View Full Version : Adware, browser hijacks (IE and Firefox) and possibly Vundo
theperkygoth
2006-12-16, 13:09
Hi, I've read and followed "BEFORE you POST". Here is my HijackThis! log and online antivirus scan results (I used Housecall)
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:05:36 PM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Hijack This!\HijackThis.exe
C:\WINDOWS\system32\sol.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index_first.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {2D23251F-9FA9-1481-B5F9-031E51F5F025} - C:\WINDOWS\system32\xradunb.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tkxnv] C:\WINDOWS\system32\??stem\s?anregw.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddaab - C:\WINDOWS\system32\ddaab.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Housecall log:
Detected malware
TROJ_GENERIC
1 Infections
There is currently no more information available for this malware...
General information about this type of malware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified General risk rate Very low Low Medium High
General information about this type of malware.
Cleanup options Clean all detected Infections automatically
Select an individual action for each detected infection.
TROJ_AGENT.GZU
2 Infections
There is currently no more information available for this malware...
General information about this type of malware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified General risk rate Very low Low Medium High
General information about this type of malware.
Cleanup options Clean all detected Infections automatically
Select an individual action for each detected infection.
0 Infections
Transfering more information about this malware...
General information about this type of malware.
There is currently no more information available for this malware...
General information about this type of malware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified General risk rate Very low Low Medium High
General information about this type of malware.
0 Signatures
0 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified General risk rate Very low Low Medium High
General information about this type of grayware/spyware.
0 Detected
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
Transfering more information about this port...
An error occured while trying to retrieve more information about this port. There is currently no more information available.
Standard services over this port: Unknown
Malware exploiting this port: Unknown
pskelley
2006-12-17, 14:26
Welcome to the forum, I don't see Vundo but hackers do hide it, rename you HJT.exe, call it theperkygoth.exe or whatever you wish. I see evidence of a nasty from OIN called Purity scan.
Start > Control Panel > Add Remove programs and uninstall PuritySCAN By OIN, OIN or OuterInfo if there. Uninstall any other program you know does not belong there, if you are unsure let me know and I will look.
Thanks to sUBs and anyone who helped with this fix.
1. Download ComboFix.exe using either of these links:
* bleepingcomputer.com
http://download.bleepingcomputer.com/sUBs/combofix.exe
* techsupportforum.com
http://www.techsupportforum.com/sectools/combofix.exe
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
theperkygoth
2006-12-18, 13:17
Hi, thanks for the quick reply. I couldn't find anything called PuritySCAN By OIN, OIN or OuterInfo on the add/remove programs list. The few programs that I don't know about are
OmniPage SE
Microsoft User-Mode Driver Framework Feature Pack
Microsoft Compression Client Pack
Easy-WebPrint
C-Media WDM Audio Driver
Combofix log
Jinnie - 06-12-18 11:36:23.07 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Jinnie\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{007107E9-03F8-1033-1223-021213200001}
C:\Program Files\Common Files\{307107E9-03F8-1033-1223-021213200001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Jinnie\Application Data\YSTEM~1
C:\QooBox\Purity\Documents and Settings\Jinnie\Application Data\YSTEM~1\?ystem
C:\QooBox\Purity\WINDOWS\system32\STEM~1
((((((((((((((((((((((((((((((( Files Created from 2006-11-18 to 2006-12-18 ))))))))))))))))))))))))))))))))))
2006-12-16 20:14 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-16 20:12 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-13 19:09 <DIR> d-------- C:\Documents and Settings\Jinnie\.housecall6.6
2006-12-13 19:00 <DIR> d-------- C:\WINDOWS\Sun
2006-12-13 19:00 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Sun
2006-12-13 18:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-13 16:32 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-13 15:54 <DIR> d-------- C:\Scan!
2006-12-13 13:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-12 14:13 <DIR> d-------- C:\Program Files\Windows Defender
2006-12-12 12:12 757,047 ---hs---- C:\WINDOWS\system32\baadd.bak1
2006-12-09 23:23 1,135,779 ---hs---- C:\WINDOWS\system32\baadd.ini2
2006-12-09 14:08 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-12-09 13:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-12-09 13:29 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\SUPERAntiSpyware.com
2006-12-09 13:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-09 13:27 <DIR> d-------- C:\Program Files\SpywareGuard
2006-12-09 11:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-12-09 11:44 21,312 --a------ C:\WINDOWS\choice.exe
2006-12-09 11:40 <DIR> d-------- C:\ie-spyad2
2006-12-09 11:04 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-09 11:04 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-09 11:02 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-09 10:59 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-09 10:57 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-08 16:30 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-12-08 16:30 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-12-08 16:29 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-12-08 16:29 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\PC Tools
2006-12-07 10:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-07 10:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-07 10:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-07 00:22 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Google
2006-12-07 00:20 <DIR> d-------- C:\Program Files\Google
2006-12-05 02:05 725,806 ---hs---- C:\WINDOWS\system32\baadd.bak2
2006-12-02 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-02 21:50 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Help
2006-11-28 18:52 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-28 18:51 <DIR> d-------- C:\WINDOWS\ShellNew
2006-11-28 18:51 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-11-28 12:31 8,704 --a------ C:\WINDOWS\system32\CNMVS7J.DLL
2006-11-28 12:31 140,288 --a------ C:\WINDOWS\system32\CNMLM7J.DLL
2006-11-28 12:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2006-11-28 12:30 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-28 12:30 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-28 12:29 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-28 12:19 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\ScanSoft
2006-11-28 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2006-11-28 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2006-11-28 12:18 <DIR> d-------- C:\Program Files\ScanSoft
2006-11-28 12:18 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2006-11-28 12:16 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-11-28 12:16 <DIR> d-------- C:\Program Files\ArcSoft
2006-11-28 12:13 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-11-28 12:12 69,632 --a------ C:\WINDOWS\system32\CNCI170.DLL
2006-11-28 12:12 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2006-11-28 12:12 221,184 --a------ C:\WINDOWS\system32\CNCC170.DLL
2006-11-28 12:12 139,264 --a------ C:\WINDOWS\system32\CNCL170.DLL
2006-11-28 12:12 <DIR> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2006-11-28 12:12 <DIR> d--h----- C:\CanonMP
2006-11-28 12:12 <DIR> d-------- C:\WINDOWS\StartHtmico
2006-11-28 12:11 <DIR> d-------- C:\Program Files\Canon
2006-11-25 23:47 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Kaboom Studios
2006-11-25 22:31 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2006-11-25 22:31 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2006-11-25 22:31 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2006-11-25 22:31 26,088 -ra------ C:\WINDOWS\system32\xmlinst.exe
2006-11-25 22:31 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll
2006-11-25 22:25 778,240 --a------ C:\WINDOWS\system32\Petz 5.scr
2006-11-25 22:25 <DIR> d-------- C:\Program Files\Ubi Soft
2006-11-25 22:23 4,703,784 --a------ C:\DXMedia.exe
2006-11-25 22:21 <DIR> d-------- C:\Program Files\On-line
2006-11-25 22:19 <DIR> d-------- C:\Program Files\Kaboom Studios
2006-11-25 22:12 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-25 22:12 <DIR> d-------- C:\Program Files\Bullfrog
2006-11-25 22:12 <DIR> d-------- C:\Documents and Settings\Jinnie\WINDOWS
2006-11-25 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-25 20:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-25 20:52 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Adobe
2006-11-25 20:28 <DIR> d-------- C:\Program Files\Common Files\Real
2006-11-25 20:26 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Real
2006-11-25 19:16 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Apple Computer
2006-11-25 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-25 17:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-25 17:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-25 17:51 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-25 12:48 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-11-25 12:48 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-11-25 12:48 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-11-25 12:48 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-11-25 12:48 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-11-25 12:48 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-25 12:48 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2006-11-25 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-11-25 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2006-11-25 12:46 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-11-25 12:46 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-11-25 12:31 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Macromedia
2006-11-25 12:30 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-25 12:25 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
2006-11-25 12:25 46,551 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2006-11-25 12:25 4,981 --a------ C:\WINDOWS\system32\AdADIx2K.dll
2006-11-25 12:25 32,768 --a------ C:\WINDOWS\adiras.exe
2006-11-25 12:25 200,704 --a------ C:\WINDOWS\system32\AdADIx32.dll
2006-11-25 12:25 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe
2006-11-25 12:25 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe
2006-11-25 12:25 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2006-11-25 12:25 122,505 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2006-11-25 12:25 118,784 --a------ C:\WINDOWS\autoclk.exe
2006-11-25 12:25 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-25 12:24 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-22 22:05 <DIR> d-------- C:\Program Files\SAGEM
2006-11-22 22:05 <DIR> d-------- C:\Program Files\Pathlore
2006-11-22 22:05 <DIR> d-------- C:\Program Files\iPod
2006-11-22 22:05 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-22 22:04 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-22 22:03 <DIR> d-------- C:\Program Files\Java
2006-11-22 22:03 <DIR> d-------- C:\Program Files\iTunes
2006-11-22 19:01 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\McAfee.com Personal Firewall
2006-11-22 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2006-11-22 18:57 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\McAfee
2006-11-22 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-22 18:46 <DIR> d-------- C:\ESSDATACourseware
2006-11-22 18:46 <DIR> d-------- C:\drivers
2006-11-22 18:45 <DIR> d-------- C:\Program Files\Adobe
2006-11-22 15:33 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Talkback
2006-11-22 15:32 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Mozilla
2006-11-22 15:29 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Lavasoft
2006-11-22 15:28 <DIR> d-------- C:\Program Files\WinZip
2006-11-22 15:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-22 15:28 <DIR> d-------- C:\Program Files\Real
2006-11-22 15:28 <DIR> d-------- C:\Program Files\McAfee
2006-11-22 15:28 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-22 15:28 <DIR> d-------- C:\Program Files\DirectX
2006-11-22 15:27 <DIR> d-------- C:\Program Files\QuickTime
2006-11-22 15:26 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-22 15:26 <DIR> d-------- C:\Program Files\McAfee.com
2006-11-22 14:56 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-11-22 14:17 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-22 14:06 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\U3
2006-11-22 00:31 <DIR> d--hs---- C:\RECYCLER
2006-11-21 22:51 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-21 22:00 <DIR> dr-h----- C:\Documents and Settings\Jinnie\SendTo
2006-11-21 22:00 <DIR> dr-h----- C:\Documents and Settings\Jinnie\Recent
2006-11-21 22:00 <DIR> dr-h----- C:\Documents and Settings\Jinnie\Application Data\.
2006-11-21 22:00 <DIR> dr-h----- C:\Documents and Settings\Jinnie\Application Data
2006-11-21 22:00 <DIR> dr------- C:\Documents and Settings\Jinnie\Start Menu
2006-11-21 22:00 <DIR> dr------- C:\Documents and Settings\Jinnie\My Documents
2006-11-21 22:00 <DIR> dr------- C:\Documents and Settings\Jinnie\Favorites
2006-11-21 22:00 <DIR> d--hs---- C:\Documents and Settings\Jinnie\Cookies
2006-11-21 22:00 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-21 22:00 <DIR> d--h----- C:\Documents and Settings\Jinnie\Templates
2006-11-21 22:00 <DIR> d--h----- C:\Documents and Settings\Jinnie\PrintHood
2006-11-21 22:00 <DIR> d--h----- C:\Documents and Settings\Jinnie\NetHood
2006-11-21 22:00 <DIR> d--h----- C:\Documents and Settings\Jinnie\Local Settings
2006-11-21 22:00 <DIR> d---s---- C:\Documents and Settings\Jinnie\Application Data\Microsoft
2006-11-21 22:00 <DIR> d-------- C:\Documents and Settings\Jinnie\Desktop
2006-11-21 22:00 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\Identities
2006-11-21 22:00 <DIR> d-------- C:\Documents and Settings\Jinnie\Application Data\..
2006-11-21 22:00 <DIR> d-------- C:\Documents and Settings\Jinnie\..
2006-11-21 22:00 <DIR> d-------- C:\Documents and Settings\Jinnie\.
2006-11-21 21:57 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-21 21:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-21 21:55 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-21 21:55 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-21 21:55 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-21 21:51 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-21 21:51 <DIR> d-------- C:\Program Files\xerox
2006-11-21 21:51 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-21 21:50 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-21 21:50 0 -rahs---- C:\MSDOS.SYS
2006-11-21 21:50 0 -rahs---- C:\IO.SYS
2006-11-21 21:50 0 --a------ C:\CONFIG.SYS
2006-11-21 21:50 0 --a------ C:\AUTOEXEC.BAT
2006-11-21 21:49 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-21 21:49 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-21 21:49 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-21 21:49 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-21 21:48 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-21 21:48 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-21 21:48 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-21 21:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-21 21:48 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-21 21:48 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-21 21:48 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-21 21:48 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-21 21:48 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-21 21:48 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-21 21:47 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-21 21:47 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-21 21:47 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-21 21:47 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-21 21:47 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-21 21:47 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-21 21:47 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-21 21:47 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-21 21:47 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-21 21:47 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-21 21:47 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-21 21:47 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-21 21:47 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-21 21:47 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-21 21:47 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-21 21:47 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-21 21:47 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-21 21:47 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-21 21:47 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-21 21:47 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-21 21:47 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-21 21:47 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-21 21:47 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-21 21:47 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-21 21:47 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-21 21:47 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-21 21:47 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-21 21:47 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-21 21:47 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-21 21:47 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-21 21:47 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-21 21:47 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-21 21:47 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-21 21:47 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-21 21:47 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-21 21:47 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-21 21:47 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-21 21:47 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-21 21:47 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-21 21:47 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-21 21:47 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-21 21:47 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-21 21:47 <DIR> d-------- C:\WINDOWS\Registration
2006-11-21 21:47 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-21 21:47 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-21 21:47 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-21 21:47 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-21 21:47 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-21 21:47 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-21 21:46 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-21 21:46 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-21 21:46 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-21 21:46 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-21 21:46 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2006-11-21 21:46 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-21 21:46 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-21 21:46 138,752 --a------
theperkygoth
2006-12-18, 13:21
C:\WINDOWS\system32\sndvol32.exe
2006-11-21 21:46 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-21 21:46 <DIR> d-------- C:\Program Files\Online Services
2006-11-21 21:46 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-21 21:46 <DIR> d-------- C:\Program Files\Messenger
2006-11-21 21:45 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-21 21:45 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-21 21:45 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-21 21:45 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-21 21:45 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-21 21:45 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-21 21:45 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-21 21:45 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-21 21:45 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-21 21:45 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-21 21:45 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-21 21:45 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-21 21:45 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-21 21:45 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-21 21:45 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-21 21:45 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-21 21:45 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-21 21:45 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-21 21:45 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-21 21:45 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-21 21:45 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-21 21:45 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-21 21:45 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-21 21:45 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-21 21:45 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-21 21:45 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-21 21:45 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-21 21:45 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-21 21:45 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-21 21:45 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-21 21:45 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-21 21:45 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-21 21:45 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-21 21:45 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-21 21:45 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-21 21:45 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-21 21:45 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-21 21:45 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-21 21:45 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-21 21:45 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-21 21:45 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-21 21:45 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-21 21:45 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-21 21:45 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-21 21:45 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-21 21:45 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-21 21:45 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-21 21:45 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-21 21:45 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-21 21:45 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-21 21:45 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-21 21:45 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-21 21:45 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-21 21:45 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-21 21:45 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-21 21:45 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-21 21:45 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-21 21:45 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-21 21:45 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-21 21:45 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-21 21:45 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-21 21:45 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-21 21:45 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-21 21:45 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-21 21:45 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-21 21:45 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-21 21:45 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-21 21:45 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-21 21:45 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-21 21:45 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-21 21:45 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-21 21:45 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-21 21:45 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-21 21:45 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-21 21:45 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-21 21:45 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-21 21:45 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-21 21:45 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-21 21:45 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-21 21:45 <DIR> d-------- C:\Program Files\Windows NT
2006-11-21 21:45 <DIR> d-------- C:\Program Files\MSN
theperkygoth
2006-12-18, 13:22
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-18 11:46 -------- d-------- C:\Program Files\Common Files
2006-12-12 14:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-25 23:47 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --------- C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 16:22 91265 --a--c--- C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 16:22 49149 --a--c--- C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 16:21 41996 --a--c--- C:\Program Files\dxdllreg_x86.cab
2006-09-28 16:21 183321 --a--c--- C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 16:21 1413862 --a--c--- C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 16:21 138977 --a--c--- C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 16:21 1128177 --a--c--- C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 15:55 976020 -----c--- C:\Program Files\BDAXP.cab
2006-09-28 15:55 917318 -----c--- C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 15:55 88102 -----c--- C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 15:55 87989 -----c--- C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 15:55 86925 -----c--- C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 15:55 82374 --a--c--- C:\Program Files\dxupdate.cab
2006-09-28 15:55 74520 --a------ C:\Program Files\DSETUP.dll
2006-09-28 15:55 703080 -----c--- C:\Program Files\BDA.cab
2006-09-28 15:55 484632 --a------ C:\Program Files\DXSETUP.exe
2006-09-28 15:55 47018 -----c--- C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 15:55 46898 -----c--- C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 15:55 46247 -----c--- C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 15:55 4163518 -----c--- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 15:55 2248984 --a------ C:\Program Files\dsetup32.dll
2006-09-28 15:55 183863 -----c--- C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 15:55 181745 -----c--- C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 15:55 180021 -----c--- C:\Program Files\Apr2006_XACT_x64.cab
2006-09-28 15:55 179247 -----c--- C:\Program Files\Feb2006_XACT_x64.cab
2006-09-28 15:55 1398718 -----c--- C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 15:55 138195 -----c--- C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 15:55 1363684 -----c--- C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 15:55 1358864 -----c--- C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 15:55 1351430 -----c--- C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 15:55 1348242 -----c--- C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 15:55 134631 -----c--- C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 15:55 133991 -----c--- C:\Program Files\Apr2006_XACT_x86.cab
2006-09-28 15:55 1336890 -----c--- C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 15:55 133297 -----c--- C:\Program Files\Feb2006_XACT_x86.cab
2006-09-28 15:55 13265040 -----c--- C:\Program Files\dxnt.cab
2006-09-28 15:55 1248387 -----c--- C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 15:55 1156363 --------- C:\Program Files\BDANT.cab
2006-09-28 15:55 1116109 -----c--- C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 15:55 1085608 -----c--- C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 15:55 1080344 -----c--- C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 15:55 1079850 -----c--- C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 15:55 1078532 -----c--- C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 15:55 1065813 -----c--- C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 15:55 1014113 -----c--- C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Tkxnv"="C:\\WINDOWS\\system32\\??stem\\s?anregw.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MPFEXE"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaab
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-12-18 11:52:06.56
C:\ComboFix.txt ... 06-12-18 11:52
theperkygoth
2006-12-18, 13:24
Logfile of HijackThis v1.99.1
Scan saved at 12:08:47 PM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Scan!\ThePerkyGoth.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index_first.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {2D23251F-9FA9-1481-B5F9-031E51F5F025} - C:\WINDOWS\system32\xradunb.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tkxnv] C:\WINDOWS\system32\??stem\s?anregw.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D464FD82-5449-4B5D-8928-BC005E2DF93C}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddaab - C:\WINDOWS\system32\ddaab.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
pskelley
2006-12-18, 13:59
Thanks for returning your information. Those programs you listed appear to be valid.
I see SpywareGuard running, that is a good program, what concerns me is the possibility of Windows Defender conflicting with Spyware Doctor. I suggest you ask tech support at Spyware Doctor if there are any issues.
Java has updated again, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
I suggest you download the newest version and uninstall all old versions in Add Remove programs.
C:\WINDOWS\system32\baadd.bak1
C:\WINDOWS\system32\baadd.ini2
C:\WINDOWS\system32\baadd.bak2
Use these free online scanners to check these files, if they scan bad, delete them, if not leave them alone.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {2D23251F-9FA9-1481-B5F9-031E51F5F025} - C:\WINDOWS\system32\xradunb.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O4 - HKCU\..\Run: [Tkxnv] C:\WINDOWS\system32\??stem\s?anregw.exe
O20 - Winlogon Notify: ddaab - C:\WINDOWS\system32\ddaab.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\??stem\ <<< careful, delete that folder, The ?? may be letters and the item may be gone.
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post a new HJT log. Let me know how the computer it is running now.
Thanks
theperkygoth
2006-12-18, 17:29
The three scans reported all the files as clean except the second scan (http://www.kaspersky.com/scanforvirus) couldn't scan the third file (bbaad.ini) as it was too big.
I did the Fix Xhecked thing in HJT, but couldn't find C:\WINDOWS\system32\??stem\ to delete it. I then ran ATF cleaner.
New HJT log
Logfile of HijackThis v1.99.1
Scan saved at 4:22:03 PM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Scan!\ThePerkyGoth.exe
C:\WINDOWS\system32\sol.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index_first.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Thank you for all your help, the computer seems to be behaving now - no more IE popups, and no adverts for "Winantiviruspro" on Firefox.
pskelley
2006-12-18, 17:43
Sounds good thanks for the feedback, these:
C:\Scan!\ThePerkyGoth.exe <<< you can rename that to HJT.exe if you wish.
C:\WINDOWS\system32\sol.exe <<< as long as that is the card game, fine. If not make me aware.
Clean your System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Safe surfing and Merry Christmas:present:
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
theperkygoth
2006-12-19, 13:28
Yes it's Solitaire, I'm a bit of an addict :D: I've done the System Restore thing you said to do and will check out the links you sent. Hope you have a great Christmas too :present:
pskelley
2006-12-22, 13:58
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.