Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
Nonstop popups and lagging computer Nonstop popups and lagging computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 06-15-2007, 08:30 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


Nonstop popups and lagging computer
I keep getting popups, one of which is Winantispyware.
A spyware scan also says that I have Troan.clicker.win32.vb.ij , CWS.Aboutblank, and Alfacleaner which it can't seem to remove despite my efforts.


Logfile of HijackThis v1.99.1
Scan saved at 10:16:26 AM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\poolsv.exe
C:\WINDOWS\svhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\retadpu77.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {547CBAB5-A943-4570-9DD0-0E4159A7F4A1} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\phbrqgjf.dll
O2 - BHO: (no name) - {88ECA3F7-03D2-4526-8245-E717C2C3BE83} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rxbxqhpu.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global User Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global User Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global User Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158868259140
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/750.../java/RntX.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
cruds is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-16-2007, 01:29 PM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Re: Nonstop popups and lagging computer
Hi and welcome to TSF.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

I will be back shortly with your fix.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-16-2007, 03:55 PM   #3 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Re: Nonstop popups and lagging computer
The cleaning process is not instant. Please follow through to the end until I tell you your machine is clean.
The absence of symptoms does not mean that everything is clean.

---------------------------------------------------------------------------------------------

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Manager <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

---------------------------------------------------------------------------------------------

Update AVG Anti-Spyware

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware
  • From the main screen, click on update, then click the Start
    update     button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do not run option #2 unless instructed to!!

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

DO NOT run SDFix yet. We will shortly

---------------------------------------------------------------------------------------------

Disable Windows Defender

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
  • Open Windows Defender.
  • Click on Tools>Options.
  • Scroll down and uncheck "Use real-time protection (recommended)".
  • After you uncheck this, click on the Save button and close Windows Defender.

---------------------------------------------------------------------------------------------

Download combofix from here

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply.

---------------------------------------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {547CBAB5-A943-4570-9DD0-0E4159A7F4A1} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {88ECA3F7-03D2-4526-8245-E717C2C3BE83} - C:\WINDOWS\system32\mljjg.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Paste the contents of the Report.txt back on the forum

---------------------------------------------------------------------------------------------

Restart your computer in Normal Mode

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

SmitFraudFix Results
C:\ComboFix.txt
AVG Anti-Spyware Results
C:\SDFix\report.txt
Panda Log
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt - Attached please
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-18-2007, 02:37 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


Re: Nonstop popups and lagging computer
SmitFraudFix Results

SmitFraudFix v2.195

Scan done at 18:05:14.00, Sat 06/16/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svhost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

C:\Documents and Settings\LocalService\Application Data\AlfaCleaner FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{12E28874-B276-4419-BF98-FB81817D9084}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDE4214-810D-408A-98E6-E3262D14D306}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12E28874-B276-4419-BF98-FB81817D9084}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDE4214-810D-408A-98E6-E3262D14D306}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{12E28874-B276-4419-BF98-FB81817D9084}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3EDE4214-810D-408A-98E6-E3262D14D306}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Last edited by cruds : 06-18-2007 at 02:38 PM. Reason: Removed attachment to different post.
cruds is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-18-2007, 02:38 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


Re: Nonstop popups and lagging computer
ComboFix Results


ComboFix 07-06-13.7 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-16 18:09:35 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rxbxqhpu.dll
C:\WINDOWS\system32\uphqxbxr.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\setup.exe
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\svhost.exe


((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


2007-06-16 18:08 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 18:05 3,474 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-16 18:04 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-16 18:04 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-16 18:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-14 17:07 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-14 13:07 <DIR> d-------- C:\VundoFix Backups
2007-06-14 09:58 62,516 --a------ C:\WINDOWS\system32\phbrqgjf.dll
2007-06-14 09:49 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-14 09:49 <DIR> d-------- C:\WINDOWS\system32\S7
2007-06-14 09:49 <DIR> d-------- C:\WINDOWS\system32\S6
2007-06-14 09:49 <DIR> d-------- C:\WINDOWS\system32\S2
2007-06-14 09:49 <DIR> d-------- C:\WINDOWS\system32\S1
2007-06-14 09:49 <DIR> d-------- C:\WINDOWS\system32\o09PrEz
2007-06-14 09:49 <DIR> d-------- C:\temp\iee
2007-06-14 09:48 <DIR> d-------- C:\Program Files\svhost
2007-06-14 09:48 <DIR> d-------- C:\Program Files\poolsv
2007-06-13 23:26 36,352 --a------ C:\WINDOWS\poolsv.exe
2007-06-01 22:00 <DIR> d-------- C:\Program Files\Veoh Networks
2007-05-26 22:03 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-05-17 20:14 <DIR> d-------- C:\Program Files\Avery Dennison
2007-05-17 20:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avery


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 22:17:17 336 ----a-w C:\WINDOWS\system32\tablet.dat
2007-06-16 22:01:39 -------- d-----w C:\Program Files\Viewpoint
2007-06-16 18:35:23 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-13 22:07:05 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-06-09 14:41:47 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-06-02 02:01:21 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 23:01:17 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-10 20:29:46 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\GlarySoft
2007-05-10 20:19:59 -------- d-----w C:\Program Files\Glary Utilities
2007-05-09 22:48:13 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-05-06 23:28:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 01:55:43 -------- d-----w C:\Program Files\Windows Journal Viewer
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2005-05-06 01:33:24 56 --sh--r C:\WINDOWS\system32\9BF9C15D80.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll [2007-03-20 17:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{547CBAB5-A943-4570-9DD0-0E4159A7F4A1}=C:\WINDOWS\system32\vtsqp.dll []
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\phbrqgjf.dll [2007-06-14 09:58]
{88ECA3F7-03D2-4526-8245-E717C2C3BE83}=C:\WINDOWS\system32\mljjg.dll []
{A4D90779-6CB2-4752-83C2-A2AB4D9A672D}=C:\Program Files\Cox\Applications\app\AuthBHO.dll [2005-04-14 17:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12]
"D-Link AirPlus Xtreme G"="C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-24 23:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-03-03 18:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{868865EC-0295-4C7D-B25D-9F65314145E9}"="C:\WINDOWS\system32\ddcdaba.dll" []
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqp]
C:\WINDOWS\system32\vtsqp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe


Contents of the 'Scheduled Tasks' folder
2007-06-13 22:33:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-16 22:04:26 C:\WINDOWS\tasks\MP Scheduled Scan.job
2005-03-31 15:55:20 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 19:26:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-16 19:28:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-16 19:28

--- E O F ---
cruds is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-18-2007, 02:39 PM   #6 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


Re: Nonstop popups and lagging computer
AVG Anti-Spyware would not let me save a report.
cruds is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-18-2007, 02:40 PM   #7 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


Re: Nonstop popups and lagging computer
SDFix Report



SDFix: Version 1.88

Run by Owner on Sat 06/16/2007 at 10:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
C:\WINDOWS\CNA.exe.tmp - Deleted
C:\WINDOWS\FMSZ.exe.tmp - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-21-25-8002015 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-22-25-8061984 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-23-25-8122000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-24-25-8182000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-25-25-8241984 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-26-25-8302000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-27-25-8362015 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-28-25-8422000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-29-25-8482000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-30-25-8542015 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-31-25-8602000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-32-25-8662000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-33-25-8722000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-34-25-8782000 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-35-25-8842015 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-36-25-8902015 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-37-25-8962015 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-38-25-9022031 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-39-25-9082031 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-40-25-9142046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-41-25-9202046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-42-25-9262046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-43-25-9322046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-44-25-9382046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-45-25-9442046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-46-25-9502046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-47-25-9562046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-48-25-9622046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-49-25-9682062 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-50-25-9742046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-51-25-9802078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-52-25-9862046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-53-25-9922046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-54-25-9982046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-55-25-10042046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-56-25-10102062 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-57-25-10162062 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-58-25-10222046 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_22-59-25-10282062 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-00-25-10342078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-01-25-10402078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-02-25-10462078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-03-25-10522093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-04-25-10582093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-05-25-10642093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-06-25-10702078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-07-25-10762078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-08-25-10822078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-09-25-10882093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-10-25-10942078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-11-25-11002093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-12-25-11062093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-13-25-11122078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-14-25-11182109 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-15-25-11242078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-16-25-11302078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-17-25-11362078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-18-25-11422078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-19-25-11482078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-20-25-11542093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-21-25-11602093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-22-25-11662078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-23-25-11722078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-24-25-11782093 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-25-25-11842078 - Deleted
C:\WINDOWS\system32\dt\2005-01-26_23-26-25-11902078 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-33-12-191453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-34-12-251500 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-35-12-311500 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-36-12-371640 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-37-12-431484 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-38-12-491500 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-39-12-551484 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-40-12-611468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-41-12-671484 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-42-12-731468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-43-12-791468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-44-12-851468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-45-12-911468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-46-12-971468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-47-12-1031453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-48-12-1091453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-49-12-1151453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-50-12-1211453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-51-12-1271453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-52-12-1331453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-53-12-1391453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-54-12-1451453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-55-12-1511453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-56-12-1571453 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-57-12-1631515 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-58-12-1691468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_14-59-12-1751484 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-00-12-1811546 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-01-12-1871468 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-02-12-1931718 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-03-12-1991703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-04-12-2051687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-05-12-2111687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-06-12-2171718 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-07-12-2233203 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-08-12-2291687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-09-12-2351687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-10-12-2411734 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-11-12-2471687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-12-12-2531687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-13-12-2591687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-14-12-2651687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-15-12-2711687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-16-12-2771687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-17-12-2831703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-18-12-2891687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-19-12-2951687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-20-12-3011687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-21-12-3071687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-22-12-3131687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-23-12-3191687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-24-12-3251687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-25-12-3311671 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-26-12-3371687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-27-12-3431687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-28-12-3491671 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-29-12-3551687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-30-12-3611687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-31-12-3671687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-32-12-3731703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-33-12-3791687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-34-12-3851687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-35-12-3911687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-36-12-3971687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-37-12-4031687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-38-12-4091703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-39-12-4151687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-40-12-4211687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-41-12-4271718 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-42-12-4331687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-43-12-4391687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-44-12-4451687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-45-12-4511687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-46-12-4571687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-47-12-4631687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-48-12-4691703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-49-12-4751687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-50-12-4811703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-51-12-4871703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-52-12-4931687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-53-12-4991687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-54-12-5051687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-55-12-5111734 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-56-12-5171703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-57-12-5231687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-58-12-5291671 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_15-59-12-5351703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-00-12-5411671 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-01-12-5471703 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-02-12-5531687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-03-12-5591687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-04-12-5651687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-05-12-5711687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-06-12-5771687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-07-12-5831687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-08-12-5891687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-09-12-5951687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-10-12-6011687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-11-12-6071687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-12-12-6131734 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-13-12-6191796 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-14-12-6251687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-15-12-6311687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-16-12-6371687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-17-12-6431687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-18-12-6491687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-19-12-6551687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-20-12-6611687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-21-12-6671687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-22-12-6731687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-23-12-6791687 - Deleted
C:\WINDOWS\system32\dt\2005-01-27_16-24-12-6851687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-21-25-8002015 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-22-25-8061984 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-23-25-8122000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-24-25-8182000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-25-25-8241984 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-26-25-8302000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-27-25-8362015 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-28-25-8422000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-29-25-8482000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-30-25-8542015 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-31-25-8602000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-32-25-8662000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-33-25-8722000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-34-25-8782000 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-35-25-8842015 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-36-25-8902015 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-37-25-8962015 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-38-25-9022031 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-39-25-9082031 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-40-25-9142046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-41-25-9202046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-42-25-9262046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-43-25-9322046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-44-25-9382046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-45-25-9442046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-46-25-9502046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-47-25-9562046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-48-25-9622046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-49-25-9682062 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-50-25-9742046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-51-25-9802078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-52-25-9862046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-53-25-9922046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-54-25-9982046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-55-25-10042046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-56-25-10102062 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-57-25-10162062 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-58-25-10222046 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_22-59-25-10282062 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-00-25-10342078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-01-25-10402078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-02-25-10462078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-03-25-10522093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-04-25-10582093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-05-25-10642093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-06-25-10702078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-07-25-10762078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-08-25-10822078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-09-25-10882093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-10-25-10942078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-11-25-11002093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-12-25-11062093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-13-25-11122078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-14-25-11182109 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-15-25-11242078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-16-25-11302078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-17-25-11362078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-18-25-11422078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-19-25-11482078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-20-25-11542093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-21-25-11602093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-22-25-11662078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-23-25-11722078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-24-25-11782093 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-25-25-11842078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-26_23-26-25-11902078 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-33-12-191453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-34-12-251500 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-35-12-311500 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-36-12-371640 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-37-12-431484 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-38-12-491500 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-39-12-551484 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-40-12-611468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-41-12-671484 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-42-12-731468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-43-12-791468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-44-12-851468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-45-12-911468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-46-12-971468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-47-12-1031453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-48-12-1091453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-49-12-1151453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-50-12-1211453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-51-12-1271453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-52-12-1331453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-53-12-1391453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-54-12-1451453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-55-12-1511453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-56-12-1571453 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-57-12-1631515 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-58-12-1691468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_14-59-12-1751484 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-00-12-1811546 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-01-12-1871468 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-02-12-1931718 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-03-12-1991703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-04-12-2051687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-05-12-2111687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-06-12-2171718 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-07-12-2233203 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-08-12-2291687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-09-12-2351687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-10-12-2411734 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-11-12-2471687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-12-12-2531687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-13-12-2591687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-14-12-2651687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-15-12-2711687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-16-12-2771687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-17-12-2831703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-18-12-2891687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-19-12-2951687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-20-12-3011687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-21-12-3071687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-22-12-3131687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-23-12-3191687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-24-12-3251687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-25-12-3311671 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-26-12-3371687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-27-12-3431687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-28-12-3491671 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-29-12-3551687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-30-12-3611687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-31-12-3671687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-32-12-3731703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-33-12-3791687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-34-12-3851687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-35-12-3911687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-36-12-3971687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-37-12-4031687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-38-12-4091703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-39-12-4151687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-40-12-4211687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-41-12-4271718 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-42-12-4331687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-43-12-4391687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-44-12-4451687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-45-12-4511687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-46-12-4571687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-47-12-4631687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-48-12-4691703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-49-12-4751687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-50-12-4811703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-51-12-4871703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-52-12-4931687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-53-12-4991687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-54-12-5051687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-55-12-5111734 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-56-12-5171703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-57-12-5231687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-58-12-5291671 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_15-59-12-5351703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-00-12-5411671 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-01-12-5471703 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-02-12-5531687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-03-12-5591687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-04-12-5651687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-05-12-5711687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-06-12-5771687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-07-12-5831687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-08-12-5891687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-09-12-5951687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-10-12-6011687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-11-12-6071687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-12-12-6131734 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-13-12-6191796 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-14-12-6251687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-15-12-6311687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-16-12-6371687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-17-12-6431687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-18-12-6491687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-19-12-6551687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-20-12-6611687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-21-12-6671687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-22-12-6731687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-23-12-6791687 - Deleted
C:\WINDOWS\system32\dt\th_2005-01-27_16-24-12-6851687 - Deleted
C:\WINDOWS\poolsv.exe - Deleted
C:\WINDOWS\tcb.pmw - Deleted


Folder C:\WINDOWS\system32\kazaabackupfiles - Removed

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\