Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC slowing up alot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC slowing up alot

Unread postby micronacid » January 11th, 2007, 5:17 am

Hi, my names Ron and im new to the forum, i think its great though, but im having some serious lagging problems with my computer. While im using it the Hour Glass icon consistently comes up, but nothing even runs or pops up. I'm not sure if this is malware, but here's my hijackthis log..

Logfile of HijackThis v1.99.1
Scan saved at 4:15:18 AM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\wess\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmred ... bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ceveau.us:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\tllxmrld.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {8D7BD47F-D671-4EF1-9884-5CCA8E1D1A0E} - C:\WINDOWS\System32\hgdby.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ikof] C:\PROGRA~1\COMMON~1\ikof\ikofm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/078ccf9b0a0 ... xIE601.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe


thanks, any help would be appreciated.
User avatar
micronacid
Regular Member
 
Posts: 19
Joined: January 11th, 2007, 5:09 am
Location: New York
Advertisement
Register to Remove

Unread postby Mr_JAk3 » January 11th, 2007, 8:56 am

Hi micronacid and welcome to the Malware Removal Forums :)

You have at least some malware leftovers there...

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable AVG Anti-Spyware guard.
  • Open AVG Anti-Spyware
  • Click Shield
  • Click under "resident shield is"
  • Change it to inactive
  • Close the program

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby micronacid » January 11th, 2007, 2:49 pm

thanks for the help here is the combofix log

wess - 07-01-11 13:46:51.98 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{0086BA5A-044D-1033-0216-010229000001}
C:\Program Files\Common Files\{3086BA5A-044D-1033-0216-010229000001}


((((((((((((((((((((((((((((((( Files Created from 2006-12-11 to 2007-01-11 ))))))))))))))))))))))))))))))))))


2007-01-11 06:08 <DIR> d-------- C:\SDFix
2007-01-11 05:35 <DIR> d-------- C:\Documents and Settings\wess\Application Data\abelhadigital.com
2007-01-11 05:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2007-01-11 05:34 <DIR> d-------- C:\Program Files\HostsMan
2007-01-11 04:38 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-11 04:34 444 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-11 03:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-11 02:11 <DIR> d-------- C:\Program Files\Google
2007-01-10 20:10 <DIR> d-------- C:\Program Files\Dorgem
2007-01-10 14:32 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-01-10 14:32 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Intuit
2007-01-10 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-01-10 14:29 1,716,297 --------- C:\WINDOWS\system32\InetClnt.dll
2007-01-10 14:29 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-01-10 14:28 <DIR> d-------- C:\Program Files\TurboTax
2007-01-10 14:28 <DIR> d-------- C:\Documents and Settings\wess\Application Data\InstallShield
2007-01-09 22:26 92,672 --a------ C:\WINDOWS\system32\See32.dll
2007-01-09 22:26 57,856 --a------ C:\WINDOWS\system32\Fce32.dll
2007-01-09 22:26 57,856 --a------ C:\WINDOWS\Fce32.dll
2007-01-09 22:26 45,056 --a------ C:\WINDOWS\system32\offer.exe
2007-01-09 22:26 389,120 --a------ C:\WINDOWS\system32\ImgX4.dll
2007-01-09 22:26 <DIR> d-------- C:\Program Files\Easy Web Cam
2007-01-09 22:19 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-09 22:19 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-09 22:19 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-09 22:19 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-09 22:19 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-09 22:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-09 22:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-09 22:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-09 22:18 <DIR> d-------- C:\WINDOWS\OvtCam
2007-01-09 22:16 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-01-09 22:15 61,440 --a------ C:\WINDOWS\ov519dib.dll
2007-01-09 22:15 40,960 --a------ C:\WINDOWS\system32\ov519ext.dll
2007-01-09 22:15 40,960 --a------ C:\WINDOWS\CleanDev.exe
2007-01-09 22:15 32,528 --a------ C:\WINDOWS\amcap.exe
2007-01-09 22:15 307,200 --a------ C:\WINDOWS\vidcap32.exe
2007-01-09 22:15 25,211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2007-01-09 22:15 200,704 --a------ C:\WINDOWS\sel3110.exe
2007-01-09 22:15 174,530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys
2007-01-09 22:15 16,426 --a------ C:\WINDOWS\system32\ov519usd.dll
2007-01-09 22:15 135,168 --a------ C:\WINDOWS\ov519cap.exe
2007-01-09 22:07 <DIR> d-------- C:\WINDOWS\eyetoy
2007-01-09 22:07 <DIR> d-------- C:\Program Files\Eyetoy
2007-01-09 21:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-09 04:03 <DIR> dr-h----- C:\Documents and Settings\wess\Application Data\yahoo!
2007-01-09 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-01-08 23:20 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Jasc Software Inc
2007-01-08 23:19 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-01-08 20:23 <DIR> d-------- C:\Program Files\WS_FTP
2007-01-07 23:07 <DIR> d-------- C:\Program Files\HighGrow
2007-01-07 19:35 299,520 --a------ C:\WINDOWS\uninst.exe
2007-01-07 19:35 <DIR> d-------- C:\Documents and Settings\wess\WINDOWS
2007-01-07 07:30 <DIR> d-------- C:\Program Files\avisplit
2007-01-07 07:28 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-01-07 07:27 <DIR> d-------- C:\Program Files\Gabest
2007-01-06 22:40 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Ahead
2007-01-06 22:37 <DIR> d-------- C:\Program Files\Nero
2007-01-06 22:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-06 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-01-06 21:32 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-01-06 21:32 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-01-06 21:32 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-01-06 21:32 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-01-06 21:32 <DIR> d-------- C:\Program Files\Cucusoft
2007-01-06 19:06 <DIR> d-------- C:\Program Files\Any Video Converter
2007-01-06 06:54 <DIR> d-------- C:\Documents and Settings\wess\Application Data\MySpace
2007-01-06 06:53 <DIR> d-------- C:\Program Files\MySpace
2007-01-05 20:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-05 10:15 <DIR> d-------- C:\Program Files\PowerISO
2007-01-05 10:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-04 20:35 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Wing IDE 2
2007-01-04 20:28 <DIR> d-------- C:\Python
2007-01-04 20:17 <DIR> d-------- C:\Program Files\Wing IDE 2.1
2007-01-04 19:52 <DIR> d-------- C:\Documents and Settings\wess\.idlerc
2007-01-04 19:47 <DIR> d-------- C:\Python25
2007-01-04 10:57 <DIR> d-------- C:\WINDOWS\nview
2007-01-04 10:50 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-04 10:43 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-04 10:07 <DIR> d-------- C:\Documents and Settings\wess\Application Data\acccore
2007-01-04 07:49 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Adobe
2007-01-04 00:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-03 23:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-03 23:58 <DIR> d-------- C:\Program Files\Adobe
2007-01-03 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-01-02 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-01-02 19:49 <DIR> d-------- C:\Program Files\VisualTooltip
2007-01-02 19:49 <DIR> d-------- C:\Program Files\Vista Sidebar
2007-01-02 19:49 <DIR> d-------- C:\Program Files\Blaero Start Orb
2007-01-02 19:49 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Stardock
2007-01-02 19:43 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-01-02 19:43 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2007-01-02 19:10 720,412 --a------ C:\WINDOWS\system32\MGB_ScreenSaver.scr
2007-01-02 19:10 7,287,808 --a------ C:\WINDOWS\system32\vistaui.exe
2007-01-02 19:10 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2007-01-02 19:10 382,976 --a------ C:\WINDOWS\system32\Vista.scr
2007-01-02 19:10 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-01-02 19:10 <DIR> d-------- C:\Program Files\LClock
2007-01-02 19:06 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-01-02 19:06 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-01-02 19:06 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2007-01-02 19:06 <DIR> d-------- C:\VTPFiles
2007-01-01 23:21 <DIR> d-------- C:\Program Files\nLite
2007-01-01 17:17 <DIR> d-------- C:\Program Files\pspvideo9
2007-01-01 17:17 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-01-01 17:15 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-01 17:15 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-01 17:15 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-01 14:54 <DIR> d-------- C:\temp
2007-01-01 14:53 <DIR> d-------- C:\Program Files\PQDVD
2007-01-01 00:09 <DIR> d-------- C:\Documents and Settings\wess\Application Data\VMware
2006-12-31 23:55 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2006-12-31 23:55 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2006-12-31 23:55 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2006-12-31 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
2006-12-31 23:42 <DIR> d-------- C:\Program Files\MagicISO
2006-12-31 21:53 <DIR> d-------- C:\Program Files\foobar2000
2006-12-31 19:46 <DIR> d-------- C:\Program Files\NSIS
2006-12-31 15:43 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2006-12-31 15:42 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe
2006-12-30 21:13 <DIR> d-------- C:\Program Files\Gaim
2006-12-30 17:50 <DIR> d-------- C:\Program Files\Toolkit3
2006-12-30 17:48 <DIR> d-------- C:\Documents and Settings\wess\Application Data\uk.co.planetside
2006-12-30 17:45 <DIR> d-------- C:\Program Files\Terragen
2006-12-30 11:32 <DIR> d---s---- C:\Documents and Settings\wess\UserData
2006-12-30 01:31 <DIR> d-------- C:\Program Files\SiSoftware
2006-12-30 00:29 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Apple Computer
2006-12-30 00:27 <DIR> d-------- C:\Program Files\QuickTime
2006-12-30 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-12-29 20:19 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Help
2006-12-29 16:37 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-29 16:26 <DIR> d-------- C:\Program Files\Project64 1.6
2006-12-29 15:54 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 15:53 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2006-12-29 15:53 <DIR> d-------- C:\Program Files\VIA
2006-12-29 15:52 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2006-12-29 02:19 <DIR> d-------- C:\Documents and Settings\wess\Application Data\vlc
2006-12-29 02:17 <DIR> d-------- C:\Program Files\VideoLAN
2006-12-28 19:54 <DIR> d-------- C:\Documents and Settings\wess\Application Data\OpenOffice.org2
2006-12-28 19:49 <DIR> d-------- C:\Program Files\OpenOffice.org 2.1
2006-12-28 18:47 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2006-12-28 18:47 <DIR> d-------- C:\Program Files\VstPlugins
2006-12-28 18:45 <DIR> d-------- C:\Program Files\Image-Line
2006-12-28 16:00 <DIR> d-------- C:\Documents and Settings\wess\Application Data\.gaim
2006-12-28 15:58 <DIR> d-------- C:\Program Files\Aspell
2006-12-28 15:57 <DIR> d-------- C:\Program Files\Common Files\GTK
2006-12-28 14:17 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-28 13:48 <DIR> d-------- C:\Program Files\Soulseek
2006-12-28 13:09 <DIR> d-------- C:\Documents and Settings\wess\Application Data\AVG7
2006-12-28 13:08 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-28 13:08 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-28 13:08 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-28 13:08 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-28 13:08 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-28 13:08 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-28 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-28 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-28 12:21 <DIR> d-------- C:\Documents and Settings\wess\Incomplete
2006-12-28 12:21 <DIR> d-------- C:\Documents and Settings\wess\Application Data\FrostWire
2006-12-28 12:20 <DIR> d-------- C:\Program Files\FrostWire
2006-12-28 12:04 <DIR> d-------- C:\Program Files\uTorrent
2006-12-28 12:04 <DIR> d-------- C:\Documents and Settings\wess\Application Data\uTorrent
2006-12-28 11:52 <DIR> d-------- C:\Program Files\BitComet
2006-12-28 11:44 <DIR> d-------- C:\Documents and Settings\wess\Application Data\.ABC
2006-12-28 11:38 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Uniblue
2006-12-28 04:47 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-12-28 03:54 <DIR> d-------- C:\Documents and Settings\wess\Application Data\fltk.org
2006-12-28 03:26 <DIR> d-------- C:\Program Files\Miranda IM
2006-12-28 02:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-28 02:38 <DIR> d-------- C:\Program Files\Grisoft
2006-12-28 02:23 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-28 02:23 <DIR> d-------- C:\Program Files\AOD
2006-12-28 02:23 <DIR> d-------- C:\Program Files\AIM
2006-12-28 02:19 <DIR> d-------- C:\WINDOWS\Sun
2006-12-28 02:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-28 02:17 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-28 01:47 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-28 01:41 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-28 01:19 <DIR> d-------- C:\WINDOWS\provisioning
2006-12-28 01:19 <DIR> d-------- C:\WINDOWS\peernet
2006-12-28 01:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-28 01:12 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-28 01:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-28 01:08 <DIR> d-------- C:\WINDOWS\EHome
2006-12-28 01:00 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-28 00:47 <DIR> d-------- C:\Program Files\Java
2006-12-28 00:47 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-28 00:42 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-28 00:42 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Sun
2006-12-28 00:15 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-12-28 00:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-12-28 00:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-28 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-27 23:58 <DIR> d--hs---- C:\WINDOWS\d2Vzcw
2006-12-27 23:53 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-27 23:53 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-27 23:53 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-12-27 23:53 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-27 23:53 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-27 23:53 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-27 23:53 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-27 23:53 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-27 23:53 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-27 23:53 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-12-27 23:53 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-27 23:53 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-27 23:53 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-27 23:53 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-12-27 23:53 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-27 23:53 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-27 23:52 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-12-27 23:52 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-12-27 23:52 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-12-27 23:52 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-27 23:47 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-27 23:45 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-27 23:45 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2006-12-27 23:23 <DIR> d--hs---- C:\WINDOWS\CSC
2006-12-27 22:29 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-27 22:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-27 22:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-27 22:29 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-27 22:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-27 22:29 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-27 22:06 <DIR> d-------- C:\Documents and Settings\wess\Application Data\MSN6
2006-12-27 22:04 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-27 21:51 <DIR> d-------- C:\Documents and Settings\wess\Application Data\MSNInstaller
2006-12-27 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-12-27 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2006-12-27 21:44 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2006-12-27 21:44 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2006-12-27 21:44 <DIR> d-------- C:\Program Files\Common Files\Motive
2006-12-27 21:42 <DIR> d-------- C:\WINDOWS\bin
2006-12-27 21:42 <DIR> d-------- C:\Program Files\Verizon
2006-12-27 21:42 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Verizon
2006-12-27 21:41 <DIR> d-------- C:\Program Files\PlayLinc
2006-12-27 13:13 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Lavasoft
2006-12-27 12:42 <DIR> d-------- C:\Documents and Settings\wess\Application Data\.TrueSwordSettings
2006-12-26 13:42 <DIR> d-------- C:\Program Files\Sonic
2006-12-26 13:21 <DIR> d-------- C:\WINDOWS\system32\bits
2006-12-26 13:19 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-12-26 13:19 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-12-26 13:19 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2006-12-26 13:19 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-12-26 13:19 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-26 06:11 <DIR> d--hs---- C:\found.000
2006-12-26 03:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-26 03:14 <DIR> d-------- C:\Program Files\Common Files\ikof
2006-12-26 02:39 <DIR> d-------- C:\Program Files\DOSBox-0.65
2006-12-26 02:20 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-12-26 02:20 <DIR> d-------- C:\Program Files\Manual Viewer
2006-12-26 00:49 22,541 ---hs---- C:\WINDOWS\system32\nnnmnno.dll
2006-12-25 21:59 428,824 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-25 21:59 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-25 21:59 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-25 21:59 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-12-25 21:59 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-25 21:59 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-25 21:59 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-25 20:43 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-12-24 09:06 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-12-24 07:47 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-12-24 07:04 <DIR> d-------- C:\Program Files\WinRAR
2006-12-24 06:41 <DIR> d-------- C:\Program Files\7-Zip
2006-12-24 05:36 <DIR> d-------- C:\Program Files\BearShare Applications
2006-12-24 03:58 <DIR> d-------- C:\WINDOWS\pss
2006-12-24 00:20 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Leadertech
2006-12-24 00:19 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2006-12-24 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2006-12-24 00:18 <DIR> d-------- C:\Program Files\palmOne
2006-12-24 00:17 <DIR> d-------- C:\Documents and Settings\wess\Application Data\HotSync
2006-12-24 00:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-12-24 00:14 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-24 00:13 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2006-12-23 23:53 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Syntrillium
2006-12-23 22:21 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-12-23 22:21 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2006-12-23 22:21 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-12-23 22:21 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-12-23 22:21 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-12-23 22:21 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-12-23 22:21 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-12-23 22:21 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-12-23 22:21 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-12-23 22:21 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-12-23 22:21 310,272 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-12-23 22:21 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2006-12-23 22:21 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
2006-12-23 22:21 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-12-23 22:21 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-12-23 22:21 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2006-12-23 22:21 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2006-12-23 22:21 2,174,976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-23 22:21 151,552 --a------ C:\WINDOWS\system32\wmidx.dll
2006-12-23 22:21 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2006-12-23 22:21 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-12-23 22:21 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-12-23 22:21 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-12-23 22:19 <DIR> d-------- C:\Program Files\coolpro2
2006-12-23 22:11 <DIR> d-------- C:\Documents and Settings\wess\Application Data\BitTorrent
2006-12-23 22:10 <DIR> d-------- C:\Program Files\BitTorrent
2006-12-23 22:05 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-12-23 22:05 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Mozilla


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-11 13:47 -------- d-------- C:\Program Files\Common Files
2007-01-11 04:57 -------- d-------- C:\Program Files\Internet Explorer
2007-01-07 18:15 -------- d-------- C:\Program Files\MSN
2007-01-07 18:13 -------- d---s---- C:\Documents and Settings\wess\Application Data\Microsoft
2007-01-05 20:27 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-02 19:52 -------- d-------- C:\Program Files\Windows Media Player
2007-01-02 19:51 -------- d-------- C:\Program Files\Outlook Express
2006-12-31 23:50 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-28 16:00 -------- d-------- C:\Documents and Settings\wess\Application Data\.gaim
2006-12-28 11:46 -------- d-------- C:\Documents and Settings\wess\Application Data\.ABC
2006-12-28 03:15 -------- d-------- C:\Program Files\Messenger
2006-12-28 03:05 -------- d-------- C:\Program Files\Common Files\System
2006-12-28 01:19 -------- d-------- C:\Program Files\Movie Maker
2006-12-28 01:16 -------- d-------- C:\Program Files\Windows NT
2006-12-28 01:16 -------- d-------- C:\Program Files\NetMeeting
2006-12-27 12:42 -------- d-------- C:\Documents and Settings\wess\Application Data\.TrueSwordSettings
2006-12-25 21:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-12-24 00:21 -------- d-------- C:\Program Files\Real
2006-12-24 00:17 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-12-08 04:50 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-12-08 04:47 1159168 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 10:07 110592 --a------ C:\WINDOWS\system32\msnphoto.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ikof"="C:\\PROGRA~1\\COMMON~1\\ikof\\ikofm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"HostsMan"="C:\\Program Files\\HostsMan\\hm.exe -s"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,ea,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,42,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,42,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\palmOne\\Hotsync.exe -logon"
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^wess^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
"path"="C:\\Documents and Settings\\wess\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.1.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.1.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.1\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^wess^Start Menu^Programs^Startup^palmOne Registration.lnk]
"path"="C:\\Documents and Settings\\wess\\Start Menu\\Programs\\Startup\\palmOne Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\palmOne Registration.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\palmOne\\register.exe /remind /language=EN /INTL=\"true\" /_NBL=\"true\" /PRNM=\"palmOne\""
"item"="palmOne Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADeck"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Blaero Start Orb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Blaero Start Orb\\Blaero Start Orb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyFreeWebCam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="easywebcam"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\EASYWE~1\\easywebcam.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\ipwins\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Network Services Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmsvc32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mmsvc32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svcchost"
"hkey"="HKLM"
"command"="svcchost.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mysvcc"
"hkey"="HKLM"
"command"="mysvcc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VerizonServicepoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sidebar"
"hkey"="HKLM"
"command"="C:\\Program Files\\Vista Sidebar\\sidebar.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VisualToolTip"
"hkey"="HKLM"
"command"="C:\\Program Files\\VisualTooltip\\VisualToolTip.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-11 13:48:23.45
C:\ComboFix.txt ... 07-01-11 13:48
User avatar
micronacid
Regular Member
 
Posts: 19
Joined: January 11th, 2007, 5:09 am
Location: New York

Unread postby Mr_JAk3 » January 12th, 2007, 2:45 am

Hi again, we'll continue :)

You seem to have this Viewpoint software installed. It has a suspicious reputation and I recommend that you remove it via Control Panel, Add/Remove programs.

This is the folder to delete, C:\Program Files\Viewpoint

Then you seem to have BearShare installed. I recommend that you see the info here. I would recommend to remove it via Control Panel, Add/Remove programs.

This is the folder to delete, C:\Program Files\BearShare Applications


You should print these instructions or save these to a text file. Follow these instructions carefully.

Open AVG Anti-Spyware:
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
==================

Backup your registry:
  • Start
  • Run
  • Type the following to the box and hit Ok: regedit
  • A window opens, click on File
  • Choose Export form the menu
  • Change the save location to C:\
  • Give the filename, RegBackUp
  • Make sure that the filetype is set to Registryfiles (*.reg)
  • Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Network Services Controller]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\tllxmrld.dll (file missing)
O2 - BHO: (no name) - {8D7BD47F-D671-4EF1-9884-5CCA8E1D1A0E} - C:\WINDOWS\System32\hgdby.dll (file missing)
O4 - HKCU\..\Run: [ikof] C:\PROGRA~1\COMMON~1\ikof\ikofm.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/078ccf9b0a0 ... xIE601.cab

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\System32\mmsvc32.exe
C:\WINDOWS\system32\nnnmnno.dll

Go to the My Computer and delete the following folders (if present):
C:\Program Files\ipwins
C:\Program Files\Common Files\ikof
C:\WINDOWS\d2Vzcw

Use the Windows search
  • Start
  • Search
  • All files and folders
  • More advanced options
Checkmark these options:
  • "Search system folders"
  • "Search hidden files and folders"
  • "Search subfolders"
  • Search for this and delete if found: svcchost.exe Note! There is a legitimate system file named svchost.exe, do NOT delete it!
  • Search for this and delete if found: mysvcc.exe
Run ATF Cleaner
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby micronacid » January 12th, 2007, 5:02 am

thanks for all the help, here are my logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:55:56 AM 1/12/2007

+ Scan result:



Nothing found.



::Report end



Logfile of HijackThis v1.99.1
Scan saved at 4:01:41 AM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\wess\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmred ... bm=ms_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ceveau.us:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\HostsMan\hm.exe -s
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
User avatar
micronacid
Regular Member
 
Posts: 19
Joined: January 11th, 2007, 5:09 am
Location: New York

Unread postby Mr_JAk3 » January 12th, 2007, 4:41 pm

Hi and sorry for the long delay :)

It is looking good now...How is the pc running ?

You don't seem to a firewall running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.


These are good (free) firewalls:You can remove the tools we used.

Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby micronacid » January 12th, 2007, 6:05 pm

yea man everythings working tip-top now, thanks a bunch for all the help. I cant wait till im able to join the university myself ;) .. thanks again
User avatar
micronacid
Regular Member
 
Posts: 19
Joined: January 11th, 2007, 5:09 am
Location: New York

Unread postby Mr_JAk3 » January 13th, 2007, 12:48 pm

You're very welcome, nice that we were able to help :D

and welcome to the University! :thumbright:
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby NonSuch » January 13th, 2007, 2:08 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware