Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page help i have search and thied everything
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-24-2007, 11:10 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: XP


help i have search and thied everything
here is my hjt log. i have used all of the major anti-programs and nothing has worked. my norton is now not even operable. somehow it has expired. when i click on the balloon i opens a install for registry cleaner 2.5. i have been searching for answers for 4 days now and this is mu\y last resort.

HERE IS MY LOG AND A SCREENSHOT OF THE POPUP I GET


Logfile of HijackThis v1.99.1
Scan saved at 6:13:52 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167469007487
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Attached Images
File Type: jpg screenshot.JPG (26.5 KB, 3 views)
myecrip is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-25-2007, 08:02 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,886
OS: WinXP and Vista


Hello myecrip and welcome,

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
  • Select option #1 - Search by typing 1 and press "Enter"
  • A text file will appear which lists infected files (if present).
  • Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-25-2007, 08:21 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: XP


here is my log from SMITFRAUDFIX
SmitFraudFix v2.135

Scan done at 7:20:02.64, Thu 01/25/2007
Run from C:\Program Files\Common Files\System\MSMAPI\1033\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ctpmon.exe FOUND !
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave Montoya


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave Montoya\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\DAVEMO~1\STARTM~1\Programs\Registry Cleaner FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVEMO~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\DAVEMO~1\Desktop\Registry Cleaner.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\RegistryCleaner\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
myecrip is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-25-2007, 04:49 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,886
OS: WinXP and Vista


Hello myecrip,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please download SmitfraudFix (by S!Ri) to your Desktop. Do not run it yet.

----------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

SpywareBot <--This is a known rogue program. I'll have legit free programs for you when we're through cleaning your system.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click 'Fix Checked' and close HijackThis.

----------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.
----------------------------------------------------

Using My Computer, navigate to and delete the following Folder

C:\Program Files\SpywareBot

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

----------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

----------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

----------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

----------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

----------------------------------------------------

Reboot into Normal Mode.

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

----------------------------------------------------

Please run this online scan to search for any other files that may be lurking. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

----------------------------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
AVG A/S log
Panda log
Hijackthis log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-26-2007, 08:10 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: XP


what program is Cleanup do i need to download it along with AVG anti-spyware
sorry please explain
dave
myecrip is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-26-2007, 09:43 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,886
OS: WinXP and Vista


Sorry about that, Dave.

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-27-2007, 12:29 AM   #7 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: XP


Logs
here are my reports. that popup is gone. are we done?

RAPPORT

SmitFraudFix v2.135

Scan done at 18:56:28.18, Fri 01/26/2007
Run from C:\Documents and Settings\Dave Montoya\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ctpmon.exe Deleted
C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:16:04 PM 1/26/2007

+ Scan result:



C:\cbrnlh.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\ccpqrm.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\iwtxsqxb.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\pdrogn.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).


::Report end

PANDA


Incident Status Location

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Dave Montoya\Application Data\Registry Cleaner
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave Montoya\Desktop\SmitfraudFix\Process.exe
Virus:W32/Ugalebi.A Disinfected C:\Program Files\Ares\My Shared Folder\adobe acrobat 7 0 professional.exe
Virus:W32/Ugalebi.A Disinfected C:\Program Files\Ares\My Shared Folder\disk commander data recovery undelete program & serial.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Common Files\System\MSMAPI\1033\SmitfraudFix\Process.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070122-205117.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070122-205118.backup

HJT

Logfile of HijackThis v1.99.1
Scan saved at 11:28:08 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167469007487
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
myecrip is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-27-2007, 08:51 AM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,886
OS: WinXP and Vista


I'd like to run one more tool to be sure--this tool will only take a few minutes to complete:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-27-2007, 04:29 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: XP


combofix log
"Dave Montoya" - 07-01-27 15:27:24 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Dave Montoya\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


2007-01-26 22:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-26 19:16 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-26 19:15 <DIR> d-------- C:\Program Files\Grisoft
2007-01-25 07:20 2,556 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-24 17:48 <DIR> d-------- C:\Program Files\Symantec Technical Support
2007-01-22 20:56 <DIR> d-------- C:\Program Files\hijackthis
2007-01-21 21:45 <DIR> d-------- C:\357a3f6816a521e4042420992c4a
2007-01-21 20:58 <DIR> d-------- C:\Program Files\Registry Mechanic
2007-01-21 20:47 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Registry Cleaner
2007-01-21 19:58 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Lavasoft
2007-01-21 18:58 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-21 18:57 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-21 17:14 <DIR> d-------- C:\Program Files\BitLord
2007-01-21 14:34 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-01-14 19:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-14 19:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-14 19:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-09 21:46 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-05 23:05 <DIR> d-------- C:\Program Files\QuickTime
2007-01-05 23:05 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-05 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2007-01-05 18:19 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\AdobeUM
2007-01-05 18:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-05 18:05 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-03 21:37 151,552 --a------ C:\WINDOWS\system32\DVZAddin.dll
2007-01-03 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DataViz
2007-01-02 09:52 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-01-02 09:51 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-01-02 09:51 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-01-02 09:51 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-01-02 09:51 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-01-02 09:51 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-02 09:51 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-01-02 09:51 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-01-02 09:50 <DIR> d-------- C:\HP_WebRelease
2006-12-30 20:24 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Leadertech
2006-12-30 20:20 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2006-12-30 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\HotSync
2006-12-30 20:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-12-30 20:18 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\HotSync
2006-12-30 19:42 <DIR> d-------- C:\WINDOWS\Sun
2006-12-30 18:44 <DIR> d-------- C:\Program Files\Roxio
2006-12-30 18:41 <DIR> d--h----- C:\WINDOWS\PIF
2006-12-30 17:52 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-12-30 17:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-30 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2006-12-30 17:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-12-30 17:13 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-30 17:13 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-30 17:12 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-30 17:11 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-30 17:11 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-30 17:06 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\OfficeUpdate12
2006-12-30 08:45 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-12-30 08:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2006-12-30 08:43 <DIR> d-------- C:\Program Files\Microsoft Works
2006-12-30 08:43 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-12-30 08:33 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-30 08:33 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-30 08:17 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-30 08:12 <DIR> d-------- C:\WINDOWS\provisioning
2006-12-30 08:12 <DIR> d-------- C:\WINDOWS\peernet
2006-12-30 08:07 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-30 08:05 <DIR> d-------- C:\WINDOWS\EHome
2006-12-30 07:39 <DIR> d-------- C:\WINDOWS\vid
2006-12-30 07:39 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-12-30 07:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-30 07:39 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-12-30 07:38 <DIR> d-------- C:\temp
2006-12-30 07:38 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-30 07:38 <DIR> d-------- C:\Program Files\Winamp
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Trillian
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Symantec
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Sony
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Real
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Pocket Tunes
2006-12-30 07:37 <DIR> d-------- C:\Program Files\PdaNet for Treo 700p
2006-12-30 07:37 <DIR> d-------- C:\Program Files\palmOne
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Norton AntiVirus
2006-12-30 07:37 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-12-30 07:36 <DIR> d-------- C:\Program Files\Ligos
2006-12-30 07:36 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-30 07:35 <DIR> d-------- C:\Program Files\Java
2006-12-30 07:35 <DIR> d-------- C:\Program Files\Jasc Software Inc
2006-12-30 07:34 <DIR> d-------- C:\Program Files\HP
2006-12-30 07:34 <DIR> d-------- C:\Program Files\Handmark
2006-12-30 07:34 <DIR> d-------- C:\Program Files\Documents To Go
2006-12-30 07:34 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2006-12-30 07:34 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-30 07:34 <DIR> d-------- C:\Program Files\Common Files\HP
2006-12-30 07:34 <DIR> d-------- C:\Program Files\Common Files\DataViz
2006-12-30 07:31 <DIR> d-------- C:\Program Files\Ares
2006-12-30 07:30 <DIR> dr-h----- C:\MSOCache
2006-12-30 07:30 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Yahoo!
2006-12-30 07:30 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Real
2006-12-30 07:30 <DIR> d-------- C:\DOCUME~1\Guest\Application Data\Aim
2006-12-30 07:11 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Yahoo!
2006-12-30 07:11 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Sun
2006-12-30 07:10 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Sony
2006-12-30 07:10 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Real
2006-12-30 07:10 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\IsolatedStorage
2006-12-30 07:10 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Automotix
2006-12-30 07:10 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Adobe
2006-12-30 07:10 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\.limewire
2006-12-30 07:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2006-12-30 07:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2006-12-30 07:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2006-12-30 07:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Hewlett-Packard
2006-12-30 07:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2006-12-30 02:01 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-30 01:52 <DIR> d--hs---- C:\RECYCLER
2006-12-30 01:48 <DIR> d-------- C:\Program Files\DIFX
2006-12-30 01:47 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2006-12-30 01:47 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2006-12-30 01:47 2,208,768 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2006-12-30 01:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-30 01:35 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-12-30 01:35 <DIR> d--h----- C:\DOCUME~1\DAVEMO~1\WLANProfiles
2006-12-30 01:35 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\WLANProfiles
2006-12-30 01:35 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-30 01:35 <DIR> d-------- C:\Program Files\Intel
2006-12-30 01:34 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-30 01:34 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-12-30 01:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-12-30 01:34 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-12-30 01:34 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-12-30 01:31 <DIR> d-------- C:\Intel
2006-12-30 01:28 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-12-30 01:28 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-12-30 01:28 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-12-30 01:28 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-30 01:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-30 01:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-30 01:27 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-12-30 01:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-30 01:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-30 01:27 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-30 01:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-30 01:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-30 01:27 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-30 01:27 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-12-30 01:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-30 01:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-30 01:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-30 01:27 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-12-30 01:27 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-30 01:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-30 01:26 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-12-30 01:26 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-12-30 01:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-12-30 01:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-12-30 01:26 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-12-30 01:26 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-12-30 01:26 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-12-30 01:26 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-12-30 01:26 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-12-30 01:26 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-12-30 01:26 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-12-30 01:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-12-30 01:26 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-12-30 01:26 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-30 01:26 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-12-30 01:26 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-12-30 01:24 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-30 01:22 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-30 01:22 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2006-12-30 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-30 01:00 <DIR> d-------- C:\WINDOWS\system32\bits
2006-12-30 00:59 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-12-30 00:59 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-12-30 00:59 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2006-12-30 00:59 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-12-30 00:59 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-30 00:58 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-30 00:58 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-30 00:58 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-30 00:58 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-30 00:58 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-30 00:58 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-30 00:57 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-30 00:56 <DIR> d--hs---- C:\DOCUME~1\DAVEMO~1\UserData
2006-12-30 00:52 <DIR> d-------- C:\WINDOWS\system32\Dell
2006-12-30 00:49 93,271 --a------ C:\WINDOWS\system32\Vxdif.dll
2006-12-30 00:49 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-12-30 00:49 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2006-12-30 00:46 <DIR> d-------- C:\DOCUME~1\DAVEMO~1\Application Data\Help
2006-12-30 00:27 71,744 --a------ C:\WINDOWS\system32\drivers\el90Xbc5.SYS
2006-12-30 00:27 41,852 --a------ C:\WINDOWS\system32\UpdDrv2K.exe
2006-12-30 00:27 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-30 00:27 <DIR> d-------- C:\WINDOWS\PCTEL
2006-12-30 00:27 <DIR> d-------- C:\WINDOWS\OPTIONS
2006-12-30 00:26 89,088 --a------ C:\WINDOWS\system32\drivers\cwawdm.sys
2006-12-29 21:21 108,791 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2006-12-29 21:21 <DIR> d-------- C:\Program Files\Apoint
2006-12-29 21:20 <DIR> d-------- C:\Program Files\Dell
2006-12-29 21:19 12,288 --a------ C:\WINDOWS\system32\nvgfx.dll
2006-12-29 21:19 <DIR> d-------- C:\WINDOWS\nview
2006-12-29 21:07 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-12-29 21:07 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
2006-12-29 21:07 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
2006-12-29 21:07 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
2006-12-29 21:07 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 21:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-29 21:04 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-12-29 21:04 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-12-29 21:03 <DIR> d--hs---- C:\WINDOWS\Installer
2006-12-29 21:02 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-12-29 20:59 <DIR> d--hs---- C:\System Volume Information
2006-12-29 20:56 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-12-29 20:56 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-12-29 20:50 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2006-12-29 20:49 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-29 20:48 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-12-29 20:48 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-12-29 20:48 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-12-29 20:48 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-12-29 20:48 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-12-29 20:48 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-29 20:48 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-29 20:48 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-29 20:48 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-12-29 20:48 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-12-29 20:48 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-29 20:48 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-12-29 20:48 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-12-29 20:48 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-12-29 20:48 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-12-29 20:48 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-29 20:48 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-29 20:48 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-12-29 20:48 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-12-29 20:48 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-29 20:48 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-29 20:48 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-12-29 20:48 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-29 20:48 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-12-29 20:48 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-12-29 20:48 185,344 --a------ C:\WINDOWS\system32\upnphost.dll
2006-12-29 20:48 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-29 20:48 16,896 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-12-29 20:48 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-12-29 20:48 132,608 --a------ C:\WINDOWS\system32\upnp.dll
2006-12-29 20:48 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-12-29 20:48 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-29 20:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-12-29 20:48 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-29 20:47 <DIR> d-------- C:\WINDOWS\Registration
2006-12-29 20:04 5,473,872 --a------ C:\WINDOWS\system32\MSJAVX86.EXE
2006-12-29 20:04 2,515,312 --a------ C:\WINDOWS\system32\IE60~1.EXE
2006-12-29 20:03 <DIR> d-------- C:\DELL
2006-12-29 20:02 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-12-29 20:02 0 -rahs---- C:\MSDOS.SYS
2006-12-29 20:02 0 -rahs---- C:\IO.SYS
2006-12-29 20:02 0 --a------ C:\CONFIG.SYS
2006-12-29 20:02 0 --a------ C:\AUTOEXEC.BAT
2006-12-29 20:02 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-12-29 20:02 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-12-29 20:01 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-12-29 20:01 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-12-29 20:01 <DIR> d-------- C:\WINDOWS\srchasst
2006-12-29 20:01 <DIR> d-------- C:\Program Files\Movie Maker
2006-12-29 20:00 <DIR> d---s---- C:\WINDOWS\Tasks
2006-12-29 20:00 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-12-29 20:00 <DIR> d-------- C:\WINDOWS\PCHEALTH
2006-12-29 20:00 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-12-29 19:59 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-29 19:59 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-29 19:59 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-29 19:59 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-29 19:59 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-12-29 19:59 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-29 19:59 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-29 19:59 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-29 19:59 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-12-29 19:59 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-29 19:59 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-29 19:59 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-29 19:59 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-29 19:59 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-12-29 19:59 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-12-29 19:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-29 19:59 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-12-29 19:59 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-29 19:59 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-12-29 19:59 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-29 19:59 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-12-29 19:59 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-29 19:59 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-29 19:59 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-29 19:59 295,424 -ra------ C:\WINDOWS\system32\termsrv.dll
2006-12-29 19:59 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-12-29 19:59 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-29 19:59 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-29 19:59 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-29 19:59 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-29 19:59 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-29 19:59 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-29 19:59 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-29 19:59 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-29 19:59 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-29 19:59 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-12-29 19:59 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-29 19:59 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-12-29 19:59 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-29 19:59 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-29 19:59 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-29 19:59 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-29 19:59 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-29 19:59 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-29 19:59 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-29 19:59 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-29 19:59 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-29 19:59 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-29 19:59 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-29 19:59 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-29 19:59 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-29 19:59 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-29 19:59 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-29 19:59 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-29 19:59 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-29 19:59 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-29 19:59 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-29 19:59 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-12-29 19:59 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-12-29 19:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-12-29 19:59 <DIR> d-------- C:\Program Files\Windows NT
2006-12-29 19:59 <DIR> d-------- C:\Program Files\Online Services
2006-12-29 19:59 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-12-29 19:59 <DIR> d-------- C:\Program Files\Messenger
2006-12-29 19:58 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-12-29 19:58 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-12-29 19:58 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-29 19:58 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-12-29 19:58 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-29 19:58 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-12-29 19:58 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-12-29 19:58 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-29 19:58 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-12-29 19:58 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-12-29 19:58 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-12-29 19:58 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-12-29 19:58 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-12-29 19:58 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-29 19:58 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-12-29 19:58 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-12-29 19:58 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-12-29 19:58 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-29 19:58 <DIR> d-------- C:\WINDOWS\system32\Com
2006-12-29 12:43 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-21 22:24 -------- d---s---- C:\DOCUME~1\DAVEMO~1\Application Data\microsoft
2007-01-05 16:03 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-12-30 08:47 -------- d-------- C:\DOCUME~1\DAVEMO~1\Application Data\mozilla
2006-12-30 00:59 -------- d-------- C:\DOCUME~1\DAVEMO~1\Application Data\macromedia
2006-12-29 21:03 -------- d-------- C:\DOCUME~1\DAVEMO~1\Application Data\identities
2006-12-29 12:43 62 --ahs---- C:\DOCUME~1\DAVEMO~1\Application Data\desktop.ini
2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"PCTVOICE"="pctspk.exe"
"nwiz"="nwiz.exe /installquiet"
"ZCfgSvc.exe"="C:\\WINDOWS\\System32\\ZCfgSvc.exe"
"PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Completion time: 07-01-27 15:28:18
C:\ComboFix2.txt ... 07-01-27 15:25
myecrip is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-27-2007, 08:16 PM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,886
OS: WinXP and Vista


Hello,

This log looks clean as well. If there aren't any more problems, please continue with these final instructions and helpful links.


Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download the McAfee Site Advisor--free. The folks there check out websites and based on their findings, rate it as either Safe, Unknown, Caution, or Bad.

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-28-2007, 02:46 PM   #11 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: XP


Thank you
you guys are great. loved the help and i will donate

Dave
myecrip is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-28-2007, 03:44 PM   #12 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,886
OS: WinXP and Vista


You're welcome, and thank you.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:05 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85