Tech Support Forum - View Single Post - HJT Log - Can I remove the ones listed as file missing?

**rapada** · 02-23-2007, 04:23 PM

ComboScan v20070221.16 run by Owner on 2007-02-23 at 16:20:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:21:00 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Documents and Settings\Owner\My Documents\My Downloads & Stuff\comboscan.exe
C:\HJT\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

-- HijackThis Fixed Entries (C:\HJT\backups\) -----------------------------------

backup-20051105-211143-132 O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
backup-20051105-211143-214 O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\awvts.dll (file missing)
backup-20051109-151838-648 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
backup-20051109-151838-857 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
backup-20051109-151838-930 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
backup-20070204-170728-734 O4 - Startup: spamsubtract.lnk.disabled
backup-20070222-082402-162 O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
backup-20070222-082402-207 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R Afc (PPdus ASPI Shell) - C:\WINDOWS\system32\drivers\afc.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3S ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
2R F-Secure Filter (F-Secure File System Filter) - C:\Program Files\Shaw Secure\Anti-Virus\win2k\FSfilter.sys
2R F-Secure Gatekeeper - C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsgk.sys
2R F-Secure Recognizer (F-Secure File System Recognizer) - C:\Program Files\Shaw Secure\Anti-Virus\win2k\FSrec.sys
0R fasttx2k - C:\WINDOWS\system32\drivers\Fasttx2k.sys
0R FSFW (F-Secure Firewall Driver) - C:\WINDOWS\system32\drivers\fsdfw.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
3R ltmodem5 (Agere Modem Driver) - C:\WINDOWS\system32\drivers\ltmdmnt.sys
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys
2S nvcap (nVidia WDM Video Capture (universal)) - C:\WINDOWS\system32\drivers\nvcap.sys
3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys
3R nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys
2S NVXBAR (nVidia WDM A/V Crossbar) - C:\WINDOWS\system32\drivers\nvxbar.sys
0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Point32 (Microsoft IntelliPoint Filter Driver) - C:\WINDOWS\system32\drivers\point32.sys
3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
3S S3Psddr - C:\WINDOWS\system32\drivers\s3gnbm.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3R StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SunkFilt (Alcor Micro Corp - 9360) - C:\WINDOWS\system32\drivers\Sunkfilt.sys
3S Sunkfiltp (HP && Alcor Micro Corp for Phison) - C:\WINDOWS\System32\Drivers\sunkfiltp.sys (not found)
3S SYMIDSCO - C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (not found)
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3S viagfx - C:\WINDOWS\system32\drivers\vtmini.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R BackWeb Plug-in - 3875767 (Shaw Secure) - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R F-Secure Gatekeeper Handler Starter (FSGKHS) - "C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe"
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Fax - C:\WINDOWS\system32\fxssvc.exe
2R FSBWSYS - "C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe"
3R FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe"
3R fshttps (F-Secure HTTP Server) - "C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe"
2R FSMA (F-Secure Management Agent) - "C:\Program Files\Shaw Secure\Common\FSMA32.EXE"
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
3R iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Driver Helper Service) - C:\WINDOWS\System32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
3R Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
4S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{07E67AF9-F29E-4C46-A99E-83F064F16F92}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HP Status Server - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
3S HP Port Resolver - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

-- Scheduled Tasks --------------------------------------------------------------

2007-02-23 16:17:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-02-22 17:04:41 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job<SCHEDU~1.JOB>

-- Files created between 2007-01-23 and 2007-02-23 ------------------------------

2007-02-22 08:16:21 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-21 15:57:58 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-21 15:57:10 0 d-------- C:\Documents and Settings\Owner\.housecall6.6<HOUSEC~1.6>
2007-02-13 11:04:48 0 d-------- C:\Program Files\Common Files\Skype
2007-02-08 19:36:20 0 d-------- C:\Program Files\Lavasoft
2007-02-04 13:52:43 33584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-02-04 13:52:43 70896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-02-04 13:52:33 1716224 --a------ C:\WINDOWS\system32\winsflte.dll
2007-02-04 13:52:33 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2007-02-04 13:52:33 1236992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2007-02-04 13:52:33 0 d-------- C:\WINDOWS\rnapxs
2007-02-04 13:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-02-02 16:37:25 0 d-------- C:\Program Files\CCleaner
2007-01-29 10:07:07 0 d-------- C:\Documents and Settings\Owner\smilies
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-23 16:17:46 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-22 12:34:11 0 d-------- C:\Program Files\Multimedia Card Reader<MULTIM~1>
2007-02-22 12:31:28 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1>
2007-02-22 12:27:54 0 d-------- C:\Program Files\iTunes
2007-02-22 12:23:45 0 d-------- C:\Program Files\Google
2007-02-22 08:16:18 0 d-------- C:\Program Files\Grisoft
2007-02-13 11:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-02-13 11:04:49 0 d-------- C:\Program Files\Skype
2007-02-08 19:36:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-02-04 13:52:14 0 d-------- C:\Program Files\Shaw Secure<SHAWSE~1>
2007-02-02 16:37:37 0 d-------- C:\Program Files\Yahoo!
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zangoclient<ZANGOC~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango programs<ZANGOP~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango games<ZANGOG~1>
2007-01-17 11:00:58 232 -r-h----- C:\Program Files\winfixer_2006<WINFIX~2>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\whenu
2007-01-17 11:00:58 234 -r-h----- C:\Program Files\websnitch v3.0<WEBSNI~1.0>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\vvsdl
2007-01-17 11:00:58 238 -r-h----- C:\Program Files\mmediacodec<MMEDIA~1>
2007-01-17 11:00:58 232 -r-h----- C:\Program Files\Common Files\winsoftware<WINSOF~1>
2007-01-17 11:00:58 232 -r-h----- C:\Program Files\Common Files\winfixer 2006<WINFIX~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\Common Files\whenu
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\Common Files\ucontrol
2007-01-17 11:00:57 224 -r-h----- C:\Program Files\vvsn
2007-01-17 11:00:57 238 -r-h----- C:\Program Files\vmntoolbar<VMNTOO~1>
2007-01-17 11:00:57 232 -r-h----- C:\Program Files\ts trial<TSTRIA~1>
2007-01-17 11:00:57 232 -r-h----- C:\Program Files\topmoxie
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick<SURFSI~1>
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick 2<SURFSI~2>
2007-01-17 11:00:57 232 -r-h----- C:\Program Files\netmeting<NETMET~1>
2007-01-17 11:00:57 222 -r-h----- C:\Program Files\hpdll
2007-01-17 11:00:56 242 -r-h----- C:\Program Files\spywarestrike<SPYWAR~4>
2007-01-17 11:00:56 246 -r-h----- C:\Program Files\spyware stormer<SPYWAR~3>
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\softomate<SOFTOM~1>
2007-01-17 11:00:56 228 -r-h----- C:\Program Files\seekmo
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\searchnet<SEARCH~2>
2007-01-17 11:00:56 236 -r-h----- C:\Program Files\screenview<SCREEN~1>
2007-01-17 11:00:56 230 -r-h----- C:\Program Files\savenow
2007-01-17 11:00:56 250 -r-h----- C:\Program Files\relevantknowledge<RELEVA~1>
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\rax search helper<RAXSEA~1>
2007-01-17 11:00:56 226 -r-h----- C:\Program Files\p4p
2007-01-17 11:00:56 234 -r-h----- C:\Program Files\ietoolbar<IETOOL~1>
2007-01-17 11:00:56 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer<EZTHEM~1>
2007-01-17 11:00:56 242 -r-h----- C:\Program Files\dynamic toolbar<DYNAMI~1>
2007-01-17 11:00:56 226 -r-h----- C:\Program Files\Common Files\sogou pxp<SOGOUP~1>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\startup mechanic<STARTU~1>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\need2find<NEED2F~1>
2007-01-17 11:00:55 226 -r-h----- C:\Program Files\ncase
2007-01-17 11:00:55 232 -r-h----- C:\Program Files\navexcel
2007-01-17 11:00:55 232 -r-h----- C:\Program Files\navexcel search toolbar<NAVEXC~1>
2007-01-17 11:00:55 238 -r-h----- C:\Program Files\mywebsearch<MYWEBS~1>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\ddr
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\arcade!
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\support software<SUPPOR~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\network essentials<NETWOR~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads<MEDIAL~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads enhanced<MEDIAL~2>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\media gateway<MEDIAG~1>
2007-01-17 11:00:53 232 -r-h----- C:\Program Files\md
2007-01-17 11:00:53 228 -r-h----- C:\Program Files\lstsvc
2007-01-17 11:00:53 244 -r-h----- C:\Program Files\kuaiso toolsbar<KUAISO~1>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\kgb keylogger<KGBKEY~1>
2007-01-17 11:00:53 266 -r-h----- C:\Program Files\invisible secrets toolbar<INVISI~1>
2007-01-17 11:00:53 240 -r-h----- C:\Program Files\instant buzz<INSTAN~2>
2007-01-17 11:00:53 258 -r-h----- C:\Program Files\instant access<INSTAN~1>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\exploreanywhere<EXPLOR~1>
2007-01-17 11:00:53 232 -r-h----- C:\Program Files\Common Files\wqzq
2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\updmgr
2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\updater
2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\keenvalue<KEENVA~1>
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\system soap pro<SYSTEM~1>
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\search toolbar<SEARCH~1>
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\httper
2007-01-17 11:00:52 244 -r-h----- C:\Program Files\homekeylogger<HOMEKE~1>
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\hbtools
2007-01-17 11:00:52 228 -r-h----- C:\Program Files\hbinst
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\wintools
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\msiets
2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\btlink
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\xmod
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\xml
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\vcom
2007-01-17 11:00:51 246 -r-h----- C:\Program Files\sync manager demo<SYNCMA~1>
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\scom
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\reg2
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\pvm
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\primesoft<PRIMES~1>
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\paymentone<PAYMEN~1>
2007-01-17 11:00:51 252 -r-h----- C:\Program Files\gsr
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\gsoft
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\gmsoft
2007-01-17 11:00:51 240 -r-h----- C:\Program Files\globaldialer<GLOBAL~1>
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\ftk
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flt
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fln
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flcp
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fla
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\filesubmit<FILESU~1>
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fen
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fastseeker<FASTSE~1>
2007-01-17 11:00:51 242 -r-h----- C:\Program Files\dialers
2007-01-17 11:00:50 260 -r-h----- C:\Program Files\webrebates<WEBREB~1>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\real-tens<REAL-T~1>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\popcorn.net
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\movienetworks<MOVIEN~1>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\mlh
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\medch
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\kfh
2007-01-17 11:00:50 226 -r-h----- C:\Program Files\ezurl
2007-01-17 11:00:50 248 -r-h----- C:\Program Files\exact
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2give
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2g
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\downloadware<DOWNLO~2>
2007-01-17 11:00:50 240 -r-h----- C:\Program Files\downloadware engine<DOWNLO~1>
2007-01-17 11:00:50 236 -r-h----- C:\Program Files\dealhelper<DEALHE~1>
2007-01-17 11:00:50 236 -r-h----- C:\Program Files\dealhelper.com inc<DEALHE~1.COM>
2007-01-17 11:00:50 234 -r-h----- C:\Program Files\dateregon<DATERE~1>
2007-01-17 11:00:50 238 -r-h----- C:\Program Files\date manager<DATEMA~1>
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\data19
2007-01-17 11:00:50 234 -r-h----- C:\Program Files\comsoft
2007-01-17 11:00:50 248 -r-h----- C:\Program Files\Common Files\eacceleration<EACCEL~1>
2007-01-17 11:00:48 234 -r-h----- C:\Program Files\windowssa<WINDOW~4>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\tvs
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\rvp
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\lycos
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\letssearch<LETSSE~1>
2007-01-17 11:00:48 228 -r-h----- C:\Program Files\gator.com
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\csbb
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\Common Files\psd tools<PSDTOO~1>
2007-01-17 11:00:48 228 -r-h----- C:\Program Files\Common Files\gmt
2007-01-17 11:00:48 228 -r-h----- C:\Program Files\Common Files\cmeii
2007-01-17 11:00:48 262 -r-h----- C:\Program Files\colej_uk design toolbar<COLEJ_~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\cntrc
2007-01-17 11:00:48 234 -r-h----- C:\Program Files\clipgenie<CLIPGE~1>
2007-01-17 11:00:48 234 -r-h----- C:\Program Files\clientman<CLIENT~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\clearsearch<CLEARS~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\btv
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\brp
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\browser pal<BROWSE~1>
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\bpt
2007-01-17 11:00:48 238 -r-h----- C:\Program Files\bpc_search<BPC_SE~1>
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\bonzibuddy<BONZIB~1>
2007-01-17 11:00:48 236 -r-h----- C:\Program Files\bde
2007-01-17 11:00:47 230 -r-h----- C:\Program Files\sysal
2007-01-17 11:00:47 246 -r-h----- C:\Program Files\mediaring talk<MEDIAR~1>
2007-01-17 11:00:47 240 -r-h----- C:\Program Files\funcade
2007-01-17 11:00:47 240 -r-h----- C:\Program Files\cardcrazy<CARDCR~1>
2007-01-17 11:00:47 240 -r-h----- C:\Program Files\bargain buddy<BARGAI~1>
2007-01-17 11:00:47 230 -r-h----- C:\Program Files\backweb
2007-01-17 11:00:47 244 -r-h----- C:\Program Files\arcaderockstar<ARCADE~1>
2007-01-17 11:00:47 230 -r-h----- C:\Program Files\aproposclient<APROPO~1>
2007-01-17 11:00:47 246 -r-h----- C:\Program Files\accoona
2007-01-17 11:00:46 230 -r-h----- C:\Program Files\the guard<THEGUA~1>
2007-01-17 11:00:46 236 -r-h----- C:\Program Files\stc
2007-01-17 11:00:46 236 -r-h----- C:\Program Files\srng
2007-01-17 11:00:46 246 -r-h----- C:\Program Files\netturbotrial<NETTUR~1>
2007-01-17 11:00:46 287 -r-h----- C:\Program Files\malwaresweeper.com<MALWAR~1.COM>
2007-01-17 11:00:46 228 -r-h----- C:\Program Files\fs
2007-01-17 11:00:46 288 -r-h----- C:\Program Files\flobo spyware clean<FLOBOS~1>
2007-01-17 11:00:46 284 -r-h----- C:\Program Files\fix my registry<FIXMYR~1>
2007-01-17 11:00:46 246 -r-h----- C:\Program Files\Common Files\betterinternet<BETTER~1>
2007-01-17 11:00:46 276 -r-h----- C:\Program Files\beclean
2007-01-17 11:00:46 246 -r-h----- C:\Program Files\abetterinternet<ABETTE~1>
2007-01-17 11:00:46 230 -r-h----- C:\Program Files\2search
2007-01-14 12:01:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-01-14 12:01:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-14 12:01:13 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-14 11:58:05 0 d-------- C:\Program Files\iPod
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-09 19:59:48 117092 --a------ C:\WINDOWS\hpoins11.dat
2006-12-06 22:29:34 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"VTTimer"="VTTimer.exe"
"LTMSG"="LTMSG.exe 7"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"F-Secure Manager"="\"C:\\Program Files\\Shaw Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Shaw Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\ispnews.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"mswspl"="C:\\Program Files\\Windows Media Player\\wmplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-02-23 at 16:21:59 -------------------------

02-23-2007, 04:23 PM	#9 (permalink)
rapada I helped the forums. Join Date: Nov 2005 Location: Canada Posts: 134 OS: WinXP	ComboScan v20070221.16 run by Owner on 2007-02-23 at 16:20:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as Owner.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 4:21:00 PM, on 2/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\HP\KBD\KBD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\HPZinw12.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE C:\Documents and Settings\Owner\My Documents\My Downloads & Stuff\comboscan.exe C:\HJT\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mnrcreations.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------- backup-20051105-211143-132 O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) backup-20051105-211143-214 O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\awvts.dll (file missing) backup-20051109-151838-648 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com backup-20051109-151838-857 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE backup-20051109-151838-930 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com backup-20070204-170728-734 O4 - Startup: spamsubtract.lnk.disabled backup-20070222-082402-162 O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) backup-20070222-082402-207 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3R Afc (PPdus ASPI Shell) - C:\WINDOWS\system32\drivers\afc.sys 1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS 3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS 3S ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys 3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 2R F-Secure Filter (F-Secure File System Filter) - C:\Program Files\Shaw Secure\Anti-Virus\win2k\FSfilter.sys 2R F-Secure Gatekeeper - C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsgk.sys 2R F-Secure Recognizer (F-Secure File System Recognizer) - C:\Program Files\Shaw Secure\Anti-Virus\win2k\FSrec.sys 0R fasttx2k - C:\WINDOWS\system32\drivers\Fasttx2k.sys 0R FSFW (F-Secure Firewall Driver) - C:\WINDOWS\system32\drivers\fsdfw.sys 3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys 3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys 3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys 3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 3R ltmodem5 (Agere Modem Driver) - C:\WINDOWS\system32\drivers\ltmdmnt.sys 2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys 3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys 3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys 2S nvcap (nVidia WDM Video Capture (universal)) - C:\WINDOWS\system32\drivers\nvcap.sys 3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys 3R nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys 2S NVXBAR (nVidia WDM A/V Crossbar) - C:\WINDOWS\system32\drivers\nvxbar.sys 0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS 0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys 3R Point32 (Microsoft IntelliPoint Filter Driver) - C:\WINDOWS\system32\drivers\point32.sys 3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys 3S S3Psddr - C:\WINDOWS\system32\drivers\s3gnbm.sys 3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys 0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS 1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 3R StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3R SunkFilt (Alcor Micro Corp - 9360) - C:\WINDOWS\system32\drivers\Sunkfilt.sys 3S Sunkfiltp (HP && Alcor Micro Corp for Phison) - C:\WINDOWS\System32\Drivers\sunkfiltp.sys (not found) 3S SYMIDSCO - C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (not found) 2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys 3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys 3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys 3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS 3S viagfx - C:\WINDOWS\system32\drivers\vtmini.sys 1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys 3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys 3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" 4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService 3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe 3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 2R BackWeb Plug-in - 3875767 (Shaw Secure) - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE 3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe 4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe 3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch 2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com 3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService 2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe 3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R F-Secure Gatekeeper Handler Starter (FSGKHS) - "C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe" 3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S Fax - C:\WINDOWS\system32\fxssvc.exe 2R FSBWSYS - "C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe" 3R FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe" 3R fshttps (F-Secure HTTP Server) - "C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe" 2R FSMA (F-Secure Management Agent) - "C:\Program Files\Shaw Secure\Common\FSMA32.EXE" 3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter 3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe 3R iPodService - C:\Program Files\iPod\bin\iPodService.exe 2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService 4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe 3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe 3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V 4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe 4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe 3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe 3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe 3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R NVSvc (NVIDIA Driver Helper Service) - C:\WINDOWS\System32\nvsvc32.exe 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe 3R Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe 2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe 2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe 4S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe 4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe 2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss 3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe 2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe 3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe 2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe 2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService 2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc 3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{07E67AF9-F29E-4C46-A99E-83F064F16F92} 3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe 3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch 2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService 3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe 3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe 2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService 2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe 2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S HP Status Server - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE 3S HP Port Resolver - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- Scheduled Tasks -------------------------------------------------------------- 2007-02-23 16:17:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB> 2007-02-22 17:04:41 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job<SCHEDU~1.JOB> -- Files created between 2007-01-23 and 2007-02-23 ------------------------------ 2007-02-22 08:16:21 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-21 15:57:58 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-02-21 15:57:10 0 d-------- C:\Documents and Settings\Owner\.housecall6.6<HOUSEC~1.6> 2007-02-13 11:04:48 0 d-------- C:\Program Files\Common Files\Skype 2007-02-08 19:36:20 0 d-------- C:\Program Files\Lavasoft 2007-02-04 13:52:43 33584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2007-02-04 13:52:43 70896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2007-02-04 13:52:33 1716224 --a------ C:\WINDOWS\system32\winsflte.dll 2007-02-04 13:52:33 1187840 --a------ C:\WINDOWS\system32\winsflt.dll 2007-02-04 13:52:33 1236992 --a------ C:\WINDOWS\system32\cfgmig32.dll 2007-02-04 13:52:33 0 d-------- C:\WINDOWS\rnapxs 2007-02-04 13:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2007-02-02 16:37:25 0 d-------- C:\Program Files\CCleaner 2007-01-29 10:07:07 0 d-------- C:\Documents and Settings\Owner\smilies 2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-23 16:17:46 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-22 12:34:11 0 d-------- C:\Program Files\Multimedia Card Reader<MULTIM~1> 2007-02-22 12:31:28 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1> 2007-02-22 12:27:54 0 d-------- C:\Program Files\iTunes 2007-02-22 12:23:45 0 d-------- C:\Program Files\Google 2007-02-22 08:16:18 0 d-------- C:\Program Files\Grisoft 2007-02-13 11:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype 2007-02-13 11:04:49 0 d-------- C:\Program Files\Skype 2007-02-08 19:36:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-02-04 13:52:14 0 d-------- C:\Program Files\Shaw Secure<SHAWSE~1> 2007-02-02 16:37:37 0 d-------- C:\Program Files\Yahoo! 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zangoclient<ZANGOC~1> 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango programs<ZANGOP~1> 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango games<ZANGOG~1> 2007-01-17 11:00:58 232 -r-h----- C:\Program Files\winfixer_2006<WINFIX~2> 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\whenu 2007-01-17 11:00:58 234 -r-h----- C:\Program Files\websnitch v3.0<WEBSNI~1.0> 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\vvsdl 2007-01-17 11:00:58 238 -r-h----- C:\Program Files\mmediacodec<MMEDIA~1> 2007-01-17 11:00:58 232 -r-h----- C:\Program Files\Common Files\winsoftware<WINSOF~1> 2007-01-17 11:00:58 232 -r-h----- C:\Program Files\Common Files\winfixer 2006<WINFIX~1> 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\Common Files\whenu 2007-01-17 11:00:58 226 -r-h----- C:\Program Files\Common Files\ucontrol 2007-01-17 11:00:57 224 -r-h----- C:\Program Files\vvsn 2007-01-17 11:00:57 238 -r-h----- C:\Program Files\vmntoolbar<VMNTOO~1> 2007-01-17 11:00:57 232 -r-h----- C:\Program Files\ts trial<TSTRIA~1> 2007-01-17 11:00:57 232 -r-h----- C:\Program Files\topmoxie 2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick<SURFSI~1> 2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick 2<SURFSI~2> 2007-01-17 11:00:57 232 -r-h----- C:\Program Files\netmeting<NETMET~1> 2007-01-17 11:00:57 222 -r-h----- C:\Program Files\hpdll 2007-01-17 11:00:56 242 -r-h----- C:\Program Files\spywarestrike<SPYWAR~4> 2007-01-17 11:00:56 246 -r-h----- C:\Program Files\spyware stormer<SPYWAR~3> 2007-01-17 11:00:56 234 -r-h----- C:\Program Files\softomate<SOFTOM~1> 2007-01-17 11:00:56 228 -r-h----- C:\Program Files\seekmo 2007-01-17 11:00:56 234 -r-h----- C:\Program Files\searchnet<SEARCH~2> 2007-01-17 11:00:56 236 -r-h----- C:\Program Files\screenview<SCREEN~1> 2007-01-17 11:00:56 230 -r-h----- C:\Program Files\savenow 2007-01-17 11:00:56 250 -r-h----- C:\Program Files\relevantknowledge<RELEVA~1> 2007-01-17 11:00:56 234 -r-h----- C:\Program Files\rax search helper<RAXSEA~1> 2007-01-17 11:00:56 226 -r-h----- C:\Program Files\p4p 2007-01-17 11:00:56 234 -r-h----- C:\Program Files\ietoolbar<IETOOL~1> 2007-01-17 11:00:56 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer<EZTHEM~1> 2007-01-17 11:00:56 242 -r-h----- C:\Program Files\dynamic toolbar<DYNAMI~1> 2007-01-17 11:00:56 226 -r-h----- C:\Program Files\Common Files\sogou pxp<SOGOUP~1> 2007-01-17 11:00:55 234 -r-h----- C:\Program Files\startup mechanic<STARTU~1> 2007-01-17 11:00:55 234 -r-h----- C:\Program Files\need2find<NEED2F~1> 2007-01-17 11:00:55 226 -r-h----- C:\Program Files\ncase 2007-01-17 11:00:55 232 -r-h----- C:\Program Files\navexcel 2007-01-17 11:00:55 232 -r-h----- C:\Program Files\navexcel search toolbar<NAVEXC~1> 2007-01-17 11:00:55 238 -r-h----- C:\Program Files\mywebsearch<MYWEBS~1> 2007-01-17 11:00:55 234 -r-h----- C:\Program Files\ddr 2007-01-17 11:00:55 234 -r-h----- C:\Program Files\arcade! 2007-01-17 11:00:54 236 -r-h----- C:\Program Files\support software<SUPPOR~1> 2007-01-17 11:00:54 236 -r-h----- C:\Program Files\network essentials<NETWOR~1> 2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads<MEDIAL~1> 2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads enhanced<MEDIAL~2> 2007-01-17 11:00:53 242 -r-h----- C:\Program Files\media gateway<MEDIAG~1> 2007-01-17 11:00:53 232 -r-h----- C:\Program Files\md 2007-01-17 11:00:53 228 -r-h----- C:\Program Files\lstsvc 2007-01-17 11:00:53 244 -r-h----- C:\Program Files\kuaiso toolsbar<KUAISO~1> 2007-01-17 11:00:53 242 -r-h----- C:\Program Files\kgb keylogger<KGBKEY~1> 2007-01-17 11:00:53 266 -r-h----- C:\Program Files\invisible secrets toolbar<INVISI~1> 2007-01-17 11:00:53 240 -r-h----- C:\Program Files\instant buzz<INSTAN~2> 2007-01-17 11:00:53 258 -r-h----- C:\Program Files\instant access<INSTAN~1> 2007-01-17 11:00:53 242 -r-h----- C:\Program Files\exploreanywhere<EXPLOR~1> 2007-01-17 11:00:53 232 -r-h----- C:\Program Files\Common Files\wqzq 2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\updmgr 2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\updater 2007-01-17 11:00:53 234 -r-h----- C:\Program Files\Common Files\keenvalue<KEENVA~1> 2007-01-17 11:00:52 228 -r-h----- C:\Program Files\system soap pro<SYSTEM~1> 2007-01-17 11:00:52 230 -r-h----- C:\Program Files\search toolbar<SEARCH~1> 2007-01-17 11:00:52 228 -r-h----- C:\Program Files\httper 2007-01-17 11:00:52 244 -r-h----- C:\Program Files\homekeylogger<HOMEKE~1> 2007-01-17 11:00:52 228 -r-h----- C:\Program Files\hbtools 2007-01-17 11:00:52 228 -r-h----- C:\Program Files\hbinst 2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\wintools 2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\msiets 2007-01-17 11:00:52 230 -r-h----- C:\Program Files\Common Files\btlink 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\xmod 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\xml 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\vcom 2007-01-17 11:00:51 246 -r-h----- C:\Program Files\sync manager demo<SYNCMA~1> 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\scom 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\reg2 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\pvm 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\primesoft<PRIMES~1> 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\paymentone<PAYMEN~1> 2007-01-17 11:00:51 252 -r-h----- C:\Program Files\gsr 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\gsoft 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\gmsoft 2007-01-17 11:00:51 240 -r-h----- C:\Program Files\globaldialer<GLOBAL~1> 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\ftk 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flt 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fln 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flcp 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fla 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\filesubmit<FILESU~1> 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fen 2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fastseeker<FASTSE~1> 2007-01-17 11:00:51 242 -r-h----- C:\Program Files\dialers 2007-01-17 11:00:50 260 -r-h----- C:\Program Files\webrebates<WEBREB~1> 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\real-tens<REAL-T~1> 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\popcorn.net 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\movienetworks<MOVIEN~1> 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\mlh 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\medch 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\kfh 2007-01-17 11:00:50 226 -r-h----- C:\Program Files\ezurl 2007-01-17 11:00:50 248 -r-h----- C:\Program Files\exact 2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2give 2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2g 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\downloadware<DOWNLO~2> 2007-01-17 11:00:50 240 -r-h----- C:\Program Files\downloadware engine<DOWNLO~1> 2007-01-17 11:00:50 236 -r-h----- C:\Program Files\dealhelper<DEALHE~1> 2007-01-17 11:00:50 236 -r-h----- C:\Program Files\dealhelper.com inc<DEALHE~1.COM> 2007-01-17 11:00:50 234 -r-h----- C:\Program Files\dateregon<DATERE~1> 2007-01-17 11:00:50 238 -r-h----- C:\Program Files\date manager<DATEMA~1> 2007-01-17 11:00:50 228 -r-h----- C:\Program Files\data19 2007-01-17 11:00:50 234 -r-h----- C:\Program Files\comsoft 2007-01-17 11:00:50 248 -r-h----- C:\Program Files\Common Files\eacceleration<EACCEL~1> 2007-01-17 11:00:48 234 -r-h----- C:\Program Files\windowssa<WINDOW~4> 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\tvs 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\rvp 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\lycos 2007-01-17 11:00:48 236 -r-h----- C:\Program Files\letssearch<LETSSE~1> 2007-01-17 11:00:48 228 -r-h----- C:\Program Files\gator.com 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\csbb 2007-01-17 11:00:48 236 -r-h----- C:\Program Files\Common Files\psd tools<PSDTOO~1> 2007-01-17 11:00:48 228 -r-h----- C:\Program Files\Common Files\gmt 2007-01-17 11:00:48 228 -r-h----- C:\Program Files\Common Files\cmeii 2007-01-17 11:00:48 262 -r-h----- C:\Program Files\colej_uk design toolbar<COLEJ_~1> 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\cntrc 2007-01-17 11:00:48 234 -r-h----- C:\Program Files\clipgenie<CLIPGE~1> 2007-01-17 11:00:48 234 -r-h----- C:\Program Files\clientman<CLIENT~1> 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\clearsearch<CLEARS~1> 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\btv 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\brp 2007-01-17 11:00:48 236 -r-h----- C:\Program Files\browser pal<BROWSE~1> 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\bpt 2007-01-17 11:00:48 238 -r-h----- C:\Program Files\bpc_search<BPC_SE~1> 2007-01-17 11:00:48 236 -r-h----- C:\Program Files\bonzibuddy<BONZIB~1> 2007-01-17 11:00:48 236 -r-h----- C:\Program Files\bde 2007-01-17 11:00:47 230 -r-h----- C:\Program Files\sysal 2007-01-17 11:00:47 246 -r-h----- C:\Program Files\mediaring talk<MEDIAR~1> 2007-01-17 11:00:47 240 -r-h----- C:\Program Files\funcade 2007-01-17 11:00:47 240 -r-h----- C:\Program Files\cardcrazy<CARDCR~1> 2007-01-17 11:00:47 240 -r-h----- C:\Program Files\bargain buddy<BARGAI~1> 2007-01-17 11:00:47 230 -r-h----- C:\Program Files\backweb 2007-01-17 11:00:47 244 -r-h----- C:\Program Files\arcaderockstar<ARCADE~1> 2007-01-17 11:00:47 230 -r-h----- C:\Program Files\aproposclient<APROPO~1> 2007-01-17 11:00:47 246 -r-h----- C:\Program Files\accoona 2007-01-17 11:00:46 230 -r-h----- C:\Program Files\the guard<THEGUA~1> 2007-01-17 11:00:46 236 -r-h----- C:\Program Files\stc 2007-01-17 11:00:46 236 -r-h----- C:\Program Files\srng 2007-01-17 11:00:46 246 -r-h----- C:\Program Files\netturbotrial<NETTUR~1> 2007-01-17 11:00:46 287 -r-h----- C:\Program Files\malwaresweeper.com<MALWAR~1.COM> 2007-01-17 11:00:46 228 -r-h----- C:\Program Files\fs 2007-01-17 11:00:46 288 -r-h----- C:\Program Files\flobo spyware clean<FLOBOS~1> 2007-01-17 11:00:46 284 -r-h----- C:\Program Files\fix my registry<FIXMYR~1> 2007-01-17 11:00:46 246 -r-h----- C:\Program Files\Common Files\betterinternet<BETTER~1> 2007-01-17 11:00:46 276 -r-h----- C:\Program Files\beclean 2007-01-17 11:00:46 246 -r-h----- C:\Program Files\abetterinternet<ABETTE~1> 2007-01-17 11:00:46 230 -r-h----- C:\Program Files\2search 2007-01-14 12:01:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1> 2007-01-14 12:01:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-14 12:01:13 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-01-14 11:58:05 0 d-------- C:\Program Files\iPod 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-09 19:59:48 117092 --a------ C:\WINDOWS\hpoins11.dat 2006-12-06 22:29:34 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NVIEW"="rundll32.exe nview.dll,nViewLoadHook" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe" "AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect" "VTTimer"="VTTimer.exe" "LTMSG"="LTMSG.exe 7" "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "F-Secure Manager"="\"C:\\Program Files\\Shaw Secure\\Common\\FSM32.EXE\" /splash" "F-Secure TNB"="\"C:\\Program Files\\Shaw Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW" "F-Secure Startup Wizard"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\FSSW.EXE\" /reboot" "News Service"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\ispnews.exe\"" "KBD"="C:\\HP\\KBD\\KBD.EXE" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe" "CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe" "mswspl"="C:\\Program Files\\Windows Media Player\\wmplayer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of ComboScan: finished at 2007-02-23 at 16:21:59 ------------------------- __________________ Thanks for all your help!! Britt