientBundle1.exe


Cookie: Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@overture[1].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@overture[1].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@overture[1].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@overture[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@overture[1].txt


Cookie: PointRoll.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@ads.pointroll[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@ads.pointroll[1].txt


Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@questionmarket[1].txt


Cookie: RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@realmedia[1].txt


Cookie: Revenue.net Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@revenue[2].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@advertising[1].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@advertising[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@advertising[2].txt


Cookie: Zedo Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@zedo[1].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@zedo[2].txt


Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@tribalfusion[1].txt


Cookie: adrevolver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@adrevolver[1].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@adrevolver[2].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@adrevolver[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@adrevolver[2].txt


Cookie: maxserving Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@maxserving[1].txt


Cookie: casalemedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@casalemedia[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@casalemedia[1].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@casalemedia[1].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@casalemedia[2].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@casalemedia[1].txt


Cookie: statcounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@statcounter[2].txt


Deskwizz/ZQuest Browser Plug-in more information...
Details: Deskwizz/ZQuest is an adware application that tracks the user's browsing in order to display targeted advertising on the desktop.
Status: Deleted

Files detected
C:\_OTMoveIt\MovedFiles\Windows\VTTC.exe


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@tradedoubler[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@tradedoubler[2].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@tradedoubler[1].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@tradedoubler[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@tradedoubler[2].txt


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\users\george\appdata\roaming\microsoft\windows\cookies\george@ad.yieldmanager[2].txt
c:\users\harry\appdata\roaming\microsoft\windows\cookies\harry@ad.yieldmanager[1].txt
c:\users\jai\appdata\roaming\microsoft\windows\cookies\jai@ad.yieldmanager[1].txt
c:\users\mary-ann\appdata\roaming\microsoft\windows\cookies\mary-ann@ad.yieldmanager[1].txt
c:\users\trevor\appdata\roaming\microsoft\windows\cookies\trevor@ad.yieldmanager[1].txt


Trojan-Dropper.Win32.Agent.bfr Trojan Downloader more information...
Status: Deleted

Files detected
C:\_OTMoveIt\MovedFiles\Windows\system32\micro1\win5.exe

#12 jai55

jai55
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 29 April 2007 - 11:50 AM

new HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 17:46:47, on 29/04/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sunbelt Software\CounterSpy\Counterspy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EF3A5E8A-EC1E-4086-BEFE-38DF7B9857B5} - C:\Program Files\Movie Maker\mexobanib.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\Windows\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 AM

Posted 29 April 2007 - 07:22 PM

Good! Counterspy didn't detect anything that we haven't already dealt with other than cookies.

How is your computer running now? Are you still getting popups?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:43 AM

Posted 11 May 2007 - 09:18 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users