Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Smitfraud-type trojan (also Perfcoo, Qhost.er, Downloader.Agent.1760)

Started by mamazeb , Aug 13 2007 06:31 PM

This topic is locked

#1
mamazeb

Posted 13 August 2007 - 06:31 PM

New Member

Member
6 posts

I've edited this post because I have now done everything possible for clean-up. Lots of detail below which it's probably not necessary to read! Basically, I've done the Smitfraud Fix but am locked out of the registry and the computer is trying to load c:\WINDOWS\system32\printer.exe on boot-up. Would like confirmation system is clean and registry is fixed. Many thanks in anticipation of assistance.

Was some kind of Smitfraud Trojan I think but 3 others identified in clean up - Perfcoo, Qhost.er, Downloader.Agent.1760

WHAT HAS BEEN HAPPENING
a) periodic message: "[TITLE] Windows Security Alert [BODY] Warning! Potential spyware operation! Your computer is making unauthorized copies of your system and internal files. Run full scan now to pervent any unauthorized access to your files! Click here to download spyware remover [BUTTON] Yes [BUTTON] No" This has stopped since using Smitfraud Fix.

b) Status bar balloon message "Your computer is infected! Windows has deleted spyware infection! It is recommended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!" This link goes to httxxp://go.winantivirus.com/MTY2NJu=/2/6018/AX=1/ED-1/3X-1/348/ This has stopped since using Smitfraud Fix.

c) slowness

d) Control panel not accessible and couldn't turn off System Restore. (Control panel is now accessible again since I used the Smitfraud Fix.)

e) Task Manager was fine this morning then this evening became greyed out. (Now accessible again since I tried the Smitfraud Fix.)

f) Regedit was working earlier in the day and I found various keys indicated infection but I didn't change them. Now I can't get into Registry - get this message: "[TITLE] Registry Editor [BODY] Registry editing has been disabled by your administrator"

g) Since using the Smitfraud Fix, I get a message on start-up saying "Windows cannot find 'C:\WINDOWS\system32\printer.exe". That file was deleted by the SfFix, so what is trying to open it now?

WHAT I'VE TRIED (AND IN WHAT ORDER)
1)Symantec Antivirus was up-to-date (August 10th) when the infection happened (on August 11th). I've kept the PC off the internet since and tried to do most things in Safe Mode. Symantec found Trojan.Perfcoo and quarantined it - I deleted it. Have applied manual updates of Symantec from their Intelligent Updater but they did not actually change the version date stated inside the software so I think Symatec was compromised. Since SfFix applied I have been able to update Symantec.
2) Spybot spotted some redirections in the Hosts file and fixed them.
3) Sysclean found TROJ_QHOST.ER four virus files and fixed three of them but they have since all come back.
4) AdAware wouldn't install - message "The system administrator has set policies to prevent this installation".
5) AVG Antispyware just found 4 Adware tracking cookies.
6) AVG antivirus found nothing
7) HijackThis log to act as a baseline (not included in this post but can be provided if required) and
8) tried to do SmitfraudFix (log below) by following instructions given to someone else at http://forums.spywar...hp/t103478.html. However it seemed that the fix couldn't access the registry, and I can't use Regedit.
9) So I've done another HijackThis log in the hope that someone can tell me if it worked or not.
10) Since then I've done a bit more and run all the steps listed for this forum.... Trojan Hunter found Trojan Downloader.Agent.1760 and quarantined it.
11) SUPERAntiSpyware found no harmful software.
12) Panda Online ActiveScan found nothing of interest (a very old worm and the Smitfraud Fix, can supply log if need be).

Attached below is A) SmitfraudFix log and then B) Final HJT log (replaces earlier version) and C) an uninstall list.

My questions are
I) Is the system clean? (O20 in HJT log doesn't look right, and why's is Windows still trying to load printer.exe?)
II) How do I get everything back to normal (eg registry)
III) How can I get back to being able to edit the Registry? (looks like O7 in HJT log may be the culprit)

Sorry if this post is overly long or gives irrelevant information - am new to all this. MTIA of assistance!

______________________
A)SmitfraudFix log

SmitFraudFix v2.211

Scan done at 21:47:48.75, 13/08/2007
Run from C:\Documents and Settings\Jo\Desktop\TrojanFixing\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 updates5.kaspersky-labs.com
192.168.200.3 www.awaps.net
192.168.200.3 www.viruslist.ru

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\printer.exe Deleted
C:\WINDOWS\system32\WinAvXX.exe Deleted
C:\DOCUME~1\Jo\STARTM~1\Programs\Startup\system.exe Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\autorun.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{380C8443-9FFE-43B5-B40A-DF1EF5B38322}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{380C8443-9FFE-43B5-B40A-DF1EF5B38322}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{380C8443-9FFE-43B5-B40A-DF1EF5B38322}: DhcpNameServer=10.0.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

_____________________
B) Final HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:34, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL

Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext

= http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32

\printer.exe
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-

B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-

Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default

Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch

Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1

\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client

Foundation\CFD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32

\mobsync.exe /logon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1

\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep

0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay

Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-

Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program

Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7

\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program

Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google

Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1

\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7

\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7

\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program

Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Service Manager.lnk = C:\Program

Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1
O8 - Extra context menu item: &eBay Search - res://C:\Program

Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add To Kaboodle -

http://www.kaboodle....ToKaboodle.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02

\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet

Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.iherb.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN

Class) -

http://h20270.www2.h...nstaller_gmn.ca

b
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl

Class) -

http://tools.ebayimg...ed_Picture_Cont

rol_v1-0-3-30.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield

Setup Player 2K2) -

http://sib1.od2.com/...20.0002/OCI/set

up.exe
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class)

-

http://instantsuppor...pplets/HPISDiag

Manager.CAB
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft

Office XP Professional Step by Step Interactive) -

file://C:\Program Files\Microsoft Interactive

Training\O10C\mitm0026.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload

Manager Class) -

http://www.kodakgall...N_IE_1/axofupld.

cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader

3.0 Control) - http://www.asda-

photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music

Mediabar) -

http://sib1.od2.com/...n/MusicManagerP

lugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

https://download.mac...flash/swflash.c

ab
O20 - AppInit_DLLs: hrum348.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service

(bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother

Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner -

C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) -

Symantec Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard

Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program

Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation -

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11978 bytes

__________________________________
C) Uninstall List - since this list was created, I installed yesterday's (August 15th) MS security updates.
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.0
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Belarc Advisor 5.1
broadband medic
BroadJump Client Foundation
BUM
Conexant AC-Link Audio
eBay Toolbar
EPSON TWAIN 5
FinePix Studio
FUJIFILM USB Driver
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Help and Support
HP Update
ImageMixer VCD2 LE for FinePix
Intel® Extreme Graphics 2 Driver
InterActual Player
InterVideo WinDVD
iTunes
Java™ 6 Update 2
KODAK EASYSHARE Gallery Upload ActiveX Control
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office XP Pro Step by Step Interactive
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.6)
MSN Music Mediabar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Music Manager
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 2
PrimoPDF
QuarkXPress 5.0
Quick Launch Buttons 5.00 B3
QuickTime
RealPlayer
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Skype 2.5
SoftV92 Data Fax Modem with SmartCP
Sonic DLA
Sonic Update Manager
SpamBayes 1.0.4
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Synaptics Pointing Device Driver
TClockEx
ThumbsPlus 6 (Network Client)
ThumbsPlus 7.0 SP1 Build 2232
ThumbsPlus version 7.0sp1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Messenger

Edited by mamazeb, 16 August 2007 - 05:50 AM.

#2
Essexboy

Posted 18 August 2007 - 09:28 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there sorry for the delay I will go straight into it and see what results. A request, when you post your Hijackthis can you ensure that wordwrap is NOT selected in notepad Ta

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: hrum348.txt

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

I will require the combofix and Hiajckthis logs

#3
mamazeb

Posted 20 August 2007 - 04:34 AM

New Member

Topic Starter
Member
6 posts

Dear Essexboy, thanks so much for replying. Sorry about the wordwrap!

I've taken the steps you suggested; logs are below.

best wishes

___________

Combofix log

ComboFix 07-08-14.4 - "Jo" 2007-08-20 11:07:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.341 [GMT 1:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))

2007-08-18 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-15 09:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-14 23:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-14 23:32 <DIR> d-------- C:\DOCUME~1\Jo\APPLIC~1\SUPERAntiSpyware.com
2007-08-14 23:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-14 01:35 <DIR> d-------- C:\DOCUME~1\Jo\APPLIC~1\TrojanHunter
2007-08-14 01:34 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-08-13 21:43 5,938 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-13 21:42 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-13 21:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-13 21:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-13 20:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 19:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-13 15:59 <DIR> d-------- C:\Sysclean
2007-08-13 14:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-12 23:15 <DIR> d-------- C:\WINDOWS\pss

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 11:19 --------- d-------- C:\Program Files\Thumbs7
2007-08-20 11:18 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-15 17:04 --------- d-------- C:\Program Files\TClockEx
2007-08-15 17:02 --------- d-------- C:\Program Files\MSN Messenger
2007-08-15 16:52 --------- d-------- C:\Program Files\iTunes
2007-08-15 16:51 --------- d-------- C:\Program Files\Google
2007-08-15 16:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-19 16:12 --------- d-------- C:\DOCUME~1\Jo\APPLIC~1\Skype
2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 18:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 18:11 --------- d-------- C:\Program Files\FinePixViewer
2007-07-10 18:11 --------- d-------- C:\DOCUME~1\Jo\APPLIC~1\FUJIFILM
2007-07-01 10:29 --------- d-------- C:\Program Files\Yahoo!
2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-24 23:44 --------- d-------- C:\DOCUME~1\Jo\APPLIC~1\AdobeUM
2007-06-24 14:49 --------- d-------- C:\Program Files\iPod
2007-06-24 14:47 --------- d-------- C:\Program Files\QuickTime
2007-06-24 14:45 --------- d-------- C:\Program Files\Apple Software Update
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 09:46]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 09:33]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 04:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 03:55]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 18:32]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 16:33]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-13 13:34]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 09:00]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-05-05 22:44]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 16:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-08-11 20:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 01:15]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 22:35]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-08 14:23:01]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [2005-05-10 19:24:26]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 pciinfo;HP Pci Information;\??\C:\DOCUME~1\Jo\LOCALS~1\Temp\hpdom\pciinfo.sys
R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys
R3 EraserUtilDrvI3;EraserUtilDrvI3;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI3.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2412fcc-7568-11da-b3d1-00c09f78fc7f}]
AutoRun\command- E:\setupSNK.exe

Contents of the 'Scheduled Tasks' folder
2007-08-12 16:34:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2005-08-13 12:33:25 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
2007-08-20 07:00:35 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D5FC954E-44FD-44A5-9548-729C59F4BF78}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 11:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????Y????|?????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-20 11:24:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 11:24

--- E O F ---

_____________

Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:04, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle....ToKaboodle.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.iherb.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://instantsuppor...DiagManager.CAB
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-phot...opcuploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/...nagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11655 bytes

#4
Essexboy

Posted 20 August 2007 - 12:53 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there mamazeb I have noticed that you are now running 2 antivirus programmes Norton and AVG

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

So to ensure that your system is not stressed either uninstall one or disable it from running at start up..Nuff said

Your logs do not look to bad now, so I would like to do a deep scan to ensure that they are all caught

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts. :whistling:

#5
mamazeb

Posted 21 August 2007 - 02:13 AM

New Member

Topic Starter
Member
6 posts

Hi Essexboy, I've removed the AVG - very good point - I only needed it temporarily. Does the same thing go for spyware? I've always used SpyBot immunisation, but during the clean-up I've added AVG AntiSpyware and SUPERAntiSpyware. Would have had AdAware too but it wouldn't install. What would you recommend I stick with?
Okay, here's the WinPFind3 log:

best wishes, Mamazeb.
____

WinPFind3 logfile created on: 21/08/2007 00:51:29
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Jo\Desktop\TrojanFixing\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

734.42 Mb Total Physical Memory | 408.61 Mb Available Physical Memory | 55.64% Memory free
1.01 Gb Paging File | 0.74 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 4.12 Gb Free Space | 11.07% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JOCOMPAQ
Current User Name: Jo
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
bgsvcgen.exe -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 17:02:26 | Attr = ]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 01:01:00 | Attr = ]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 01:00:00 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 48752 bytes | Modified Date = 02/06/2005 09:21:38 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 185968 bytes | Modified Date = 02/06/2005 09:21:40 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 161392 bytes | Modified Date = 02/06/2005 09:21:46 | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 19648 bytes | Modified Date = 23/06/2005 19:27:18 | Attr = ]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 0, 2, 3 | Size = 286720 bytes | Modified Date = 30/07/2004 16:33:44 | Attr = ]
ebaytbdaemon.exe -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay Inc. [Ver = 2.5000.4.7 | Size = 538104 bytes | Modified Date = 05/05/2007 22:44:08 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 18/06/2007 22:35:30 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2316 | Size = 118784 bytes | Modified Date = 30/10/2003 09:33:50 | Attr = ]
hphmon05.exe -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 23/05/2003 03:55:38 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 00:11:42 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 01/06/2007 16:51:22 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 01/06/2007 16:51:26 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 1715904 bytes | Modified Date = 23/06/2005 19:27:28 | Attr = ]
savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.1.1000 | Size = 124608 bytes | Modified Date = 23/06/2005 19:27:30 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.10.11.1 26May04 | Size = 536576 bytes | Modified Date = 26/05/2004 18:15:16 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.10.11.1 26May04 | Size = 98304 bytes | Modified Date = 26/05/2004 18:15:42 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 06:33:00 | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 85696 bytes | Modified Date = 23/06/2005 19:27:36 | Attr = ]
winpfind3u.exe -> %UserDesktop%\TrojanFixing\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23/06/2007 15:15:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 13:31:10 | Attr = ]
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 17:02:26 | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 01:00:00 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 185968 bytes | Modified Date = 02/06/2005 09:21:40 | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 83568 bytes | Modified Date = 02/06/2005 09:21:46 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 161392 bytes | Modified Date = 02/06/2005 09:21:46 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %System32%\CTsvcCDA.EXE -> File not found
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 19648 bytes | Modified Date = 23/06/2005 19:27:18 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 09:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 31/01/2007 18:43:44 | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 3, 4 | Size = 98304 bytes | Modified Date = 27/07/2004 23:25:24 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 01/06/2007 16:51:22 | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.1.1000 | Size = 124608 bytes | Modified Date = 23/06/2005 19:27:30 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.2.1 | Size = 206552 bytes | Modified Date = 22/04/2005 12:03:28 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 30/03/2005 21:48:22 | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 1715904 bytes | Modified Date = 23/06/2005 19:27:28 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 10:25:42 | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 48752 bytes | Modified Date = 02/06/2005 09:21:38 | Attr = ]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 208958 bytes | Modified Date = 30/04/2004 18:32:46 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 06:33:00 | Attr = ]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 0, 2, 3 | Size = 286720 bytes | Modified Date = 30/07/2004 16:33:44 | Attr = ]
eBayToolbar -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay Inc. [Ver = 2.5000.4.7 | Size = 538104 bytes | Modified Date = 05/05/2007 22:44:08 | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2316 | Size = 118784 bytes | Modified Date = 30/10/2003 09:33:50 | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 00:11:42 | Attr = ]
HPHmon05 -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 23/05/2003 03:55:38 | Attr = ]
HPHUPD05 -> %ProgramFiles%\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 49152 bytes | Modified Date = 23/05/2003 04:03:16 | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2316 | Size = 155648 bytes | Modified Date = 30/10/2003 09:46:52 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 01/06/2007 16:51:26 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 04/02/2002 22:32:10 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.2.1 | Size = 100056 bytes | Modified Date = 13/08/2005 13:34:32 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.10.11.1 26May04 | Size = 536576 bytes | Modified Date = 26/05/2004 18:15:16 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.10.11.1 26May04 | Size = 98304 bytes | Modified Date = 26/05/2004 18:15:42 | Attr = ]
THGuard -> %ProgramFiles%\TrojanHunter 4.7\THGuard.exe -> Mischel Internet Security [Ver = 4.5.0.277 | Size = 1103360 bytes | Modified Date = 11/08/2007 20:49:44 | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 19/08/2003 09:01:00 | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 85696 bytes | Modified Date = 23/06/2005 19:27:36 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 01/01/2007 22:22:02 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 20/08/2007 22:11:26 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 18/06/2007 22:35:30 | Attr = ]
TClockEx -> %ProgramFiles%\TClockEx\TCLOCKEX.EXE -> Dale Nurden [Ver = 1.4.2 | Size = 89088 bytes | Modified Date = 09/03/2000 01:15:18 | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 11/06/2007 18:16:12 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 17/07/2002 02:15:12 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 13:29:58 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 20/08/2007 22:11:16 | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2316 | Size = 319488 bytes | Modified Date = 30/10/2003 09:33:00 | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 43712 bytes | Modified Date = 23/06/2005 19:27:44 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://mail.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
www_iherb.com [http] -> ->
www_iherb.com [https] -> ->
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 00:55:32 | Attr = R ]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} [HKLM] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar] -> eBay Inc. [Ver = 2.5000.4.7 | Size = 550392 bytes | Modified Date = 05/05/2007 22:43:54 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 00:55:32 | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
Add To Kaboodle -> http:\www.kaboodle.com\zg\addToKaboodle.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.bcf -> %ProgramFiles%\Internet Explorer\PLUGINS\NPBelv32.dll [Belarc Advisor and BelLive - Belarc's Content Personalization with Privacy] -> Belarc, Inc. [Ver = 5.1p | Size = 786432 bytes | Modified Date = 20/03/2003 16:08:48 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4C6F1313-19C0-45E7-B70B-4C1DF4371E96} -> (1394 Net Adapter) ->
{A5AD1E9F-5E52-41D0-98BE-16ED771817E6} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{FF39775E-0312-4F63-BD68-2A2A7DD806EC} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
belarc -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 5.1n | Size = 36864 bytes | Modified Date = 07/02/2003 17:42:38 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.micros...tes/ieawsdc.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -> VerifyGMN Class - CodeBase = http://h20270.www2.h...staller_gmn.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab ->
{4C39376E-FA9D-4349-BACC-D305C1750EF3} -> EPUImageControl Class - CodeBase = http://tools.ebayimg...l_v1-0-3-30.cab ->
{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -> InstallShield Setup Player 2K2 - CodeBase = http://sib1.od2.com/...2/OCI/setup.exe ->
{555500CD-CB54-11D6-8DB9-0000864598B3} -> Diagmgr Class - CodeBase = http://instantsuppor...DiagManager.CAB ->
{6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} -> Microsoft Office XP Professional Step by Step Interactive - CodeBase = file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab ->
{6F750200-1362-4815-A476-88533DE61D0C} -> Ofoto Upload Manager Class - CodeBase = http://www.kodakgall..._1/axofupld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{BF6BBE9A-0656-4598-A0CD-32DAC03959B5} -> Image Uploader 3.0 Control - CodeBase = http://www.asda-phot...opcuploader.cab ->
{C45B1500-7B63-47C2-AB25-C28CB46AFDEE} -> MSN Music Mediabar - CodeBase = http://sib1.od2.com/...nagerPlugin.CAB ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc4.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = https://download.mac...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
boot.ini.cf -> %SystemDrive%\boot.ini.cf -> [Ver = | Size = 211 bytes | Created Date = 20/08/2007 10:12:28 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 770166784 bytes | Created Date = 01/01/1601 | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 20/08/2007 10:12:14 | Attr = ]
Sysclean -> %SystemDrive%\Sysclean -> [Folder | Created Date = 13/08/2007 14:59:11 | Attr = ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 15/08/2007 19:02:53 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 15/08/2007 19:03:33 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 15/08/2007 18:54:01 | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 15/08/2007 19:03:11 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 15/08/2007 19:02:03 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 18/08/2007 21:18:33 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 20/08/2007 10:06:50 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 18/08/2007 21:18:33 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 12/08/2007 22:15:11 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 15/08/2007 08:58:14 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 15/08/2007 08:58:50 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 13/08/2007 20:42:59 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 15/08/2007 08:58:18 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 13/08/2007 23:57:58 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 13/08/2007 23:57:58 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 13/08/2007 23:57:58 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 13/08/2007 23:57:58 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 15/08/2007 08:58:17 | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 13/08/2007 20:42:58 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 13/08/2007 20:42:59 | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 14/08/2007 00:34:15 | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 13/08/2007 20:42:59 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 13/08/2007 20:42:59 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 13/08/2007 20:42:59 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5938 bytes | Created Date = 13/08/2007 20:43:27 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 15/08/2007 08:58:18 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 18/08/2007 21:18:32 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 15/08/2007 08:58:50 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 13/08/2007 18:27:29 | Attr = ]
hosts.20070812-171606.backup -> %System32%\drivers\etc\hosts.20070812-171606.backup -> [Ver = | Size = 3541 bytes | Created Date = 12/08/2007 16:16:06 | Attr = R ]
hosts.20070812-171607.backup -> %System32%\drivers\etc\hosts.20070812-171607.backup -> [Ver = | Size = 2349 bytes | Created Date = 12/08/2007 16:16:07 | Attr = R ]
hosts.20070813-145155.backup -> %System32%\drivers\etc\hosts.20070813-145155.backup -> [Ver = | Size = 659 bytes | Created Date = 13/08/2007 13:51:55 | Attr = R ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 16/08/2007 12:07:06 | Attr = RHS]
boot.ini.cf -> %SystemDrive%\boot.ini.cf -> [Ver = | Size = 211 bytes | Modified Date = 16/08/2007 12:07:06 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 770166784 bytes | Modified Date = 21/08/2007 00:38:14 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 21/08/2007 00:40:30 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 20/08/2007 11:12:16 | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 16/08/2007 11:24:02 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 18/08/2007 17:02:30 | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 20/08/2007 11:13:24 | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 20/08/2007 14:46:32 | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 21/08/2007 00:36:26 | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 02/08/2007 12:03:00 | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 05/08/2007 13:30:14 | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 05/08/2007 23:55:58 | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 11/08/2007 21:44:48 | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 11/08/2007 22:14:22 | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 11/08/2007 22:31:42 | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/08/2007 18:51:20 | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/08/2007 23:16:10 | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 13/08/2007 15:36:30 | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 13/08/2007 21:36:50 | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 14/08/2007 00:49:52 | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 14/08/2007 00:59:10 | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 14/08/2007 12:18:00 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/08/2007 11:24:02 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 18/08/2007 17:02:30 | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 20/08/2007 11:13:24 | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 20/08/2007 14:46:32 | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 21/08/2007 00:36:26 | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 02/08/2007 12:03:00 | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/08/2007 13:30:14 | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/08/2007 23:55:58 | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 11/08/2007 21:44:48 | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 11/08/2007 22:14:22 | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 11/08/2007 22:31:42 | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/08/2007 18:51:18 | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/08/2007 23:16:10 | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 13/08/2007 15:36:30 | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 13/08/2007 21:36:50 | Attr = H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 14/08/2007 00:49:52 | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 14/08/2007 00:59:10 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 14/08/2007 12:18:00 | Attr = H ]
Sysclean -> %SystemDrive%\Sysclean -> [Folder | Modified Date = 13/08/2007 20:47:18 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 21/08/2007 00:35:58 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15/08/2007 16:10:34 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 15/08/2007 20:02:56 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 15/08/2007 20:03:36 | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 15/08/2007 19:54:04 | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 15/08/2007 20:03:14 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 15/08/2007 20:02:06 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 15/08/2007 17:10:08 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21/08/2007 00:38:16 | Attr = S]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 53 bytes | Modified Date = 20/08/2007 22:56:52 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 454 bytes | Modified Date = 20/08/2007 22:56:52 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 15/08/2007 19:58:04 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 15/08/2007 17:10:54 | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 20/08/2007 11:12:32 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 15/08/2007 19:55:56 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 15/08/2007 20:03:22 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 15/08/2007 20:03:42 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 20/08/2007 14:43:48 | Attr = HS]
Motive -> %SystemRoot%\Motive -> [Folder | Modified Date = 20/08/2007 11:39:36 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 21/08/2007 00:50:40 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/08/2007 23:15:12 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 15/08/2007 17:19:04 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21/08/2007 00:35:56 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 16/08/2007 12:07:06 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 21/08/2007 00:35:58 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 21/08/2007 00:40:16 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 916 bytes | Modified Date = 16/08/2007 12:07:06 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 15/08/2007 19:54:36 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 12/08/2007 17:34:08 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 21/08/2007 00:38:22 | Attr = H ]
User_Feed_Synchronization-{D5FC954E-44FD-44A5-9548-729C59F4BF78}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{D5FC954E-44FD-44A5-9548-729C59F4BF78}.job -> [Ver = | Size = 416 bytes | Modified Date = 20/08/2007 08:00:36 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 15/08/2007 17:19:10 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 18/08/2007 07:53:58 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 20/08/2007 11:13:02 | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 15/08/2007 17:19:52 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15/08/2007 20:03:40 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 21/08/2007 00:35:58 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 15/08/2007 09:58:20 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 15/08/2007 09:58:20 | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 14/08/2007 01:34:28 | Attr = R ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5938 bytes | Modified Date = 13/08/2007 21:47:56 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 15/08/2007 09:58:20 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 15/08/2007 17:22:46 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 20/08/2007 11:18:58 | Attr = ]
hosts.20070812-171606.backup -> %System32%\drivers\etc\hosts.20070812-171606.backup -> [Ver = | Size = 3541 bytes | Modified Date = 12/08/2007 17:16:08 | Attr = R ]
hosts.20070812-171607.backup -> %System32%\drivers\etc\hosts.20070812-171607.backup -> [Ver = | Size = 2349 bytes | Modified Date = 12/08/2007 17:16:08 | Attr = R ]
hosts.20070813-145155.backup -> %System32%\drivers\etc\hosts.20070813-145155.backup -> [Ver = | Size = 659 bytes | Modified Date = 12/08/2007 17:16:08 | Attr = R ]

[File String Scan - Non-Microsoft Only]
UPX0 , -> %SystemDrive%\Scan000002.tif -> [Ver = | Size = 24125703 bytes | Modified Date = 18/08/2005 19:03:36 | Attr = ]
PEC2 , -> %SystemDrive%\Scan000004.tif -> [Ver = | Size = 3673375 bytes | Modified Date = 18/08/2005 19:11:40 | Attr = ]
PEC2 , -> %SystemDrive%\Scan000011.tif -> [Ver = | Size = 21780117 bytes | Modified Date = 18/08/2005 19:56:20 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 09:00:00 | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 12/07/2005 19:04:22 | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 18:39:28 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 09:00:00 | Attr = ]

< End of report >

#6
Essexboy

Posted 21 August 2007 - 11:41 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi again mamazeb that log looked good as well so I would like to do one further scan to double check my thoughts..

Please run Superantispyware

On the first page select Check for Updates
On completion select SCAN YOUR COMPUTER
On the next page select COMPLETE SCAN and tick ALL your drives
The next stage will take a while as your entire drive(s), memory and registry are scanned
When it has completed click NEXT
The next screen shows the problems found click OK
On the next screen place a tick against all items and select NEXT
Now to get the log Go to the PREFERENCES button on the right bottom
Select the STATISTICS/LOG tab
Highlight the scan just completed and click VIEW LOG
This will open a notepad text file copy and paste this to your next reply

As for the types of protection you need, One or Two Antispyware programmes are sufficient. And if you run them alternately you get the best of both worlds. Add to the mix a passive protection like Spyware blaster and you are covered, unless you do a lot of torrent downloads

If I could have a New Hijackthis log and the superantispyware log please, plus how is your system running now

#7
mamazeb

Posted 23 August 2007 - 01:33 AM

New Member

Topic Starter
Member
6 posts

Hi Essexboy, sorry for the delay in getting back for you. Thanks for the antispyware advice. Spyware Blaster looks good as it blocks on Firefox too - the Spybot S&D immunisation protects my Internet Explorer okay, so most of the tracking cookies I get come in on Firefox.

The system is booting up better and a bit less sluggish generally. I think getting rid of AVG has helped! I would say the performance is now as it was before the infection.

Right, here are the logs:

_____

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2007 at 11:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3290
Trace Rules Database Version: 1301

Scan type : Complete Scan
Total Scan Time : 03:14:19

Memory items scanned : 519
Memory threats detected : 0
Registry items scanned : 6227
Registry threats detected : 0
File items scanned : 134511
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\Jo\Cookies\jo@adtech[2].txt
C:\Documents and Settings\Jo\Cookies\[email protected][2].txt
C:\Documents and Settings\Jo\Cookies\[email protected][2].txt

_________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26:34, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle....ToKaboodle.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.iherb.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://instantsuppor...DiagManager.CAB
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-phot...opcuploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/...nagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10457 bytes

#8
Essexboy

Posted 23 August 2007 - 03:08 PM

GeekU Moderator

Retired Staff
69,964 posts

No problems mamazeb. This post will be in two parts the second part will be optional but it should make your system a little faster.

Now the best part of the day ----- Your log now appears clean :whistling:

You may now delete all of the tools I have had you download, or if you want the easy way to do it
Please download the OTMoveIt http://download.blee...er/OTMoveIt.exe by OldTimer.
Save it to your desktop. Double click OTMoveIt and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

SpywareBlaster to help prevent spyware from installing in the first place.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Keep safe :help:

OK now the clean and speed section

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2007 Trial

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

If you do this let me know how it goes :blink:

#9
mamazeb

Posted 24 August 2007 - 05:35 AM

New Member

Topic Starter
Member
6 posts

This looks interesting! I've got guests staying so it will take me a day or two to do it and then get back to you :whistling:

. Thanks again.

#10
Essexboy

Posted 24 August 2007 - 11:17 AM

GeekU Moderator

Retired Staff
69,964 posts

No problem I won't be going to Spain 'till September :whistling:

#11
Essexboy

Posted 01 September 2007 - 08:26 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.