Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need some help with trojans/ads on my computer

Started by tylerneedshelp45 , Feb 12 2008 05:29 PM

  • This topic is locked This topic is locked

#1
tylerneedshelp45
Posted 12 February 2008 - 05:29 PM

tylerneedshelp45

    Member

  • Member
  • PipPip
  • 13 posts
It has a bunch a trojans and key loggers here is my hijackthis and my dss





Hijack this

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Sure Delete\SD_File.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Harris\Desktop\Harris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b4670410-1dd1-11b2-b82a-9eb6b9a9c038} - C:\WINDOWS\gzgfidsb.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0E3DHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [upgzebqr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\upgzebqr.dll"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 14484 bytes

Main

Deckard's System Scanner v20071014.68
Run by Harris on 2008-02-10 21:55:28
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------



-- HijackThis (run as Harris.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:31 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Sure Delete\SD_File.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Harris\Desktop\dss.exe
C:\DOCUME~1\Harris\Desktop\Harris.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b4670410-1dd1-11b2-b82a-9eb6b9a9c038} - C:\WINDOWS\gzgfidsb.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0E3DHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [upgzebqr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\upgzebqr.dll"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 14496 bytes

-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 20:47:59 0 d-------- C:\Program Files\akl
2008-02-10 20:33:52 0 d-------- C:\Program Files\3721
2008-02-10 20:17:47 20992 --a------ C:\WINDOWS\system32\msole32.exe
2008-02-10 20:17:47 14080 --a------ C:\WINDOWS\liqui.dll
2008-02-10 20:17:47 28416 --a------ C:\WINDOWS\fhfmm.exe
2008-02-10 20:17:46 15872 --a------ C:\WINDOWS\xadbrk.dll
2008-02-10 20:17:46 10752 --a------ C:\WINDOWS\wbeCheck.exe
2008-02-10 20:17:46 16384 --a------ C:\WINDOWS\pbsysie.dll
2008-02-10 20:17:46 15104 --a------ C:\WINDOWS\liqad.dll
2008-02-10 20:17:46 15360 --a------ C:\WINDOWS\kvnab.dll
2008-02-10 20:17:46 28672 --a------ C:\WINDOWS\kkcomp.dll
2008-02-10 20:17:46 31744 --a------ C:\WINDOWS\iexplorr23.dll
2008-02-10 20:17:45 8704 --a------ C:\WINDOWS\xxxvideo.exe
2008-02-10 20:17:45 19200 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-02-10 20:17:45 28928 --a------ C:\WINDOWS\hotporn.exe
2008-02-10 20:17:45 29696 --a------ C:\WINDOWS\aconti.exe
2008-02-10 20:17:44 0 d-------- C:\Program Files\p2pnetworks
2008-02-10 20:11:41 0 d-------- C:\Program Files\Accoona
2008-02-10 20:09:41 19712 --a------ C:\WINDOWS\xadbrk_.exe
2008-02-10 20:09:41 9984 --a------ C:\WINDOWS\xadbrk.exe
2008-02-10 20:06:24 0 d-------- C:\Documents and Settings\Harris\Application Data\AdobeUM
2008-02-10 20:03:51 0 d-------- C:\Program Files\Sure Delete
2008-02-10 19:51:34 0 d-------- C:\Program Files\amsys
2008-02-10 15:14:42 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2008-02-10 15:14:41 0 d-------- C:\Program Files\Trisnap Technologies
2008-02-09 22:26:00 26368 --a------ C:\WINDOWS\system32\ace16win.dll
2008-02-09 22:25:04 6654 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 22:21:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 22:21:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-09 22:21:57 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-09 22:21:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-09 22:21:57 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-09 22:21:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 22:03:15 0 d-------- C:\kav
2008-02-09 21:51:49 16640 --a------ C:\WINDOWS\liqui.exe
2008-02-09 21:51:49 29696 --a------ C:\WINDOWS\kkcomp.exe
2008-02-09 21:51:48 27904 --a------ C:\WINDOWS\liqad.exe
2008-02-09 21:51:48 32000 --a------ C:\WINDOWS\kvnab.exe
2008-02-09 21:51:48 31232 --a------ C:\WINDOWS\kvnab$.exe
2008-02-09 21:51:47 11008 --a------ C:\WINDOWS\settn.dll
2008-02-09 21:51:47 17664 --a------ C:\WINDOWS\hcwprn.exe
2008-02-09 21:51:47 19200 --a------ C:\WINDOWS\cbinst$.exe
2008-02-09 14:00:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-09 13:49:59 0 d-------- C:\Program Files\Common Files\PC Tools
2008-02-09 12:50:09 0 d-------- C:\Documents and Settings\Harris\Application Data\WinRAR
2008-02-09 12:48:35 0 d--hs---- C:\WINDOWS\CSC
2008-02-09 12:34:20 0 d-------- C:\Program Files\Spyware Doctor
2008-02-09 12:34:20 0 d-------- C:\Documents and Settings\Harris\Application Data\PC Tools
2008-02-09 12:33:30 0 d-------- C:\Documents and Settings\Harris\Application Data\WinPatrol
2008-02-09 12:33:21 0 d-------- C:\Program Files\BillP Studios
2008-02-09 12:30:06 0 d-------- C:\Program Files\File Shredder
2008-02-09 11:52:07 16896 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-02-09 11:48:11 9984 --a------ C:\WINDOWS\wbeInst$.exe
2008-02-09 11:48:10 24064 --a------ C:\WINDOWS\7search.dll
2008-02-09 10:42:03 30976 --a------ C:\WINDOWS\system32\wml.exe
2008-02-09 10:42:02 18688 --a------ C:\WINDOWS\pbar.dll
2008-02-09 10:42:02 32512 --a------ C:\WINDOWS\flt.dll
2008-02-09 10:42:02 28416 --a------ C:\WINDOWS\764.exe
2008-02-09 09:31:07 0 d-------- C:\Documents and Settings\Harris\Application Data\Adobe
2008-02-08 18:54:50 0 d-------- C:\Documents and Settings\Harris\Application Data\Intervideo
2008-02-08 18:53:32 0 d-------- C:\Documents and Settings\Harris\Application Data\Mozilla
2008-02-08 18:30:42 0 d-------- C:\Documents and Settings\Harris\Application Data\Real
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\Templates
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\Start Menu
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\SendTo
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\Recent
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\PrintHood
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\NetHood
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\My Documents
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\Local Settings
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\Favorites
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Desktop
2008-02-08 18:29:28 0 d--hs---- C:\Documents and Settings\Harris\Cookies
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\Application Data
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Macromedia
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Intuit
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Identities
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Apple Computer
2008-02-08 18:29:27 3932160 --ah----- C:\Documents and Settings\Harris\NTUSER.DAT
2008-02-08 17:14:20 17664 --a------ C:\WINDOWS\eventlowg.dll
2008-02-08 17:14:20 25088 --a------ C:\WINDOWS\daxtime.dll
2008-02-08 17:14:19 11008 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-02-08 17:14:18 28416 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-08 17:14:17 15616 --a------ C:\WINDOWS\liqad$.exe
2008-02-08 17:14:17 13568 --a------ C:\WINDOWS\kkcomp$.exe
2008-02-08 17:14:14 27392 --a------ C:\WINDOWS\spredirect.dll
2008-02-08 17:14:14 9728 --a------ C:\WINDOWS\jd2002.dll
2008-02-08 17:14:14 20992 --a------ C:\WINDOWS\adbar.dll
2008-02-08 17:14:14 0 d-------- C:\Program Files\e-zshopper
2008-02-08 17:14:11 12288 --a------ C:\WINDOWS\ie_32.exe
2008-02-08 17:14:10 0 d-------- C:\WINDOWS\system32\acespy
2008-02-08 17:14:10 19968 --a------ C:\WINDOWS\ngd.dll
2008-02-08 17:14:09 20992 --a------ C:\WINDOWS\dp0.dll
2008-02-08 17:14:08 26624 --a------ C:\WINDOWS\vxddsk.exe
2008-02-08 17:14:07 30720 --a------ C:\WINDOWS\wml.exe
2008-02-08 17:03:39 54272 --a------ C:\WINDOWS\system32\condt32.dll <Not Verified; Microsoft; Jop>
2008-02-08 17:03:03 89619 --a------ C:\WINDOWS\system32\rxjddnvj.exe <Not Verified; Microsoft; runbll>
2008-02-08 17:03:03 89619 --a------ C:\WINDOWS\qngxgnqn.exe <Not Verified; Microsoft; runbll>
2008-02-08 17:03:01 68096 --a------ C:\WINDOWS\gzgfidsb.dll
2008-02-08 17:03:01 68096 --a------ C:\Documents and Settings\All Users\Application Data\upgzebqr.dll
2008-02-08 17:03:00 0 d-------- C:\WINDOWS\fargghca
2008-02-08 17:03:00 197120 --a------ C:\WINDOWS\buxwnwvi.dll
2008-02-08 17:02:38 54272 --a------ C:\WINDOWS\system32\unifff.dll <Not Verified; Microsoft; Jop>
2008-02-08 17:02:38 54764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-08 17:02:36 58368 --a------ C:\wpohl.exe
2008-02-07 22:35:22 0 d-------- C:\Program Files\YouSendIt
2008-02-07 22:34:35 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2008-02-07 22:17:12 0 d-------- C:\Program Files\Replay Converter
2008-02-07 22:12:10 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-07 22:11:43 0 d-------- C:\Program Files\Replay AV 8
2008-02-05 20:34:29 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:32:53 0 d-------- C:\Program Files\Skype
2008-02-05 20:32:53 0 d-------- C:\Program Files\Common Files\Skype
2008-02-05 20:32:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:00:32 309648 --a------ C:\WINDOWS\SesamTV Media Center Uninstaller.exe
2008-02-01 23:00:26 0 d-------- C:\Program Files\Dusco
2008-02-01 22:15:32 0 d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-02-01 15:24:29 36864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-02-01 15:24:27 0 d-------- C:\Program Files\KALiNKOsoft
2008-01-31 17:42:22 0 d-------- C:\Program Files\Frets on Fire
2008-01-29 20:20:17 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-01-29 20:19:44 1024000 --a------ C:\WINDOWS\system32\DM.dll <Not Verified; Intervideo®, Inc.; Intervideo Foundation Class™>
2008-01-29 20:19:22 155648 --a------ C:\WINDOWS\system32\log4cpp.dll <Not Verified; Bastiaan Bakker, LifeLine Networks bv; Log library for C++>
2008-01-29 20:19:17 499712 --a------ C:\WINDOWS\system32\iviIPLW7.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLW7>
2008-01-29 20:19:17 466944 --a------ C:\WINDOWS\system32\iviIPLPX.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLPX>
2008-01-29 20:19:17 442368 --a------ C:\WINDOWS\system32\iviIPLP6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLP6>
2008-01-29 20:19:17 434176 --a------ C:\WINDOWS\system32\iviIPLM6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM6>
2008-01-29 20:19:17 421888 --a------ C:\WINDOWS\system32\iviIPLM5.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM5>
2008-01-29 20:19:17 491520 --a------ C:\WINDOWS\system32\iviIPLA6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLA6>
2008-01-29 20:19:17 466944 --a------ C:\WINDOWS\system32\iviIPL.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPL>
2008-01-29 20:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-01-29 20:19:04 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-01-29 20:19:04 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-01-29 20:19:04 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-01-29 20:19:04 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-01-29 20:19:04 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-01-29 20:19:04 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-01-29 20:18:56 0 d-------- C:\Program Files\Common Files\InterVideo
2008-01-29 20:18:22 0 d-------- C:\Program Files\InterVideo
2008-01-29 20:17:29 0 d-------- C:\Program Files\Adaptec
2008-01-29 20:15:38 585728 -----n--- C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-01-29 20:15:37 528384 -----n--- C:\WINDOWS\system32\msvcp80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-01-29 20:15:35 110592 -----n--- C:\WINDOWS\system32\gbtvrate.dll <Not Verified; Conexant Systems Inc.; TV Ratings>
2008-01-29 20:15:34 19712 -----n--- C:\WINDOWS\system32\drivers\avcgbfl.sys <Not Verified; Adaptec, Inc; Adaptec AVC-14x0/15x0 GameBridge>
2008-01-29 20:15:34 125568 -----n--- C:\WINDOWS\system32\drivers\avcgbdr.sys <Not Verified; Adaptec, Inc.; AVC-14X0/15X0>
2008-01-28 19:41:13 0 d-------- C:\117749d82344d6a98d44
2008-01-28 19:16:06 0 d-------- C:\e50a85bedbe9da9bdb315dd92025
2008-01-27 14:43:13 0 d-------- C:\Program Files\Vstplugins
2008-01-26 23:29:17 0 d-------- C:\Program Files\Risk
2008-01-23 18:57:16 12800 --a------ C:\WINDOWS\system\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-01-23 18:57:16 92208 --a------ C:\WINDOWS\system\Wing.dll <Not Verified; Microsoft Corporation; WinG>
2008-01-21 13:57:11 0 d-------- C:\Program Files\directx
2008-01-21 13:56:09 0 d-------- C:\Program Files\Rockstar Games
2008-01-18 18:40:58 0 d-------- C:\Program Files\Total Video Converter
2008-01-13 16:17:33 0 d-------- C:\Documents and Settings\Carrie Harris\Application Data
2008-01-13 16:17:33 0 d-------- C:\Documents and Settings\Carrie Harris\Application Data\Google
2008-01-12 12:48:20 888832 --a------ C:\WINDOWS\system32\securenet.dll
2008-01-11 23:14:03 0 d-------- C:\Program Files\Vongo
2008-01-10 21:24:03 0 d-------- C:\Program Files\Blender Foundation
2008-01-10 17:11:11 0 d-------- C:\Program Files\AEVITA Save Flash


-- Find3M Report ---------------------------------------------------------------

2008-02-10 14:10:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-10 14:01:01 8405015 --a------ C:\WINDOWS\TempFile
2008-02-09 22:11:56 0 d-------- C:\Program Files\Common Files
2008-02-09 21:25:31 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-08 20:01:16 0 d-------- C:\Program Files\music_now
2008-02-08 15:08:41 0 d-------- C:\Program Files\XoftSpySE
2008-02-07 22:35:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 20:33:27 0 d-------- C:\Program Files\ezt
2008-01-28 18:39:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-27 14:25:59 0 d-------- C:\Program Files\AIM6
2008-01-19 13:51:51 0 d-------- C:\Program Files\Zeallsoft
2008-01-16 18:48:32 0 d-------- C:\Program Files\Sony
2008-01-12 20:06:16 0 d-------- C:\Program Files\DivX
2008-01-12 14:18:33 0 d-------- C:\Program Files\Java
2008-01-09 15:30:46 0 d-------- C:\Program Files\Steam
2008-01-05 10:53:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-30 21:53:25 0 d-------- C:\Program Files\PeoplePhone
2007-12-30 16:30:01 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-30 14:09:10 0 d-------- C:\Program Files\Enterbrain
2007-12-30 14:07:52 0 d-------- C:\Program Files\RPGVX‘ÌŒ±”Å
2007-12-24 12:58:51 0 d-------- C:\Program Files\QuickTime
2007-12-23 15:28:30 4 --a------ C:\WINDOWS\system32\C4A2C2
2007-12-17 20:07:47 0 d-------- C:\Program Files\MagicDVDRipper
2007-12-16 18:09:51 0 d-------- C:\Program Files\Microsoft Games
2007-12-15 13:10:21 4096 --a------ C:\WINDOWS\d3dx.dat
2007-12-14 08:51:09 1700 --a------ C:\WINDOWS\mozver.dat
2007-12-13 11:36:54 0 d-------- C:\Program Files\StepMania
2007-11-12 20:52:34 533 --a------ C:\WINDOWS\eReg.dat
2007-11-12 20:45:55 147456 --a------ C:\WINDOWS\system32\MvsnPni.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b4670410-1dd1-11b2-b82a-9eb6b9a9c038}]
02/08/2008 05:03 PM 68096 --a------ C:\WINDOWS\gzgfidsb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/22/2006 03:17 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/22/2006 03:13 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 12:22 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 01:33 PM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [06/19/2006 12:50 PM]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/13/2007 09:38 PM]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [11/26/2007 05:27 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 11:52 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/19/2006 05:14 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Adobe_ID0E3DHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [02/21/2007 02:44 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 06:30 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 06:30 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/22/2006 03:17 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [09/27/2005 05:00 AM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [09/27/2005 03:47 AM]
"upgzebqr"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\upgzebqr.dll" []
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/27/2008 12:38 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 11:57 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 11:00 PM]

C:\Documents and Settings\Harris\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [5/9/2006 3:09:32 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 7:55:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"user32.dll"=C:\Program Files\Video ActiveX Access\iesmn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files
  • 0

Advertisements

#2
Rorschach112
Posted 12 February 2008 - 05:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You are already being helped, by making multiple topics you are just wasting our time.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP