Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Warning Potential Spyware Operations" popup Please help


  • Please log in to reply

#1
flint2234

flint2234

    New Member

  • Member
  • Pip
  • 4 posts
Please help me this is my first time here on this site....i get popups every 2 minutes saying warning! potential spyware operation.....i have my highjack log file right here.....thanks for taking a look

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:04 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8827 bytes

Edited by flint2234, 22 October 2007 - 03:58 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello, my name is Rorschach and I'll be helping you with your problems.


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


Please download SmitfraudFix (by S!Ri) to your Desktop.


Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.




1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#3
flint2234

flint2234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
SmitFraudFix v2.240

Scan done at 18:37:14.32, Mon 10/22/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 ca.com
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 customer.symantec.com
192.168.200.3 dispatch.mcafee.com
192.168.200.3 download.mcafee.com
192.168.200.3 downloads-us1.kaspersky-labs.com
192.168.200.3 downloads-us2.kaspersky-labs.com
192.168.200.3 downloads-us3.kaspersky-labs.com
192.168.200.3 downloads1.kaspersky-labs.com
192.168.200.3 downloads2.kaspersky-labs.com
192.168.200.3 downloads3.kaspersky-labs.com
192.168.200.3 downloads4.kaspersky-labs.com
192.168.200.3 engine.awaps.net
192.168.200.3 f-secure.com
192.168.200.3 fastclick.net
192.168.200.3 ftp.avp.ch
192.168.200.3 ftp.downloads1.kaspersky-labs.com
192.168.200.3 ftp.downloads2.kaspersky-labs.com
192.168.200.3 ftp.downloads3.kaspersky-labs.com
192.168.200.3 ftp.f-secure.com
192.168.200.3 ftp.kasperskylab.ru
192.168.200.3 ftp.sophos.com
192.168.200.3 ids.kaspersky-labs.com
192.168.200.3 kaspersky-labs.com
192.168.200.3 kaspersky.com
192.168.200.3 liveupdate.symantec.com
192.168.200.3 liveupdate.symantecliveupdate.com
192.168.200.3 mast.mcafee.com
192.168.200.3 mcafee.com
192.168.200.3 media.fastclick.net
192.168.200.3 my-etrust.com
192.168.200.3 nai.com
192.168.200.3 networkassociates.com
192.168.200.3 norton.com
192.168.200.3 phx.corporate-ir.net
192.168.200.3 rads.mcafee.com
192.168.200.3 secure.nai.com
192.168.200.3 securityresponse.symantec.com
192.168.200.3 service1.symantec.com
192.168.200.3 sophos.com
192.168.200.3 spd.atdmt.com
192.168.200.3 symantec.com
192.168.200.3 trendmicro.com
192.168.200.3 update.symantec.com
192.168.200.3 updates.symantec.com
192.168.200.3 updates1.kaspersky-labs.com
192.168.200.3 updates2.kaspersky-labs.com
192.168.200.3 updates3.kaspersky-labs.com
192.168.200.3 updates4.kaspersky-labs.com
192.168.200.3 updates5.kaspersky-labs.com
192.168.200.3 us.mcafee.com
192.168.200.3 vil.nai.com
192.168.200.3 viruslist.com
192.168.200.3 viruslist.ru
192.168.200.3 virusscan.jotti.org
192.168.200.3 virustotal.com
192.168.200.3 www.avp.ch
192.168.200.3 www.avp.com
192.168.200.3 www.avp.ru
192.168.200.3 www.awaps.net
192.168.200.3 www.ca.com
192.168.200.3 www.f-secure.com
192.168.200.3 www.fastclick.net
192.168.200.3 www.grisoft.com
192.168.200.3 www.kaspersky-labs.com
192.168.200.3 www.kaspersky.com
192.168.200.3 www.kaspersky.ru
192.168.200.3 www.mcafee.com
192.168.200.3 www.my-etrust.com
192.168.200.3 www.nai.com
192.168.200.3 www.networkassociates.com
192.168.200.3 www.sophos.com
192.168.200.3 www.symantec.com
192.168.200.3 www.symantec.com
192.168.200.3 www.trendmicro.com
192.168.200.3 www.viruslist.com
192.168.200.3 www.viruslist.ru
192.168.200.3 www.virustotal.com
192.168.200.3 www3.ca.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\printer.exe Deleted
C:\WINDOWS\system32\vtr???.dll Deleted
C:\WINDOWS\system32\WinAvXX.exe Deleted
C:\DOCUME~1\Owner\STARTM~1\Programs\StartUp\system.exe Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\autorun.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{15BD0110-E061-47F5-BB56-43137AB4EB9B}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{15BD0110-E061-47F5-BB56-43137AB4EB9B}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{15BD0110-E061-47F5-BB56-43137AB4EB9B}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\sulimo.dat Please, Reboot and Run SmitfraudFix option 2 once again.


»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 07-10-23.1 - Owner 2007-10-22 18:45:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Temporary Internet Files\Content.IE5\GTI9WC5G\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.

2007-10-22 18:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 18:37 3,958 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-22 18:36 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-22 18:36 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-22 18:36 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-22 18:36 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-22 18:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-22 16:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 16:23 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-22 16:13 16,384 --a------ C:\WINDOWS\xlavba3.exe
2007-10-19 22:13 7,432 --a------ C:\WINDOWS\xlavra3.exe
2007-10-19 22:08 1,536 --a------ C:\WINDOWS\system32\Delete_Me_Dummy_sulimo.dat
2007-10-19 21:45 <DIR> d-------- C:\Program Files\Megamud
2007-10-16 19:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-10 21:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-10 21:13 0 --a------ C:\WINDOWS\system32\msvcmm32.exe
2007-10-10 21:12 <DIR> d-------- C:\Program Files\Movielink
2007-10-09 14:22 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 10:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HP
2007-09-27 20:00 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-09-27 19:59 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-27 19:59 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-27 19:57 <DIR> d-------- C:\Temp\HP_WebRelease
2007-09-27 19:57 <DIR> d-------- C:\Temp
2007-09-27 19:57 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2007-09-27 19:57 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2007-09-27 19:57 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2007-09-27 19:57 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll
2007-09-27 19:57 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2007-09-27 19:57 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2007-09-27 19:57 180,315 --a------ C:\WINDOWS\system32\hpzsnt12.dll
2007-09-27 19:57 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2007-09-27 19:42 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-27 19:42 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-27 19:42 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-27 19:42 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-23 16:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Template
2007-09-23 16:41 116 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 21:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-10-20 02:45 --------- d-----w C:\Program Files\RGB
2007-09-28 00:58 --------- d-----w C:\Program Files\HP
2007-09-19 22:14 --------- d-----w C:\Program Files\SBC Self Support Tool
2007-09-13 03:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2007-09-12 03:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-09-12 03:00 --------- d-----w C:\Program Files\Yahoo!
2007-09-12 02:59 --------- d-----w C:\Program Files\Common Files\Motive
2007-09-12 02:47 --------- d-----w C:\Program Files\BroadJump
2007-09-06 03:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-04 03:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-01 02:33 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-31 15:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-08-31 06:40 --------- d-----w C:\Program Files\NetWaiting
2007-08-31 06:34 --------- d-----w C:\Program Files\GemMaster
2007-08-31 06:29 --------- d-----w C:\Program Files\Quicken
2007-08-30 17:05 1,724 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG374UA#ABA)_YN_0Pavi_QCNF64434H5_E419857002_46_I30BB_SQuanta_V66.21_BF.06_T061
26_WXP2_L409_M503_J80_7Intel_8T1350_91.86_#070830_N80861092_(RG374UA#ABA)_XMOBIL
_CN10_Z_2Rev 1.MRK
2007-08-30 16:59 --------- d-----w C:\Program Files\HPQ
2007-08-30 16:29 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-30 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-30 16:19 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-08-30 16:09 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit
2007-08-30 16:09 --------- d-----w C:\Program Files\Quickensetup
2007-08-30 16:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intuit
2007-08-30 16:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
2007-08-30 16:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-30 16:08 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard
2007-08-30 16:08 --------- d-----w C:\Program Files\DivX
2007-08-30 16:08 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-08-30 16:07 --------- d-----w C:\Program Files\muvee Technologies
2007-08-30 16:06 --------- d-----w C:\Program Files\music_now
2007-08-30 16:06 --------- d-----w C:\Program Files\CONEXANT
2007-08-30 16:05 --------- d-----w C:\Program Files\Netscape
2007-08-30 15:58 --------- d-----w C:\Program Files\WildTangent
2007-08-30 15:55 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-30 15:53 --------- d-----w C:\Program Files\Synaptics
2007-08-30 15:50 --------- d-----w C:\Program Files\Microsoft Works
2007-08-30 15:49 --------- d-----w C:\Program Files\Encarta Online
2007-08-30 15:46 --------- d-----w C:\Program Files\EnglishOtto
2007-08-30 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-08-30 15:39 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-08-30 14:19 --------- d-----w C:\Program Files\Windows Plus
2007-08-30 14:19 --------- d-----w C:\Program Files\Sonic
2007-08-30 14:19 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-30 14:19 --------- d-----w C:\Program Files\Java
2007-08-30 14:19 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-08-30 14:19 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-08-30 14:19 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-30 14:19 --------- d-----w C:\Program Files\Common Files\Java
2007-08-30 14:19 --------- d-----w C:\Program Files\Common Files\HP
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-08 21:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 23:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 23:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 20:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 20:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2005-09-24 22:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 06:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 07:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 06:03]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 17:14]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 10:59]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
"LoadMSvcmm"="C:\Program Files\Movielink\MovielinkManager\Movielink User.exe" [2007-09-10 17:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 06:00]
"Yahoo! Pager"="1" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 18:47:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\[email protected]? ???`X??????`[email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 18:48:06
.
--- E O F ---

Edited by flint2234, 22 October 2007 - 06:27 PM.

  • 0

#4
flint2234

flint2234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
the next log

\
WinPFind3 logfile created on: 10/23/2007 6:54:04 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

501.98 Mb Total Physical Memory | 179.30 Mb Available Physical Memory | 35.72% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 47.84 Gb Free Space | 77.37% Space Free
Drive D: | 11.67 Gb Total Space | 1.36 Gb Free Space | 11.68% Space Free
Drive E: | 420.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 9/3/2007 10:15:22 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.487 | Size = 421888 bytes | Modified Date = 9/13/2007 10:59:20 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 9/3/2007 10:15:22 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 9/3/2007 10:15:24 PM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/22/2006 10:13:40 PM | Attr = ]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 5/4/2006 7:58:26 AM | Attr = ]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 5:41:28 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 1:11:42 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/22/2006 10:17:50 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/22/2006 10:17:04 PM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 6:30:30 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/11/2005 6:03:52 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 6:52:06 PM | Attr = ]
motivesb.exe -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive, Inc. [Ver = 5.8.18.asst_classic.smartbridge.20050824_144000 | Size = 442455 bytes | Modified Date = 8/24/2005 7:51:18 AM | Attr = ]
movielink user.exe -> %ProgramFiles%\Movielink\MovielinkManager\Movielink User.exe -> Movielink LLC [Ver = 4, 0, 0, 413 | Size = 124248 bytes | Modified Date = 9/10/2007 5:14:00 PM | Attr = ]
moviel~2.exe -> %ProgramFiles%\Movielink\MovielinkManager\MovielinkCore.exe -> Movielink LLC [Ver = 4, 0, 0, 413 | Size = 1328472 bytes | Modified Date = 9/10/2007 5:13:48 PM | Attr = ]
mpbtn.exe -> %ProgramFiles%\SBC Self Support Tool\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 2 | Size = 163840 bytes | Modified Date = 6/19/2006 1:33:12 PM | Attr = ]
qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/19/2006 5:14:20 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 6/17/2006 7:22:46 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
ybrwicon.exe -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr = ]
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 1:18:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AddFiltr) AddFiltr [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 126976 bytes | Modified Date = 6/12/2006 3:27:28 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 9/3/2007 10:15:22 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 9/3/2007 10:15:24 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.482 | Size = 353280 bytes | Modified Date = 9/3/2007 10:15:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 3/16/2006 6:00:00 AM | Attr = ]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 5:41:28 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 2:41:10 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 6:52:06 PM | Attr = ]
(Movielink Core Service) Movielink Core Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Movielink\MovielinkManager\MovielinkCore.exe -> Movielink LLC [Ver = 4, 0, 0, 413 | Size = 1328472 bytes | Modified Date = 9/10/2007 5:13:48 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.487 | Size = 421888 bytes | Modified Date = 9/13/2007 10:59:20 AM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ]
Cpqset -> %ProgramFiles%\Hewlett-Packard\Default Settings\Cpqset.exe -> [Ver = | Size = 40960 bytes | Modified Date = 6/19/2006 12:50:40 PM | Attr = ]
High Definition Audio Property Page Shortcut -> %System32%\CHDAudPropShortcut.exe -> Windows ® Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 6/2/2006 5:02:50 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 1:11:42 AM | Attr = ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 5/4/2006 7:58:26 AM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/22/2006 10:13:40 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/22/2006 10:17:50 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/22/2006 10:17:04 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 6:30:30 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 6:30:30 PM | Attr = ]
LoadMSvcmm -> %ProgramFiles%\Movielink\MovielinkManager\Movielink User.exe -> Movielink LLC [Ver = 4, 0, 0, 413 | Size = 124248 bytes | Modified Date = 9/10/2007 5:14:00 PM | Attr = ]
Motive SmartBridge -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive, Inc. [Ver = 5.8.18.asst_classic.smartbridge.20050824_144000 | Size = 442455 bytes | Modified Date = 8/24/2005 7:51:18 AM | Attr = ]
QlbCtrl -> HP Quick Launch Buttons\QlbCtrl.exe -> File not found
QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/19/2006 5:14:20 PM | Attr = ]
RecGuard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 66, 5 | Size = 1187840 bytes | Modified Date = 10/11/2005 12:23:50 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/11/2005 6:03:52 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 6/17/2006 7:22:46 AM | Attr = ]
YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Yahoo! Pager -> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/22/2006 10:12:42 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (3066 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
192.168.200.3 ad.doubleclick.net -> ->
192.168.200.3 ad.fastclick.net -> ->
192.168.200.3 ads.fastclick.net -> ->
192.168.200.3 ar.atwola.com -> ->
192.168.200.3 atdmt.com -> ->
192.168.200.3 avp.ch -> ->
192.168.200.3 avp.com -> ->
192.168.200.3 avp.ru -> ->
192.168.200.3 awaps.net -> ->
192.168.200.3 banner.fastclick.net -> ->
192.168.200.3 banners.fastclick.net -> ->
192.168.200.3 ca.com -> ->
192.168.200.3 click.atdmt.com -> ->
192.168.200.3 clicks.atdmt.com -> ->
192.168.200.3 customer.symantec.com -> ->
192.168.200.3 dispatch.mcafee.com -> ->
192.168.200.3 download.mcafee.com -> ->
192.168.200.3 downloads-us1.kaspersky-labs.com -> ->
192.168.200.3 downloads-us2.kaspersky-labs.com -> ->
192.168.200.3 downloads-us3.kaspersky-labs.com -> ->
192.168.200.3 downloads1.kaspersky-labs.com -> ->
192.168.200.3 downloads2.kaspersky-labs.com -> ->
192.168.200.3 downloads3.kaspersky-labs.com -> ->
192.168.200.3 downloads4.kaspersky-labs.com -> ->
192.168.200.3 engine.awaps.net -> ->
192.168.200.3 f-secure.com -> ->
192.168.200.3 fastclick.net -> ->
192.168.200.3 ftp.avp.ch -> ->
192.168.200.3 ftp.downloads1.kaspersky-labs.com -> ->
192.168.200.3 ftp.downloads2.kaspersky-labs.com -> ->
192.168.200.3 ftp.downloads3.kaspersky-labs.com -> ->
192.168.200.3 ftp.f-secure.com -> ->
192.168.200.3 ftp.kasperskylab.ru -> ->
192.168.200.3 ftp.sophos.com -> ->
192.168.200.3 ids.kaspersky-labs.com -> ->
192.168.200.3 kaspersky-labs.com -> ->
192.168.200.3 kaspersky.com -> ->
192.168.200.3 liveupdate.symantec.com -> ->
192.168.200.3 liveupdate.symantecliveupdate.com -> ->
192.168.200.3 mast.mcafee.com -> ->
192.168.200.3 mcafee.com -> ->
192.168.200.3 media.fastclick.net -> ->
192.168.200.3 my-etrust.com -> ->
192.168.200.3 nai.com -> ->
192.168.200.3 networkassociates.com -> ->
192.168.200.3 norton.com -> ->
192.168.200.3 phx.corporate-ir.net -> ->
192.168.200.3 rads.mcafee.com -> ->
192.168.200.3 secure.nai.com -> ->
192.168.200.3 securityresponse.symantec.com -> ->
192.168.200.3 service1.symantec.com -> ->
192.168.200.3 sophos.com -> ->
192.168.200.3 spd.atdmt.com -> ->
192.168.200.3 symantec.com -> ->
192.168.200.3 trendmicro.com -> ->
192.168.200.3 update.symantec.com -> ->
192.168.200.3 updates.symantec.com -> ->
192.168.200.3 updates1.kaspersky-labs.com -> ->
192.168.200.3 updates2.kaspersky-labs.com -> ->
192.168.200.3 updates3.kaspersky-labs.com -> ->
192.168.200.3 updates4.kaspersky-labs.com -> ->
192.168.200.3 updates5.kaspersky-labs.com -> ->
192.168.200.3 us.mcafee.com -> ->
192.168.200.3 vil.nai.com -> ->
192.168.200.3 viruslist.com -> ->
192.168.200.3 viruslist.ru -> ->
192.168.200.3 virusscan.jotti.org -> ->
192.168.200.3 virustotal.com -> ->
192.168.200.3 www.avp.ch -> ->
192.168.200.3 www.avp.com -> ->
192.168.200.3 www.avp.ru -> ->
192.168.200.3 www.awaps.net -> ->
192.168.200.3 www.ca.com -> ->
192.168.200.3 www.f-secure.com -> ->
192.168.200.3 www.fastclick.net -> ->
192.168.200.3 www.grisoft.com -> ->
192.168.200.3 www.kaspersky-labs.com -> ->
192.168.200.3 www.kaspersky.com -> ->
192.168.200.3 www.kaspersky.ru -> ->
192.168.200.3 www.mcafee.com -> ->
192.168.200.3 www.my-etrust.com -> ->
192.168.200.3 www.nai.com -> ->
192.168.200.3 www.networkassociates.com -> ->
192.168.200.3 www.sophos.com -> ->
192.168.200.3 www.symantec.com -> ->
192.168.200.3 www.symantec.com -> ->
192.168.200.3 www.trendmicro.com -> ->
192.168.200.3 www.viruslist.com -> ->
192.168.200.3 www.viruslist.ru -> ->
192.168.200.3 www.virustotal.com -> ->
192.168.200.3 www3.ca.com -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
att.net [http] -> ->
att.net [https] -> ->
sbcglobal.net [https] -> ->
clientapps_yahoo.com [http] -> ->
clientapps_yahoo.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/11/2005 6:22:10 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/11/2005 6:22:10 AM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{15BD0110-E061-47F5-BB56-43137AB4EB9B} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{2CF2FB2C-F0B5-4B56-B78E-68D17EB4B517} -> (Intel® PRO/100 VE Network Connection) ->
{5AC8631C-D5DB-4A24-AD7B-A05975D24A79} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\common\yinsthelper.dll ->
{49232000-16E4-426C-A231-62846947304B} -> SysData Class - CodeBase = http://ipgweb.cce.hp...ads/sysinfo.cab ->
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> OnlineScanner Control - CodeBase = http://www.eset.eu/b...lineScanner.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D} -> HpProductDetection Class - CodeBase = http://h20270.www2.h...ctDetection.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1....loadManager.ocx ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 10/19/2007 9:18:16 PM | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 9/27/2007 6:58:23 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526438400 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/22/2007 5:45:06 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 9/27/2007 6:57:01 PM | Attr = ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 10/10/2007 8:17:15 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 10/11/2007 9:28:30 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 9:38:42 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 9:38:05 AM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 10/10/2007 8:16:38 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 10/10/2007 8:15:45 PM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 10/22/2007 5:44:21 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/23/2007 5:47:28 PM | Attr = ]
hpoins05.dat -> %SystemRoot%\hpoins05.dat -> [Ver = | Size = 102262 bytes | Created Date = 9/27/2007 6:58:06 PM | Attr = ]
hpomdl07.dat -> %SystemRoot%\hpomdl07.dat -> [Ver = | Size = 17505 bytes | Created Date = 9/27/2007 6:58:06 PM | Attr = ]
MegaMud.INI -> %SystemRoot%\MegaMud.INI -> [Ver = | Size = 422 bytes | Created Date = 10/19/2007 8:45:44 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/22/2007 5:44:21 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 10/23/2007 5:48:19 PM | Attr = ]
xlavba3.exe -> %SystemRoot%\xlavba3.exe -> [Ver = | Size = 16384 bytes | Created Date = 10/22/2007 3:13:21 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 10/16/2007 6:43:57 PM | Attr = ]
Delete_Me_Dummy_sulimo.dat -> %System32%\Delete_Me_Dummy_sulimo.dat -> [Ver = | Size = 1536 bytes | Created Date = 10/19/2007 9:08:19 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
hpgwiamd.dll -> %System32%\hpgwiamd.dll -> Hewlett-Packard [Ver = 3.2.2.905 | Size = 278528 bytes | Created Date = 9/27/2007 6:57:22 PM | Attr = ]
hpotscl.dll -> %System32%\hpotscl.dll -> Hewlett-Packard Co. [Ver = 50.0.174.000 | Size = 606208 bytes | Created Date = 9/27/2007 6:57:22 PM | Attr = ]
hpovst08.dll -> %System32%\hpovst08.dll -> Hewlett-Packard Co. [Ver = 50.0.174.000 | Size = 258122 bytes | Created Date = 9/27/2007 6:57:22 PM | Attr = ]
HPZc3212.dll -> %System32%\HPZc3212.dll -> Hewlett-Packard Co. [Ver = 9, 0, 0, 0 | Size = 274432 bytes | Created Date = 9/27/2007 6:57:22 PM | Attr = ]
hpzcoi12.dll -> %System32%\hpzcoi12.dll -> HP [Ver = 2.335.5.0 | Size = 196608 bytes | Created Date = 9/27/2007 6:57:13 PM | Attr = ]
hpzcon12.dll -> %System32%\hpzcon12.dll -> Hewlett-Packard Company [Ver = 2.335.5.0 | Size = 393216 bytes | Created Date = 9/27/2007 6:57:13 PM | Attr = ]
HPZidr12.dll -> %System32%\HPZidr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 278584 bytes | Created Date = 9/27/2007 6:58:59 PM | Attr = ]
HPZinw12.exe -> %System32%\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Created Date = 9/27/2007 6:58:59 PM | Attr = ]
HPZipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Created Date = 9/27/2007 6:58:59 PM | Attr = ]
HPZipr12.dll -> %System32%\HPZipr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 204800 bytes | Created Date = 9/27/2007 6:58:59 PM | Attr = ]
HPZipt12.dll -> %System32%\HPZipt12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 94208 bytes | Created Date = 9/27/2007 6:58:59 PM | Attr = ]
HPZisn12.dll -> %System32%\HPZisn12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 57344 bytes | Created Date = 9/27/2007 6:58:59 PM | Attr = ]
hpzjsn01.dll -> %System32%\hpzjsn01.dll -> Hewlett Packard Company [Ver = 1, 0, 0, 3 | Size = 98304 bytes | Created Date = 9/27/2007 6:57:18 PM | Attr = ]
hpzsnt12.dll -> %System32%\hpzsnt12.dll -> HP [Ver = 14.00.00.41711 | Size = 180315 bytes | Created Date = 9/27/2007 6:57:13 PM | Attr = ]
msvcmm32.exe -> %System32%\msvcmm32.exe -> [Ver = | Size = 0 bytes | Created Date = 10/10/2007 8:13:08 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3958 bytes | Created Date = 10/22/2007 5:37:19 PM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/22/2007 5:44:21 PM | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 10/22/2007 5:36:41 PM | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 10/10/2007 8:17:06 PM | Attr = ]
apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 10/10/2007 8:17:06 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 10/10/2007 8:17:06 PM | Attr = ]
HPZid412.sys -> %System32%\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Created Date = 9/27/2007 6:58:03 PM | Attr = ]
HPZipr12.sys -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Created Date = 9/27/2007 6:58:03 PM | Attr = ]
HPZius12.sys -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Created Date = 9/27/2007 6:58:03 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 10/10/2007 8:15:52 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 10/10/2007 8:15:57 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 10/23/2007 6:51:48 PM | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 9/27/2007 8:01:02 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526438400 bytes | Modified Date = 10/22/2007 6:40:20 PM | Attr = HS]
hpqp.ini -> %SystemDrive%\hpqp.ini -> [Ver = | Size = 898 bytes | Modified Date = 10/22/2007 6:40:56 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/22/2007 4:28:38 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/23/2007 6:48:10 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 9/27/2007 7:57:02 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/23/2007 6:51:48 PM | Attr = ]
XP_TV.ini -> %SystemDrive%\XP_TV.ini -> [Ver = | Size = 39 bytes | Modified Date = 10/22/2007 6:40:32 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/10/2007 10:38:42 AM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 10/10/2007 9:17:18 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 10/11/2007 10:28:32 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 10:38:44 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 10:38:08 AM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 10/10/2007 9:16:42 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 10/10/2007 9:15:46 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 10/10/2007 9:19:12 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/22/2007 6:40:24 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/20/2007 6:03:32 AM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 9/27/2007 7:51:38 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/22/2007 4:23:32 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/23/2007 6:47:30 PM | Attr = ]
hpoins05.dat -> %SystemRoot%\hpoins05.dat -> [Ver = | Size = 102262 bytes | Modified Date = 9/27/2007 8:01:12 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 9:17:24 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/11/2007 10:28:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 9/27/2007 8:01:02 PM | Attr = HS]
MegaMud.INI -> %SystemRoot%\MegaMud.INI -> [Ver = | Size = 422 bytes | Modified Date = 10/21/2007 8:43:02 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/23/2007 6:53:50 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/22/2007 6:40:54 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/22/2007 6:44:22 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 10/23/2007 6:48:20 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 9/27/2007 8:01:02 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 751 bytes | Modified Date = 10/21/2007 8:28:12 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 10/10/2007 9:16:56 PM | Attr = ]
xlavba3.exe -> %SystemRoot%\xlavba3.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/22/2007 4:13:22 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/22/2007 6:40:26 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/23/2007 6:45:56 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 10/16/2007 7:44:04 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/10/2007 9:17:22 PM | Attr = RH ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/23/2007 6:45:26 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 10/10/2007 9:15:54 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3958 bytes | Modified Date = 10/22/2007 6:37:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 10/21/2007 2:49:08 PM | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 10/4/2007 12:36:46 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/22/2007 4:28:56 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 10/10/2007 9:16:50 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 10/10/2007 9:15:58 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\browser.exe -> [Ver = 2, 64, 0, 0 | Size = 43387 bytes | Modified Date = 6/22/2006 3:40:18 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/16/2006 6:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Modified Date = 9/21/2004 7:26:40 PM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corp. [Ver = 1.5.0512.0 | Size = 550120 bytes | Modified Date = 2/14/2006 11:20:14 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Modified Date = 4/2/2007 2:21:28 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 9/6/2007 12:22:24 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/16/2006 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 10/4/2007 12:36:46 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.488 | Size = 821728 bytes | Modified Date = 9/21/2007 9:48:16 AM | Attr = ]

< End of report >
  • 0

#5
flint2234

flint2234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
that popup hasnt showed up anymore :)
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Thats great to hear ! We are nearly done, just have to get rid of some left overs.


Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp -> Reg Data - Key not found
YN -> msdaipp -> Reg Data - Key not found
[Files/Folders - Created Within 30 days]
NY -> xlavba3.exe -> %SystemRoot%\xlavba3.exe
NY -> Delete_Me_Dummy_sulimo.dat -> %System32%\Delete_Me_Dummy_sulimo.dat
[Files/Folders - Modified Within 30 days]
NY -> xlavba3.exe -> %SystemRoot%\xlavba3.exe
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %SystemRoot%\browser.exe
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.




Next download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


Also post a new HijackThis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP