Tech Support Forum - View Single Post - Spyware remover fakes: Dr. Antivirus and Spylocked

HollyW07 · 06-30-2007, 11:45 PM

I did everything you told me to do and it has gone away! I'm so thrilled. :D I was starting to get really upset because I thought I might have to recover my entire computer in order to get rid of it.

I did not see EasySpyRemover on my computer anywhere but I did delete the other things you told me to. It all worked like a charm! My computer is running a little slow but it's been doing that for a while. I didn't have any problems, and it all worked like a charm. Thank you so much!

Here are the logs you told me to post.

1. HJT log done just before I replied:

Logfile of HijackThis v1.99.1
Scan saved at 12:39:05 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.darkfantasychat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.darkfantasychat.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

2. Online Scan log that took about 2 hours to scan my whole computer:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 01, 2007 12:38:02 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/07/2007
Kaspersky Anti-Virus database records: 356082
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 179796
Number of viruses found: 4
Number of infected objects: 10 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:18:05

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20070630184356\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06302007-103208.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E2D8C762.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdateMgr.exe.ca552b9d.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\dfsr.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\fsr.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\tmp.edb Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{59B9A84B-1E9A-4F24-8B32-EA17030FC85F} Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\asher_forsaken@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012007063020070701\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_a40.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_f00.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFBF6B.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFBF86.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\J437A6MW\BODY[1].htm Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Video ActiveX Access\imsunst.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP370\A0059350.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP370\A0059351.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059434.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059530.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059531.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059535.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059536.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F76AD6F3-4B97-433F-AF2B-DF4D244A083F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{30E46A0F-7BB2-486C-AC3F-9C239906635D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\change.log Object is locked skipped

Scan process completed.

3. ComboFix log:

"Compaq_Administrator" - 2007-06-30 21:56:39 - ComboFix 07-07-01 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Easy SpyRemover
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@about[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adlegend[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adtech[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adultfriendfinder[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@advertising[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@allposters[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@altavista[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@aol[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ask[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@atwola[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@azcentral[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@azjmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@belointeractive[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bfast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bluestreak[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bravenet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@cc-dt[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@clickbank[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@clicksor[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@cybermonitor[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@discovery[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@doubleclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@excite[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@expedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@fortunecity[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@gamespyid[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hollywood[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hotlog[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@howstuffworks[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ign[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@imdb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@infospace[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ivillage[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@kanoodle[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@linksynergy[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@list[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@live365[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@lycos[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mediaplex[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mysimon[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mytrix[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@nextag[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@nytimes[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@partner2profit[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@paycounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@pro-market[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@rambler[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@revenue[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@rootsweb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sageanalyst[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@serving-sys[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sexlist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@specificclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@spylog[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@statcounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@targetnet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ticketmaster[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@toplist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@tradedoubler[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@trafficmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@trb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@tv[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@unicast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@usatoday[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@valueclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@voila[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@washingtonpost[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webmd[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webshots[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webstat[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@wunderground[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@xiti[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@zedo[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@247realmedia[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@about[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@adtech[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@advertising[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@altavista[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@ask[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@atwola[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@bluestreak[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@fortunecity[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@ign[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@imdb[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@linksynergy[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@lycos[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@nextag[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@nytimes[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@partner2profit[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@questionmarket[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@real[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@serving-sys[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@sexlist[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@sextracker[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@specificclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@terra.com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@trafficmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@wp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@xiti[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@zedo[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@advertising[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@bravenet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@cybermonitor[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@ign[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@live365[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@lycos[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@partner2profit[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@trafficmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@tribalfusion[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@unicast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@adrevolver[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@advertising[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@ign[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@lycos[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@questionmarket[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@serving-sys[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@sexlist[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@specificclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@trafficmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@webshots[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@adlegend[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@advertising[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@aol[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@atdmt[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@bluestreak[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@burstnet[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@doubleclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@lycos[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@nextag[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@overture[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@pro-market[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@serving-sys[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@sexlist[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@sextracker[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@space[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@specificclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@ticketmaster[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@toplist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@trafficmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@zedo[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_06-30-2007_00-21-04\RegBackup.reg
C:\Program Files\Easy SpyRemover\Easy SpyRemover.log
C:\Program Files\Easy SpyRemover\EasySpyRemover_setup.exe
C:\Program Files\Easy SpyRemover\settings.ini
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@advertising[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@atdmt[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@doubleclick[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@mediaplex[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@questionmarket[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\Microsoft_Windows_CurrentVersion_App Management_ARPCache_Video ActiveX Object.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\Microsoft_Windows_CurrentVersion_App Management_ARPCache_Windows Safety Alert.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\SOFTWARE_Microsoft_Windows_CurrentVersion_policies_explorer_run_rare.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\SOFTWARE_Microsoft_Windows_CurrentVersion_policies_explorer_run_user32_dll.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\VideoAXObject_Chl.dat
C:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\WINDOWS\system32\pjgerka.dll

((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))

2007-06-30 18:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 13:24 <DIR> d-------- C:\Deckard
2007-06-30 13:17 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-30 13:16 <DIR> d-------- C:\ie-spyad
2007-06-30 13:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-30 10:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-30 10:31 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-30 00:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-06-16 19:31 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\teamspeak2

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 02:44:01 15,747 ----a-w C:\WINDOWS\system32\wacom.dat
2007-07-01 02:22:46 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-30 17:38:55 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-30 17:38:24 -------- d-----w C:\Program Files\MSN Messenger
2007-06-30 17:32:08 -------- d-----w C:\Program Files\iTunes
2007-06-30 17:31:05 -------- d-----w C:\Program Files\Google
2007-06-30 17:25:39 -------- d-----w C:\Program Files\DISC
2007-06-30 17:22:39 -------- d---a-w C:\Program Files\Common Files\LightScribe
2007-06-30 06:17:27 -------- d-----w C:\Program Files\GemMaster
2007-06-30 06:14:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 00:31:40 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-06-04 05:33:20 -------- d-----w C:\Program Files\QuickTime
2007-05-19 03:54:50 1,921 ----a-w C:\WINDOWS\mozver.dat
2007-05-18 22:23:24 -------- d-----w C:\Program Files\iPod
2007-05-18 22:19:19 -------- d-----w C:\Program Files\Apple Software Update
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 21:10:34 -------- d-----w C:\Program Files\EQ2MAP Updater
2007-05-08 21:40:54 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-06-04 23:23:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-09-07 16:28 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 11:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2006-09-06 00:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-07-31 15:32 185848 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-28 00:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-05-18 21:34]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 09:11]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 16:16]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 00:03]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

*Newly Created Service* - COMHOST

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

Contents of the 'Scheduled Tasks' folder
2007-06-13 17:26:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-01 02:46:50 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-30 01:18:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Administrator.job
2007-07-01 02:59:00 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-07-01 02:45:21 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-06-30 08:09:14 C:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 22:00:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-30 22:01:29
C:\ComboFix-quarantined-files.txt ... 2007-06-30 22:01
C:\ComboFix2.txt ... 2007-06-30 18:33

--- E O F ---

06-30-2007, 11:45 PM	#5 (permalink)
HollyW07 Registered User Join Date: Jun 2007 Posts: 10 OS: Microsoft Windows XP My System	Re: Spyware remover fakes: Dr. Antivirus and Spylocked I did everything you told me to do and it has gone away! I'm so thrilled. :D I was starting to get really upset because I thought I might have to recover my entire computer in order to get rid of it. I did not see EasySpyRemover on my computer anywhere but I did delete the other things you told me to. It all worked like a charm! My computer is running a little slow but it's been doing that for a while. I didn't have any problems, and it all worked like a charm. Thank you so much! Here are the logs you told me to post. 1. HJT log done just before I replied: Logfile of HijackThis v1.99.1 Scan saved at 12:39:05 AM, on 7/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Logitech\Video\LowLight.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.darkfantasychat.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.darkfantasychat.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE 2. Online Scan log that took about 2 hours to scan my whole computer: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, July 01, 2007 12:38:02 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 1/07/2007 Kaspersky Anti-Virus database records: 356082 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: false Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 179796 Number of viruses found: 4 Number of infected objects: 10 / 0 Number of suspicious objects: 0 Duration of the scan process: 02:18:05 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20070630184356\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06302007-103208.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E2D8C762.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdateMgr.exe.ca552b9d.ini.inuse Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\dfsr.db Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\fsr.log Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\fsrtmp.log Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\asher_forsaken@hotmail.com\SharingMetadata\Working\database_88E8_92C_E809_19D8\tmp.edb Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{59B9A84B-1E9A-4F24-8B32-EA17030FC85F} Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\asher_forsaken@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012007063020070701\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_a40.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_f00.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFBF6B.tmp Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFBF86.tmp Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\J437A6MW\BODY[1].htm Object is locked skipped C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000003.FCS Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\QooBox\Quarantine\C\Program Files\Video ActiveX Access\imsunst.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bvp skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP370\A0059350.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP370\A0059351.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059434.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059530.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059531.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059535.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\A0059536.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F76AD6F3-4B97-433F-AF2B-DF4D244A083F}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{30E46A0F-7BB2-486C-AC3F-9C239906635D}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP374\change.log Object is locked skipped Scan process completed. 3. ComboFix log: "Compaq_Administrator" - 2007-06-30 21:56:39 - ComboFix 07-07-01 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Easy SpyRemover C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@about[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adlegend[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adrevolver[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adtech[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@adultfriendfinder[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@advertising[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@allposters[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@altavista[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@aol[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ask[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@atdmt[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@atwola[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@azcentral[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@azjmp[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@belointeractive[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bfast[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bluestreak[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@bravenet[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@burstnet[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@casalemedia[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@cc-dt[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@clickbank[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@clicksor[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@com[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@cybermonitor[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@discovery[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@doubleclick[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@excite[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@expedia[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@fortunecity[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@gamespyid[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@go[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hitbox[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hollywood[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@hotlog[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@howstuffworks[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ign[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@imdb[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@imrworldwide[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@infospace[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ivillage[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@kanoodle[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@linksynergy[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@list[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@live365[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@lycos[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mediaplex[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mysimon[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@mytrix[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@nextag[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@nytimes[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@overture[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@partner2profit[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@paycounter[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@pro-market[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@questionmarket[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@rambler[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@real[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@revenue[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@rootsweb[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sageanalyst[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@serving-sys[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sexlist[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@sextracker[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@specificclick[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@spylog[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@statcounter[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@targetnet[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@ticketmaster[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@toplist[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@tradedoubler[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@trafficmp[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@trb[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@tv[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@unicast[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@usatoday[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@valueclick[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@voila[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@washingtonpost[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webmd[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webshots[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@webstat[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@wunderground[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@xiti[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\compaq_administrator@zedo[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\FileBackup.bak C:\Program Files\Easy SpyRemover\Backup\Backup_05-08-2007_16-32-11\RegBackup.reg C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@247realmedia[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@2o7[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@about[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@adrevolver[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@adtech[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@advertising[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@altavista[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@ask[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@atdmt[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@atwola[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@bluestreak[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@burstnet[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@casalemedia[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@com[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@doubleclick[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@fortunecity[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@go[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@hitbox[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@ign[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@imdb[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@imrworldwide[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@linksynergy[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@lycos[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@mediaplex[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@nextag[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@nytimes[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@overture[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@partner2profit[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@questionmarket[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@real[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@serving-sys[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@sexlist[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@sextracker[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@specificclick[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@statcounter[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@terra.com[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@trafficmp[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@tribalfusion[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@wp[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@xiti[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\compaq_administrator@zedo[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\FileBackup.bak C:\Program Files\Easy SpyRemover\Backup\Backup_05-26-2007_21-13-33\RegBackup.reg C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@2o7[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@adrevolver[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@advertising[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@atdmt[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@bravenet[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@burstnet[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@casalemedia[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@cybermonitor[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@doubleclick[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@hitbox[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@ign[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@live365[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@lycos[4].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@mediaplex[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@overture[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@partner2profit[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@questionmarket[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@sextracker[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@statcounter[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@trafficmp[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@tribalfusion[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\compaq_administrator@unicast[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\FileBackup.bak C:\Program Files\Easy SpyRemover\Backup\Backup_05-30-2007_11-57-49\RegBackup.reg C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@2o7[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@adrevolver[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@advertising[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@atdmt[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@casalemedia[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@com[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@doubleclick[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@ign[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@lycos[4].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@mediaplex[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@questionmarket[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@real[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@serving-sys[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@sexlist[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@sextracker[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@specificclick[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@trafficmp[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@tribalfusion[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\compaq_administrator@webshots[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\FileBackup.bak C:\Program Files\Easy SpyRemover\Backup\Backup_06-08-2007_22-26-08\RegBackup.reg C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@adlegend[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@adrevolver[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@advertising[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@aol[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@atdmt[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@bluestreak[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@burstnet[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@casalemedia[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@doubleclick[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@go[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@hitbox[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@imrworldwide[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@lycos[4].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@mediaplex[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@nextag[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@overture[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@pro-market[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@questionmarket[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@real[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@serving-sys[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@sexlist[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@sextracker[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@space[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@specificclick[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@statcounter[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@ticketmaster[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@toplist[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@trafficmp[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@tribalfusion[1].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\compaq_administrator@zedo[2].txt C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\FileBackup.bak C:\Program Files\Easy SpyRemover\Backup\Backup_06-29-2007_23-41-57\RegBackup.reg C:\Program Files\Easy SpyRemover\Backup\Backup_06-30-2007_00-21-04\RegBackup.reg C:\Program Files\Easy SpyRemover\Easy SpyRemover.log C:\Program Files\Easy SpyRemover\EasySpyRemover_setup.exe C:\Program Files\Easy SpyRemover\settings.ini C:\Program Files\Enigma Software Group C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@advertising[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@atdmt[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@doubleclick[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@mediaplex[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\compaq_administrator@questionmarket[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\Microsoft_Windows_CurrentVersion_App Management_ARPCache_Video ActiveX Object.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\Microsoft_Windows_CurrentVersion_App Management_ARPCache_Windows Safety Alert.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\SOFTWARE_Microsoft_Windows_CurrentVersion_policies_explorer_run_rare.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\SOFTWARE_Microsoft_Windows_CurrentVersion_policies_explorer_run_user32_dll.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\VideoAXObject_Chl.dat C:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat C:\Program Files\Enigma Software Group\SpyHunter\support.log C:\WINDOWS\system32\pjgerka.dll ((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 ))))))))))))))))))))))))))))))) 2007-06-30 18:27 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-30 13:24 <DIR> d-------- C:\Deckard 2007-06-30 13:17 21,312 --a------ C:\WINDOWS\choice.exe 2007-06-30 13:16 <DIR> d-------- C:\ie-spyad 2007-06-30 13:09 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-30 10:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-30 10:31 <DIR> d-------- C:\Program Files\Windows Defender 2007-06-30 00:11 <DIR> d-------- C:\Program Files\XoftSpySE 2007-06-16 19:31 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\teamspeak2 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-01 02:44:01 15,747 ----a-w C:\WINDOWS\system32\wacom.dat 2007-07-01 02:22:46 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-30 17:38:55 -------- d-----w C:\Program Files\Norton Internet Security 2007-06-30 17:38:24 -------- d-----w C:\Program Files\MSN Messenger 2007-06-30 17:32:08 -------- d-----w C:\Program Files\iTunes 2007-06-30 17:31:05 -------- d-----w C:\Program Files\Google 2007-06-30 17:25:39 -------- d-----w C:\Program Files\DISC 2007-06-30 17:22:39 -------- d---a-w C:\Program Files\Common Files\LightScribe 2007-06-30 06:17:27 -------- d-----w C:\Program Files\GemMaster 2007-06-30 06:14:58 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-17 00:31:40 -------- d-----w C:\Program Files\Teamspeak2_RC2 2007-06-04 05:33:20 -------- d-----w C:\Program Files\QuickTime 2007-05-19 03:54:50 1,921 ----a-w C:\WINDOWS\mozver.dat 2007-05-18 22:23:24 -------- d-----w C:\Program Files\iPod 2007-05-18 22:19:19 -------- d-----w C:\Program Files\Apple Software Update 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 21:10:34 -------- d-----w C:\Program Files\EQ2MAP Updater 2007-05-08 21:40:54 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2006-06-04 23:23:54 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2006-09-07 16:28 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 11:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] 2006-09-06 00:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] 2006-07-31 15:32 185848 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] 2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-05-28 00:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-05-18 21:34] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 09:11] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 16:16] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 00:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme Newly Created Service - COMHOST HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf Contents of the 'Scheduled Tasks' folder 2007-06-13 17:26:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-01 02:46:50 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-06-30 01:18:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Administrator.job 2007-07-01 02:59:00 C:\WINDOWS\tasks\Symantec NetDetect.job 2007-07-01 02:45:21 C:\WINDOWS\tasks\XoftSpySE 2.job 2007-06-30 08:09:14 C:\WINDOWS\tasks\XoftSpySE.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-30 22:00:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-30 22:01:29 C:\ComboFix-quarantined-files.txt ... 2007-06-30 22:01 C:\ComboFix2.txt ... 2007-06-30 18:33 --- E O F ---