Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32.exe will not work


  • Please log in to reply

#1
gate2wire

gate2wire

    Member

  • Member
  • PipPip
  • 18 posts
I have ran AVG, spyware blaster, panda, super anti-syware and spybot search and destroy and have deleted all the trojans but one that is keeping me from using my display properties...and i get a pop up saying win32.exe is not responding..Here is my Hijackthis log and AVG...Thank you for your time and help..

Logfile of HijackThis v1.99.1
Scan saved at 11:19:23 AM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\msie.exe
C:\WINDOWS\msie.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\MIA\My Documents\MY DOWNLOADS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D4657D7-05AB-B3FB-4CD5-04881570F30A} - C:\WINDOWS\system32\ipuhnnd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - C:\WINDOWS\Policies.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypt32net - C:\WINDOWS\SYSTEM32\crypt32net.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ksapgh - ksapgh.dll (file missing)
O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\system32\jcdxtf32.dll
O21 - SSODL: DCOM Server 37389 - {2C1CD3D7-86AC-4068-93BC-A02304B37389} - C:\WINDOWS\system32\wjspw.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:19:39 PM 2/20/2007

+ Scan result:



C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0013597.dll -> Adware.SpySheriff : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0013598.dll -> Adware.SpySheriff : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0013599.dll -> Adware.SpySheriff : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0013600.dll -> Adware.SpySheriff : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP21\A0014782.exe -> Adware.Spysheriff : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021958.exe -> Dialer.GBDialer.i : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0012603.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0014597.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP30\A0016683.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP31\A0019240.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP32\A0019790.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021944.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021950.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021951.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021953.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021954.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP33\A0021912.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0013594.dll -> Proxy.Small : Cleaned.
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned.
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021943.sys -> Rootkit.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP30\A0016655.dll -> Trojan.Agent.adl : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP31\A0019212.dll -> Trojan.Agent.adl : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP32\A0019762.dll -> Trojan.Agent.adl : Cleaned.
C:\WINDOWS\system32\out.dll -> Trojan.Agent.adl : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0013584.dll -> Trojan.Agent.ady : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP22\A0014921.dll -> Trojan.Agent.ady : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0012596.exe -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0014607.exe -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP30\A0016687.exe -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP31\A0019244.exe -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP32\A0019794.exe -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021955.exe -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP18\A0014600.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021956.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP34\A0021957.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP30\A0016378.exe -> Worm.Zhelatin.w : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP31\A0018935.exe -> Worm.Zhelatin.w : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP32\A0019485.exe -> Worm.Zhelatin.w : Cleaned.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP33\A0019886.exe -> Worm.Zhelatin.w : Cleaned.
C:\WINDOWS\temp\win53C4.tmp -> Worm.Zhelatin.w : Cleaned.
C:\WINDOWS\temp\win845F.tmp -> Worm.Zhelatin.w : Cleaned.


::Report end

Edited by gate2wire, 20 February 2007 - 04:55 PM.

  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Before cleaning your computer, may I ask you a favour?

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "put file path here"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • C:\WINDOWS\system32\jcdxtf32.dll
      C:\WINDOWS\system32\wjspw.dll
  • Click Open.
  • Click Post.
Thank you!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {0D4657D7-05AB-B3FB-4CD5-04881570F30A} - C:\WINDOWS\system32\ipuhnnd.dll (file missing)
O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - C:\WINDOWS\Policies.dll

O20 - Winlogon Notify: ksapgh - ksapgh.dll (file missing)
O20 - Winlogon Notify: crypt32net - C:\WINDOWS\SYSTEM32\crypt32net.dll

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\WINDOWS\msie.exe <= this file
C:\WINDOWS\SYSTEM32\crypt32net.dll <= this file



Reboot your computer normally.

Step #5

Download ComboScan to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan into your next reply.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  • 0

#3
gate2wire

gate2wire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello and thank you for your help. First off I have done everything that you said, but I when i tried to post this file C:\WINDOWS\system32\wjspw.dll on the spy killer forum my computer could not find it. The first one worked though. Down below are all my scans.


ComboScan v20070221.16 run by MIA on 2007-02-21 at 23:11:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as MIA.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:12:02 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\MIA\My Documents\My Downloads\comboscan.exe
C:\Documents and Settings\MIA\My Documents\MY DOWNLOADS\MIA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - C:\WINDOWS\Policies.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\system32\jcdxtf32.dll
O21 - SSODL: DCOM Server 37389 - {2C1CD3D7-86AC-4068-93BC-A02304B37389} - C:\WINDOWS\system32\wjspw.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\MIA\My Documents\MY DOWNLOADS\backups\) --------------------------------------------------------------------------------

backup-20070221-230058-589 O20 - Winlogon Notify: crypt32net - C:\WINDOWS\SYSTEM32\crypt32net.dll
backup-20070221-230058-625 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070221-230058-663 O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - C:\WINDOWS\Policies.dll
backup-20070221-230058-883 O2 - BHO: (no name) - {0D4657D7-05AB-B3FB-4CD5-04881570F30A} - C:\WINDOWS\system32\ipuhnnd.dll (file missing)
backup-20070221-230059-848 O20 - Winlogon Notify: ksapgh - ksapgh.dll (file missing)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3S 5U870CAP_VID_1262&PID_25FD (HP Pavilion Webcam ) - C:\WINDOWS\system32\drivers\5U870CAP.sys
4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
3R E100B (Intel® PRO Network Connection Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys
3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys
1S EXAMPLE - C:\WINDOWS\system32\main.sys (not found)
3R HBtnKey - C:\WINDOWS\system32\drivers\CPQBttn.sys
3R HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\CHDAud.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys
3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
0R iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
2R MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - C:\WINDOWS\system32\drivers\mdc8021x.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R MQAC (Message Queuing access control) - C:\WINDOWS\system32\drivers\mqac.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
2S ntio256 (Input and output operations) - C:\WINDOWS\system32\ntio256.sys (not found)
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R rimmptsk - C:\WINDOWS\system32\drivers\rimmptsk.sys
3R rimsptsk - C:\WINDOWS\system32\drivers\rimsptsk.sys
3R rismxdp (Ricoh xD-Picture Card Driver) - C:\WINDOWS\system32\drivers\rixdptsk.sys
3R RMCAST (Reliable Multicast Protocol driver) - C:\WINDOWS\system32\drivers\rmcast.sys
3S RT73 (RT73 USB Wireless LAN Card Driver) - C:\WINDOWS\system32\DRIVERS\rt73.sys (not found)
3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys
1R SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
3R SASENUM - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
1R SASKUTIL - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
1R Tcpip6 (Microsoft IPv6 Protocol Driver) - C:\WINDOWS\system32\drivers\tcpip6.sys
3R tunmp (Microsoft Tun Miniport Adapter Driver) - C:\WINDOWS\system32\drivers\tunmp.sys
3S UIUSys (Conexant Setup API) - C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS (not found)
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3R w39n51 (Intel® PRO/Wireless 3945ABG Adapter Driver) - C:\WINDOWS\system32\drivers\w39n51.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R 6to4 (IPv6 Helper Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S AddFiltr - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"
3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
3S ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3R COMSysApp (COM+ System Application) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\system32\svchost.exe -k NetworkService
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R hpqwmiex - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\system32\imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
4S Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\system32\mnmsrvc.exe
3R MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\system32\msdtc.exe
3R MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
2R MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe
2R MSMQTriggers (Message Queuing Triggers) - C:\WINDOWS\system32\mqtgsvc.exe
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\system32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\system32\lsass.exe
4S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\system32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\system32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\system32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\system32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\system32\dllhost.exe /Processid:{FC5F0743-11B5-43E8-96A2-9DEFB0340AF2}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S TlntSvr (Telnet) - C:\WINDOWS\system32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
2R Vongo Service - C:\Program Files\Vongo\VongoService.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WMConnectCDS (Windows Media Connect Service) - C:\Program Files\Windows Media Connect 2\wmccds.exe
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-01-21 and 2007-02-21 ------------------------------

2007-02-21 04:36:23 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-20 11:08:39 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-20 10:59:05 0 d-------- C:\WINDOWS\WBEM
2007-02-20 10:59:04 0 d-------- C:\WINDOWS\system32\en-US
2007-02-20 10:58:37 0 d--h---c- C:\WINDOWS\ie7
2007-02-20 10:56:44 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-20 10:56:00 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-20 01:59:43 0 --a------ C:\WINDOWS\YOURAPP.EXE
2007-02-20 01:50:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-20 01:50:01 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-02-20 01:50:00 0 d-------- C:\Documents and Settings\MIA\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-20 01:31:10 0 d-------- C:\Program Files\Common Files\{31D0F15C-0745-1033-1113-061021200001}<{31D0F~2>
2007-02-20 01:29:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-20 00:28:02 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-19 23:34:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-19 13:26:08 0 d-------- C:\Program Files\Ultimate Cleaner<ULTIMA~1>
2007-02-19 13:26:07 0 d-------- C:\Program Files\Common Files\{31D0F15C-0746-1033-1113-061021200001}<{31D0F~1>
2007-02-19 13:26:06 0 d-------- C:\WINDOWS\system32\Policies
2007-02-17 19:05:08 0 --a------ C:\WINDOWS\Cab2.exe
2007-02-17 19:02:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-17 19:02:01 0 d-------- C:\Documents and Settings\MIA\Application Data\Registry Cleaner<REGIST~1>
2007-02-17 18:59:21 28160 --a------ C:\WINDOWS\dsrss.exe
2007-02-17 16:20:36 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-17 16:20:30 0 d-------- C:\Program Files\Grisoft
2007-02-17 16:20:14 69120 --a------ C:\WINDOWS\Policies.dll
2007-02-17 16:20:14 32768 --a------ C:\WINDOWS\iestartup.exe<IESTAR~1.EXE>
2007-02-17 16:14:09 5120 --a------ C:\WINDOWS\system32\scardrv.exe
2007-02-17 16:14:06 10752 --a------ C:\WINDOWS\system32\kernel.dll
2007-02-17 16:13:37 0 -rahs---- C:\MSDOS.SYS
2007-02-17 16:13:37 0 -rahs---- C:\IO.SYS
2007-02-17 16:13:35 295 --a------ C:\WINDOWS\system32\26763.exe
2007-02-17 16:08:11 10147 --a------ C:\WINDOWS\i.exe
2007-02-17 16:08:04 34069 --a------ C:\WINDOWS\system32\jcdxtf32.dll
2007-02-17 16:07:49 0 d-------- C:\zx
2007-02-17 16:07:48 34069 --a------ C:\WINDOWS\system32\hpdi32.dll
2007-02-17 16:02:21 1532177 --a------ C:\Documents and Settings\MIA\Application Data\Install.dat
2007-02-17 15:24:04 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-02-11 00:59:46 0 d-------- C:\Documents and Settings\All Users\Application Data\rs-95-46-2p-55-55<RS-95-~1>
2007-02-11 00:37:55 0 d-------- C:\Documents and Settings\MIA\Application Data\EA
2007-02-11 00:37:40 0 d-------- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55<55-55-~1>
2007-02-11 00:37:17 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-02-10 21:28:09 0 d-------- C:\Documents and Settings\MIA\Application Data\MSN6
2007-02-10 21:28:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-02-10 21:28:02 0 d-------- C:\Documents and Settings\MIA\Application Data\MSNInstaller<MSNINS~1>
2007-02-10 18:46:06 0 d-------- C:\Program Files\Microsoft Office Outlook Connector<MI9809~1>
2007-02-10 18:44:37 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-10 10:29:37 0 d-------- C:\Documents and Settings\MIA\Application Data\Real
2007-02-08 23:40:48 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-08 23:35:22 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-02-08 23:35:20 51120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-02-08 23:34:35 21744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-02-08 23:33:39 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-02-08 23:33:39 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-02-08 23:33:39 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-02-08 23:33:39 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-02-08 23:33:39 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-02-08 23:33:38 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-02-08 23:24:37 19696 -----n--- C:\WINDOWS\hpomdl05.dat
2007-02-08 23:24:37 69385 --a------ C:\WINDOWS\hpoins05.dat
2007-02-08 23:17:58 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-08 23:17:31 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-08 17:07:36 0 d-------- C:\WINDOWS\Performance<PERFOR~1>
2007-02-08 17:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation<MICROS~2>
2007-02-08 17:06:42 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor<MI3B3C~1>
2007-02-06 17:41:57 0 d-------- C:\Documents and Settings\MIA\Application Data\Google
2007-01-31 15:03:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-01-31 03:50:17 0 d-------- C:\Documents and Settings\MIA\Application Data\AdobeUM
2007-01-31 03:44:39 0 d-------- C:\Documents and Settings\MIA\Application Data\CyberLink<CYBERL~1>
2007-01-30 22:59:16 0 d-------- C:\Program Files\RALINK
2007-01-30 01:36:04 0 d-------- C:\WINDOWS\system32\LogFiles
2007-01-29 23:00:28 0 d-------- C:\Program Files\GameHouse<GAMEHO~1>
2007-01-29 23:00:18 0 d-------- C:\Program Files\Google
2007-01-28 19:14:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-01-28 19:07:51 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-28 18:47:13 0 d-------- C:\Documents and Settings\MIA\Application Data\Adobe
2007-01-28 18:11:32 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-01-28 18:11:31 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-01-28 18:11:31 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-01-28 17:49:00 2027 --a------ C:\WINDOWS\mozver.dat
2007-01-28 14:51:54 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-01-28 14:45:22 0 d-------- C:\Program Files\TuneUp Utilities 2006<TUNEUP~1>
2007-01-28 14:45:22 0 d-------- C:\Documents and Settings\MIA\Application Data\TuneUp Software<TUNEUP~1>
2007-01-28 14:44:55 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1>
2007-01-28 14:44:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-28 14:44:43 0 d-------- C:\Documents and Settings\MIA\Application Data\WinRAR
2007-01-28 14:38:09 0 d-------- C:\Documents and Settings\MIA\Application Data\Azureus
2007-01-28 14:38:00 0 d-------- C:\Program Files\Azureus
2007-01-28 14:37:09 0 d-------- C:\WINDOWS\Sun
2007-01-28 14:37:09 0 d-------- C:\Documents and Settings\MIA\Application Data\Sun
2007-01-23 08:13:09 0 d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files<TEMPOR~1>
2007-01-23 08:13:09 0 d---s---- C:\Documents and Settings\LocalService\History
2007-01-23 00:10:18 0 d--h----- C:\WINDOWS\PIF
2007-01-22 22:09:29 0 d-------- C:\Program Files\TryMedia
2007-01-22 22:09:15 0 d-------- C:\Program Files\Yahoo! Games<YAHOO!~1>
2007-01-22 18:16:59 929792 -ra------ C:\WINDOWS\system32\PRISME5.dll
2007-01-22 18:16:59 15781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-01-22 18:14:49 0 d-------- C:\Program Files\QwestQuickNetworking<QWESTQ~2>
2007-01-22 16:32:51 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-22 16:32:46 0 d-------- C:\45270cadd31bc7e2dde3de874d7a<45270C~1>
2007-01-22 14:59:50 0 d-------- C:\Program Files\QwestNetworkingManager<QWESTN~1>
2007-01-22 14:44:25 23040 -----n--- C:\WINDOWS\kb913800.exe
2007-01-22 13:18:36 0 d-------- C:\Program Files\Qwest
2007-01-22 13:18:36 0 d-------- C:\Program Files\Common Files\supportsoft<SUPPOR~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-20 01:29:42 0 d-------- C:\Program Files\DIGStream<DIGSTR~1>
2007-02-19 13:26:07 0 d-------- C:\Program Files\Yahoo!
2007-02-19 09:28:46 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-17 21:06:15 502784 --a------ C:\WINDOWS\system32\winlogon.exe
2007-02-17 16:18:06 0 d---s---- C:\Documents and Settings\MIA\Application Data\Microsoft<MICROS~1>
2007-02-17 00:02:26 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-08 23:43:35 0 d-------- C:\Program Files\HP
2007-02-01 21:20:11 0 d-------- C:\Program Files\HP Games<HPGAME~1>
2007-01-30 22:59:59 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-30 21:43:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-30 17:17:00 0 d-------- C:\Program Files\Microsoft Money 2006<MICROS~2>
2007-01-28 19:08:24 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-28 14:52:02 0 d-------- C:\Documents and Settings\MIA\Application Data\Mozilla
2007-01-22 23:21:37 16 --a------ C:\WINDOWS\popcinfo.dat
2007-01-22 16:35:23 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-01-22 14:09:35 0 d-------- C:\Program Files\Common Files\AOL
2007-01-22 14:01:54 0 d-------- C:\Documents and Settings\MIA\Application Data\AOL
2007-01-20 12:30:58 251 --a------ C:\Program Files\wt3d.ini
2007-01-16 23:33:37 0 d-------- C:\Documents and Settings\MIA\Application Data\Netscape
2007-01-15 15:55:16 0 d-------- C:\Documents and Settings\MIA\Application Data\HP
2007-01-15 15:34:37 10920 --a------ C:\aolconnfix.exe<AOLCON~1.EXE>
2007-01-13 13:47:01 0 d-------- C:\Documents and Settings\MIA\Application Data\funkitron<FUNKIT~1>
2007-01-13 12:42:33 0 d-------- C:\Program Files\AOL Games<AOLGAM~1>
2007-01-12 16:23:53 0 d-------- C:\Documents and Settings\MIA\Application Data\Help
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-12 09:02:47 0 d-------- C:\Documents and Settings\MIA\Application Data\GTek
2007-01-12 06:26:15 0 d-------- C:\Program Files\SupportSoft<SUPPOR~1>
2007-01-11 21:43:35 0 d-------- C:\Program Files\Sierra On-Line<SIERRA~1>
2007-01-11 21:43:31 0 d-------- C:\Program Files\WON
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-07 00:43:29 0 d-------- C:\Program Files\Quicken
2007-01-07 00:24:47 0 d-------- C:\Documents and Settings\MIA\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-01-07 00:24:45 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-01-07 00:24:29 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-07 00:24:10 0 d-------- C:\Program Files\Common Files\Real
2007-01-07 00:24:03 0 d-------- C:\Program Files\Real
2007-01-07 00:23:46 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-01-07 00:22:45 335 --a------ C:\WINDOWS\nsreg.dat
2007-01-07 00:20:17 0 d-------- C:\Documents and Settings\MIA\Application Data\Macromedia<MACROM~1>
2007-01-06 23:46:47 0 d-------- C:\Documents and Settings\MIA\Application Data\WildTangent<WILDTA~1>
2007-01-06 23:10:07 0 d-------- C:\Program Files\Vongo
2007-01-06 22:50:06 0 d-------- C:\Program Files\HPQ
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-18 16:36:36 312840 --a------ C:\WINDOWS\KingComIE.dll<KINGCO~1.DLL>
2006-12-06 21:14:51 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
@=""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"MsmqIntCert"="regsvr32 /s mqrt.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"Cpqset"="C:\\Program Files\\Hewlett-Packard\\Default Settings\\cpqset.exe"
"QUICKCARE"="C:\\Program Files\\Qwest\\QuickCare\\bin\\sprtcmd.exe /P QUICKCARE"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304B37389}"="DCOM Server 37389"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"CDRecorder031"="{A3BC5E20-0235-1ABF-9CE1-00AA00512031}"
"DCOM Server 37389"="{2C1CD3D7-86AC-4068-93BC-A02304B37389}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"Wallpaper"=""
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"iestartup"="C:\\WINDOWS\\iestartup.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\setupSNK.exe


-- End of ComboScan: finished at 2007-02-21 at 23:12:26 -------------------------




Incident Status Location

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\MIA\Application Data\Registry Cleaner
Adware:adware/browserplugin Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\MIA\Application Data\Mozilla\Firefox\Profiles\yx8hysjj.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MIA\Application Data\Mozilla\Firefox\Profiles\yx8hysjj.default\cookies.txt[.go.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\MIA\Application Data\Mozilla\Firefox\Profiles\yx8hysjj.default\cookies.txt[.tickle.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\MIA\Application Data\Mozilla\Firefox\Profiles\yx8hysjj.default\cookies.txt[landing.domainsponsor.com/]
Adware:Adware/Adsmart Not disinfected C:\Program Files\Mozilla Firefox\run.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
Virus:Trj/Keylog.LN Disinfected C:\WINDOWS\dsrss.exe
Virus:Bck/Haxdoor.OR Disinfected C:\WINDOWS\i.exe
Virus:Trj/Qhost.EV Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070217-191925.backup
Possible Virus. Not disinfected C:\WINDOWS\system32\yodas.data

Logfile of HijackThis v1.99.1
Scan saved at 12:32:08 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIA\My Documents\MY DOWNLOADS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Back to top -->

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
Step #2

I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Toolbar
  • Viewpoint Manager
  • Viewpoint Media Player
  • Ultimate Cleaner
  • Registry Cleaner
Step #3

Scan again with HijackThis and check the following items:
O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\system32\jcdxtf32.dll
O21 - SSODL: DCOM Server 37389 - {2C1CD3D7-86AC-4068-93BC-A02304B37389} - C:\WINDOWS\system32\wjspw.dll (file missing)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #5

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #6

Find and delete these files and folders (if they are still there):
C:\WINDOWS\Cab2.exe
C:\WINDOWS\system32\26763.exe
C:\WINDOWS\system32\hpdi32.dll
C:\WINDOWS\i.exe
C:\WINDOWS\system32\jcdxtf32.dll
C:\WINDOWS\system32\scardrv.exe
C:\WINDOWS\system32\kernel.dll
C:\WINDOWS\Policies.dll
C:\WINDOWS\iestartup.exe
C:\WINDOWS\dsrss.exe
C:\WINDOWS\system32\jcdxtf32.dll
C:\WINDOWS\system32\yodas.data
C:\WINDOWS\system32\Policies
C:\Program Files\Ultimate Cleaner
C:\Program Files\Online Services\PeoplePC
C:\Program Files\Common Files\{31D0F15C-0745-1033-1113-061021200001}
C:\Documents and Settings\MIA\Application Data\Registry Cleaner


Reboot your computer normally.

Step #5

Please run Notepad and paste the following text into a new file:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"iestartup"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".
This is how the reg file must look afterwards: Posted Image

Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Then reboot your computer.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Also do a new scan with comboscan and post the results along with the contents of the Report.txt back on the forum

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  • 0

#5
gate2wire

gate2wire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry for the wait I was having problems with some of the programs but now got them to work..

Edited by gate2wire, 25 February 2007 - 06:01 PM.

  • 0

#6
gate2wire

gate2wire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey I have done everything except step five. I have been having trouble with the files that need to be pasted in the notepad. When i go to open the file up it says invalid registry. And when i download the dr web and go to open it up it shows a black dos window for a few seconds then shuts off and will not open up or run. Here is my scan from the SDfix.

SDFix: Version 1.68

Run by MIA - Sun 02/25/2007 @ 16:54:10.89

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\MIA\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
EXAMPLE

Path:
\??\C:\WINDOWS\system32\main.sys

EXAMPLE Deleted

Checking For Malware Registry Entries
Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\pp.exe.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\MIA\Desktop\SDFix\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :


Add/Remove Programs List:

GemMaster Mystic
Qwest QuickNetworking
Adobe Photoshop CS2
AVG Anti-Spyware 7.5
Azureus
Otto
Bejeweled 2 Deluxe 1.0
Boggle Supreme (remove only)
Conexant HD Audio
Soft Data Fax Modem with SmartCP
ESPNMotion
Flip Words
HijackThis 1.99.1
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Rhapsody
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Customer Experience Enhancement
Easy Internet Sign-up
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Microsoft .NET Framework 1.1
Microsoft Money 2006
Monopoly Here & Now Edition
Mozilla Firefox (2.0.0.2)
MSN
My HP Game Console
Netscape Browser (remove only)
Microsoft National Language Support Downlevel APIs
Panda ActiveScan
Intel® PRO Network Connections Drivers
QuickTime
Qwest QuickCare 2.0
RealPlayer Basic
SCRABBLE
Adobe Flash Player 9 ActiveX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Super Collapse! 3
Super Word Power
Synaptics Pointing Device Driver
My HP Games
WinRAR archiver
Windows Media Connect
Word Slinger
Polar Golfer
Polar Bowler
Super Granny
Tradewinds
Blackhawk Striker 2
Blasterball 2 Remix
FATE
Diner Dash 2
Bejeweled 2 Deluxe
Bistro Stars
Bookworm Deluxe
Cake Mania
Chuzzle Deluxe
Dora's Carnival Adventure
Family Feud
Garden Dreams
Insaniquarium Deluxe
JEOPARDY
Jewel Quest
SpongeBob SquarePants Krabby Quest
LEGO Builder Bots
Mah Jong Quest
Mystery Case Files
SCRABBLE
Slingo Deluxe
Snowy Space Trip
Tinos Fruit Stand
Wheel of Fortune
Blasterball 2 Revolution
Bounce Symphony
Penguins!
Best Gift
Best Gift
Boggle Supreme
Boggle Supreme
Sonic Data Module
Wireless Home Network Setup
Scan
ScannerCopy
HP Product Assistant
Qwest eChat Support Tools
Fax
CP_CalendarTemplates1
TrayApp
Sonic MyDVD Plus
Customer Experience Enhancement
Google Toolbar for Internet Explorer
Adobe Photoshop CS2
CP_Package_Variety2
Destinations
Quicken 2006
ebgcSDK
SkinsHP1
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 6
HP PSC & OfficeJet 4.7
HP Quick Launch Buttons 6.10 A2
Unload
OptionalContentQFolder
ProductContext
1400
ebgcInfra
ebgcRes
NetWaiting
RandMap
BufferChm
Microsoft Works
HP Wireless Assistant 2.00 G2
Readme
HP QuickPlay 2.3
Office 2003 Trial Assistant
CP_Panorama1Config
cp_LightScribeConfig
CP_Package_Variety1
SonicAC3Encoder
FullDPAppQFolder
cp_PosterPrintConfig
Microsoft Office Outlook Connector
AiO_Scan
Sonic Express Labeler
Macromedia Flash Player 8
LightScribe 1.4.97.1
ebgcRes
CP_Package_Basic1
Adobe Stock Photos 1.0
Sonic_PrimoSDK
HPSystemDiagnostics
DivX
cp_UpdateProjectsConfig
Easy Internet Sign-up
Macromedia Shockwave Player
AiOSoftware
TuneUp Utilities 2006
PhotoGallery
Windows Vista Upgrade Advisor
Intel® Graphics Media Accelerator Driver
Adobe Common File Installer
HP Image Zone Express
Microsoft Office Standard Edition 2003
ECHO is off.
CueTour
TourSetup
1400_Help
2Wire Wireless Client
Microsoft Visual C++ 2005 Redistributable
HP Help and Support
DeviceManagementQFolder
Sonic Audio Module
MSN Messenger 7.0
Adobe Reader 7.0.9
CP_AtenaShokunin1Config
Sonic Copy Module
SonicMPEGEncoder
CP_Package_Variety3
Adobe Bridge 1.0
Director
HP Update
cp_OnlineProjectsConfig
HP User Guides 0035
DIGOpt
Microsoft .NET Framework 1.1
SUPERAntiSpyware Free Edition
WebReg
HpSdpAppCoreApp
Vongo
1400Trb
Adobe Help Center 1.0
muvee autoProducer 5.0
InstantShareDevices

Finished
  • 0

#7
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
The regfix was my bad! It will work this time. Please try to run Dr.Web CureIt in Safe mode!

Step #1

Please run Notepad and paste the following text into a new file:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"iestartup"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".
This is how the reg file must look afterwards: Posted Image

Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Then reboot your computer.

Step #2

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Reboot Your System in Safe Mode
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Also do a new scan with comboscan and post the results along with the contents of the Report.txt back on the forum

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP