Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Key Logger

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Sd-Vortex » April 6th, 2007, 9:38 pm

umm if i delete viewpoint will i be able to keep AOL Instant Messenger??
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am
Advertisement
Register to Remove

Unread postby tim s » April 6th, 2007, 9:40 pm

Hi

umm if i delete viewpoint will i be able to keep AOL Instant Messenger??


Yes you will.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 6th, 2007, 9:48 pm

okay iv removed viewpoint
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 6th, 2007, 9:55 pm

Hello Sd-Vortex


This is next we now going to start tidy up some here:

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

-------------------------------------------------------------------------

You can now delete SDFix it is no longer needed.

Let me know how your computer is running now?

Please post a new HJT log for me to check
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 6th, 2007, 10:12 pm

my comp is running great


Logfile of HijackThis v1.99.1
Scan saved at 9:11:48 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on TOSHIBA] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" /P40 "Auto EPSON Stylus Photo RX500 on TOSHIBA" /O18 "\\TOSHIBA\EPSONSty" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QUICKCARE] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QUICKCARE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites ... nstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 6th, 2007, 10:25 pm

Hello Sd-Vortex

Great job. You can also delete OiUninstaller.exe that I had you download earlier it is of no longer any use.

Here is the information I said I would post for you. Any questions just ask.

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:

    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain - that forum has a topic for your infection which is ........... please post as a reply, you will need to register to do so. It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


May your God go with you..
Tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 11th, 2007, 4:10 pm

i just did a norton anti virus scan and this came up
Spyware.Perfect- cannot be removed from an unsupported file
and it says
Details
[rinst.exe] inside of [c:\windows\system32\inst_eliteclient.exe]
am


should i just delete it or what?
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 11th, 2007, 6:27 pm

Hello Sd-Vortex

i just did a norton anti virus scan and this came up
Spyware.Perfect- cannot be removed from an unsupported file
and it says
Details
[rinst.exe] inside of [c:\windows\system32\inst_eliteclient.exe]
am


should i just delete it or what?


--------------------------------------------------------------------------

I will need you to run this tool and let me review log it produces to see if something was missed that needs removing:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar. << do not change any settings
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

------------------------------------------------------------

Please post in next reply
Winpfind3u log
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 11th, 2007, 10:52 pm

WinPFind3 logfile created on: 4/11/2007 6:45:47 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Nate\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.48 Mb Total Physical Memory | 202.66 Mb Available Physical Memory | 39.70% Memory free
864.15 Mb Paging File | 396.44 Mb Available in Paging File | 45.88% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 5.89 Gb Free Space | 10.55% Space Free
Drive D: | 480.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Nate
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 12:33:40 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 12:28:00 PM | Attr = ]
e_s4i2k1.exe -> %System32%\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 233472 bytes | Modified Date = 10/23/2003 8:51:18 PM | Attr = ]
hpwuschd.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 12:24:48 PM | Attr = ]
hpztsb09.exe -> %System32%\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 11/10/2003 6:04:40 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
morpheus.exe -> %ProgramFiles%\Morpheus\Morpheus.exe -> Streamcast Networks, Inc [Ver = 1.0.0.1 | Size = 716800 bytes | Modified Date = 6/8/2006 4:34:54 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
sprtcmd.exe -> %ProgramFiles%\Qwest\QuickCare\bin\sprtcmd.exe -> Qwest [Ver = 6,7,1257,0 | Size = 192512 bytes | Modified Date = 11/7/2006 10:07:42 PM | Attr = ]
stealthbot v2.6r3.exe -> %UserDesktop%\Hulk\Crap\StealthBot\StealthBot v2.6R3.exe -> Stealth Networks [Ver = 2.06.0020 | Size = 1941512 bytes | Modified Date = 2/28/2007 1:02:52 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 2/28/2007 11:15:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
wmp54gsv1_1.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe -> Linksys [Ver = 1.0.0.4 | Size = 5046784 bytes | Modified Date = 4/28/2005 10:20:26 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.0.0.142 | Size = 48272 bytes | Modified Date = 9/3/2006 3:54:52 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 9/5/2006 9:22:26 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 2/28/2007 11:15:10 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 12:33:40 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]
(WMP54GSSVC) WMP54GSSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 12:28:00 PM | Attr = ]
Auto EPSON Stylus Photo RX500 on TOSHIBA -> %System32%\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 233472 bytes | Modified Date = 10/23/2003 8:51:18 PM | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 12:24:48 PM | Attr = ]
HPDJ Taskbar Utility -> %System32%\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 11/10/2003 6:04:40 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 9/5/2006 9:22:28 PM | Attr = ]
QUICKCARE -> %ProgramFiles%\Qwest\QuickCare\bin\sprtcmd.exe -> Qwest [Ver = 6,7,1257,0 | Size = 192512 bytes | Modified Date = 11/7/2006 10:07:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Quicken Scheduled Updates.lnk -> %ProgramFiles%\QUICKENW\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/2/2003 2:08:08 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Nate\Start Menu\Programs\Startup
%UserStartup%\Morpheus.lnk -> %ProgramFiles%\Morpheus\Morpheus.exe -> Streamcast Networks, Inc [Ver = 1.0.0.1 | Size = 716800 bytes | Modified Date = 6/8/2006 4:34:54 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.msn.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.myspace.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Modified Date = 9/6/2006 1:18:24 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [Radio] -> [Ver = | Size = 844314 bytes | Modified Date = 8/4/2004 12:51:02 AM | Attr = ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 510152 bytes | Modified Date = 9/6/2006 1:18:36 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
{D65D7248-A6E4-463F-BC09-00FB3DB2046D} -> ->
PowerSearch 2.07 -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{03FF3ADC-CABF-480B-903B-8464EB0AD955} -> (Broadcom 440x 10/100 Integrated Controller) ->
{72472170-2997-4FB3-BAA8-04AB454E2713} -> (Wireless-G PCI Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 81920 bytes | Modified Date = 10/23/2003 8:51:20 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0000000A-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/ ... mv9VCM.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab ->
{58172624-85DD-4482-9E64-02ADCA637E96} -> - CodeBase = http://www.kungfuchess.com/activex/web665.cab ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6} -> - CodeBase = http://www.nick.com/common/groove/gx/GrooveAX27.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -> - CodeBase = http://locator1.cdn.imagesrvr.com/sites ... nstall.cab ->
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> Toontown Installer ActiveX Control - CodeBase = http://a.download.toontown.com/sv1.0.21.13/ttinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -> Tukati Launcher - CodeBase = http://www.tukati.com/software/4/1.7.20.20/tukati.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Chess -> - CodeBase = http://download.games.yahoo.com/games/c ... /ct1_x.cab ->


[Files/Folders - Created Within 30 days]
a.dat -> %SystemDrive%\a.dat -> [Ver = | Size = 1032 bytes | Created Date = 3/17/2007 6:07:50 AM | Attr = ]
b.dat -> %SystemDrive%\b.dat -> [Ver = | Size = 1032 bytes | Created Date = 3/17/2007 6:07:50 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 4/6/2007 4:55:42 PM | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/5/2007 2:12:04 AM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/16/2007 2:08:41 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/16/2007 2:18:13 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/11/2007 2:01:31 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/11/2007 2:01:43 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/11/2007 2:02:00 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/11/2007 2:01:13 AM | Attr = H ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 4/11/2007 2:01:22 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/5/2007 9:18:36 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/5/2007 9:21:28 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 3/14/2007 12:07:51 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/5/2007 9:18:41 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 4/5/2007 8:28:54 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 4/5/2007 9:18:39 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/5/2007 9:18:41 PM | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 3/23/2007 9:18:04 PM | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 765952 bytes | Created Date = 3/23/2007 9:18:05 PM | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 3/23/2007 9:18:02 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 4/5/2007 9:21:28 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/6/2007 12:43:19 PM | Attr = ]
HOSTS.MVP -> %System32%\drivers\ETC\HOSTS.MVP -> [Ver = | Size = 568921 bytes | Created Date = 4/5/2007 11:13:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\ETC\HOSTS.MVP:Zone.Identifier ->

[Files/Folders - Modified Within 30 days]
a.dat -> %SystemDrive%\a.dat -> [Ver = | Size = 1032 bytes | Modified Date = 3/17/2007 7:57:48 AM | Attr = ]
b.dat -> %SystemDrive%\b.dat -> [Ver = | Size = 1032 bytes | Modified Date = 3/17/2007 7:57:48 AM | Attr = ]
c5688864e3c151dfb2c635e597ae -> %SystemDrive%\c5688864e3c151dfb2c635e597ae -> [Folder | Modified Date = 4/5/2007 10:26:22 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/30/2007 11:10:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Modified Date = 4/11/2007 3:09:28 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/10/2007 10:00:20 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 4/6/2007 8:30:44 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/11/2007 7:24:16 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/11/2007 12:12:12 AM | Attr = H ]
$NtUninstallKB824141$ -> %SystemRoot%\$NtUninstallKB824141$ -> [Folder | Modified Date = 4/5/2007 11:38:46 PM | Attr = H ]
$NtUninstallKB828028$ -> %SystemRoot%\$NtUninstallKB828028$ -> [Folder | Modified Date = 4/5/2007 11:38:46 PM | Attr = H ]
$NtUninstallKB828035$ -> %SystemRoot%\$NtUninstallKB828035$ -> [Folder | Modified Date = 4/5/2007 11:38:48 PM | Attr = H ]
$NtUninstallKB828741$ -> %SystemRoot%\$NtUninstallKB828741$ -> [Folder | Modified Date = 4/5/2007 11:38:58 PM | Attr = H ]
$NtUninstallKB833407$ -> %SystemRoot%\$NtUninstallKB833407$ -> [Folder | Modified Date = 4/5/2007 11:38:58 PM | Attr = H ]
$NtUninstallKB835732$ -> %SystemRoot%\$NtUninstallKB835732$ -> [Folder | Modified Date = 4/5/2007 11:39:06 PM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 4/5/2007 11:39:16 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/5/2007 3:12:06 AM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/16/2007 3:08:44 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/16/2007 3:18:18 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 3:01:34 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 3:01:46 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 3:02:02 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 3:01:16 AM | Attr = H ]
$NtUninstallQ828026$ -> %SystemRoot%\$NtUninstallQ828026$ -> [Folder | Modified Date = 4/5/2007 11:41:02 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/5/2007 11:41:28 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 4/11/2007 3:09:30 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/6/2007 1:12:10 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/6/2007 9:09:52 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 4/11/2007 3:01:50 AM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/11/2007 3:02:18 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/10/2007 10:01:18 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/6/2007 1:12:02 AM | Attr = ]
MSAGENT -> %SystemRoot%\MSAGENT -> [Folder | Modified Date = 4/11/2007 3:09:26 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/11/2007 6:45:22 PM | Attr = ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [Ver = | Size = 2161 bytes | Modified Date = 4/4/2007 4:45:48 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/6/2007 9:49:00 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/5/2007 11:58:46 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/11/2007 3:09:26 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/8/2007 5:30:32 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/11/2007 2:39:34 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 189 bytes | Modified Date = 4/5/2007 10:24:38 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/11/2007 4:24:02 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Nate.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nate.job -> [Ver = | Size = 562 bytes | Modified Date = 4/6/2007 8:00:46 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/11/2007 3:09:36 AM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/5/2007 11:59:10 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/11/2007 7:25:42 AM | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 13158 bytes | Modified Date = 4/11/2007 2:36:46 PM | Attr = ]
CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 4/5/2007 11:59:54 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 4/11/2007 3:09:26 AM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/10/2007 10:00:34 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 3/14/2007 1:07:52 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 471576 bytes | Modified Date = 4/5/2007 4:50:52 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/5/2007 10:18:42 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:24 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:28 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 4/5/2007 9:28:56 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/5/2007 10:18:42 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 53812 bytes | Modified Date = 4/6/2007 9:48:56 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 383584 bytes | Modified Date = 4/6/2007 9:48:56 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 432142 bytes | Modified Date = 4/6/2007 9:48:56 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/5/2007 10:18:42 PM | Attr = ]
WBEM -> %System32%\WBEM -> [Folder | Modified Date = 4/6/2007 12:03:08 AM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 4/11/2007 7:19:32 AM | Attr = ]
ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 4/6/2007 6:47:06 PM | Attr = ]
HOSTS.MVP -> %System32%\drivers\ETC\HOSTS.MVP -> [Ver = | Size = 568921 bytes | Modified Date = 4/6/2007 12:12:40 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\ETC\HOSTS.MVP:Zone.Identifier ->

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 5168 bytes -> %SystemRoot%\b2_t_STOCKS:WWE+&455.xml ->
@Alternate Data Stream - 5168 bytes -> %SystemRoot%\b2_t_STOCKS:WWE+149.xml ->
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Eliteclient.exe -> [Ver = 1.2.7.0 | Size = 353280 bytes | Modified Date = 1/1/2007 6:52:48 AM | Attr = ]
UPX! , UPX0 , -> %System32%\inst_Eliteclient.exe -> [Ver = | Size = 584835 bytes | Modified Date = 1/1/2007 6:53:44 AM | Attr = ]
UPX! , UPX0 , -> %System32%\RXBarsetupV2.dll -> [Ver = 1, 0, 0, 1 | Size = 245760 bytes | Modified Date = 10/28/2004 3:50:22 PM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\drivers\hamachi.sys -> Applied Networking Inc. [Ver = 5.9.9.8 | Size = 15440 bytes | Modified Date = 12/27/2006 5:16:24 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\ETC\HOSTS.MVP:Zone.Identifier ->
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\ETC\HOSTS.MVP -> [Ver = | Size = 568921 bytes | Modified Date = 4/6/2007 12:12:40 AM | Attr = ]

< End of report >
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 11th, 2007, 11:49 pm

Hello Sd-Vortex,

There are some leftovers that need to be taken care.

Next, Please follow the steps below in order:

Step #1
Now start WinPFind3U.exe.
Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
(make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Registry - Non-Microsoft Only]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {58172624-85DD-4482-9E64-02ADCA637E96} -> - CodeBase = http://www.kungfuchess.com/activex/web665.cab
YN -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> - CodeBase = http://www.nick.com/common/groove/gx/GrooveAX27.cab
YN -> {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -> - CodeBase = http://locator1.cdn.imagesrvr.com/sites ... nstall.cab
YN -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> Toontown Installer ActiveX Control - CodeBase = http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
YN -> {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -> Tukati Launcher - CodeBase = http://www.tukati.com/software/4/1.7.20.20/tukati.cab
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\inst_Eliteclient.exe
NY -> UPX! , UPX0 , -> %System32%\RXBarsetupV2.dll


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:

  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.


Step #2

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:


  1. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  2. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:

    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button

    Note: Don't save the report before you hit the Apply action button.
  3. Next select the "Reports" icon at the top.
  4. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  5. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


Step #4

Post the following back here:

  • a new WinPFind3U report
  • the AVG Anti-Spyware report

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Sd-Vortex » April 12th, 2007, 8:07 am

heres the WinPFind3 log

WinPFind3 logfile created on: 4/12/2007 7:00:31 AM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Nate\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.48 Mb Total Physical Memory | 192.98 Mb Available Physical Memory | 37.80% Memory free
864.15 Mb Paging File | 523.21 Mb Available in Paging File | 60.55% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 6.32 Gb Free Space | 11.32% Space Free
Drive D: | 480.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Nate
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 12:33:40 AM | Attr = ]
aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 243392 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 12:28:00 PM | Attr = ]
e_s4i2k1.exe -> %System32%\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 233472 bytes | Modified Date = 10/23/2003 8:51:18 PM | Attr = ]
hpwuschd.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 12:24:48 PM | Attr = ]
hpztsb09.exe -> %System32%\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 11/10/2003 6:04:40 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
morpheus.exe -> %ProgramFiles%\Morpheus\Morpheus.exe -> Streamcast Networks, Inc [Ver = 1.0.0.1 | Size = 716800 bytes | Modified Date = 6/8/2006 4:34:54 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
sprtcmd.exe -> %ProgramFiles%\Qwest\QuickCare\bin\sprtcmd.exe -> Qwest [Ver = 6,7,1257,0 | Size = 192512 bytes | Modified Date = 11/7/2006 10:07:42 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 2/28/2007 11:15:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
wmp54gsv1_1.exe -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe -> Linksys [Ver = 1.0.0.4 | Size = 5046784 bytes | Modified Date = 4/28/2005 10:20:26 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.0.0.142 | Size = 48272 bytes | Modified Date = 9/3/2006 3:54:52 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 9/5/2006 9:22:26 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 7:36:34 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 2/28/2007 11:15:10 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 12:33:40 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]
(WMP54GSSVC) WMP54GSSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 12:28:00 PM | Attr = ]
Auto EPSON Stylus Photo RX500 on TOSHIBA -> %System32%\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 233472 bytes | Modified Date = 10/23/2003 8:51:18 PM | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 12:24:48 PM | Attr = ]
HPDJ Taskbar Utility -> %System32%\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 11/10/2003 6:04:40 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 9/5/2006 9:22:28 PM | Attr = ]
QUICKCARE -> %ProgramFiles%\Qwest\QuickCare\bin\sprtcmd.exe -> Qwest [Ver = 6,7,1257,0 | Size = 192512 bytes | Modified Date = 11/7/2006 10:07:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Quicken Scheduled Updates.lnk -> %ProgramFiles%\QUICKENW\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/2/2003 2:08:08 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Nate\Start Menu\Programs\Startup
%UserStartup%\Morpheus.lnk -> %ProgramFiles%\Morpheus\Morpheus.exe -> Streamcast Networks, Inc [Ver = 1.0.0.1 | Size = 716800 bytes | Modified Date = 6/8/2006 4:34:54 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.msn.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.myspace.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Modified Date = 9/6/2006 1:18:24 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [Radio] -> [Ver = | Size = 844314 bytes | Modified Date = 8/4/2004 12:51:02 AM | Attr = ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 510152 bytes | Modified Date = 9/6/2006 1:18:36 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
{D65D7248-A6E4-463F-BC09-00FB3DB2046D} -> ->
PowerSearch 2.07 -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{03FF3ADC-CABF-480B-903B-8464EB0AD955} -> (Broadcom 440x 10/100 Integrated Controller) ->
{72472170-2997-4FB3-BAA8-04AB454E2713} -> (Wireless-G PCI Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 81920 bytes | Modified Date = 10/23/2003 8:51:20 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0000000A-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/ ... mv9VCM.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Chess -> - CodeBase = http://download.games.yahoo.com/games/c ... /ct1_x.cab ->


[Files/Folders - Created Within 30 days]
a.dat -> %SystemDrive%\a.dat -> [Ver = | Size = 1032 bytes | Created Date = 3/17/2007 6:07:50 AM | Attr = ]
b.dat -> %SystemDrive%\b.dat -> [Ver = | Size = 1032 bytes | Created Date = 3/17/2007 6:07:50 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 4/6/2007 4:55:42 PM | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/5/2007 2:12:04 AM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/16/2007 2:08:41 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/16/2007 2:18:13 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/11/2007 2:01:31 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/11/2007 2:01:43 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/11/2007 2:02:00 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/11/2007 2:01:13 AM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/5/2007 9:18:36 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/5/2007 9:21:28 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 3/14/2007 12:07:51 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/5/2007 9:18:41 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/6/2007 6:32:07 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 4/5/2007 8:28:54 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 4/5/2007 9:18:39 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/5/2007 9:18:41 PM | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 3/23/2007 9:18:04 PM | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 765952 bytes | Created Date = 3/23/2007 9:18:05 PM | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 3/23/2007 9:18:02 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 4/5/2007 9:21:28 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/6/2007 12:43:19 PM | Attr = ]
HOSTS.MVP -> %System32%\drivers\ETC\HOSTS.MVP -> [Ver = | Size = 568921 bytes | Created Date = 4/5/2007 11:13:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\ETC\HOSTS.MVP:Zone.Identifier ->

[Files/Folders - Modified Within 30 days]
a.dat -> %SystemDrive%\a.dat -> [Ver = | Size = 1032 bytes | Modified Date = 3/17/2007 7:57:48 AM | Attr = ]
b.dat -> %SystemDrive%\b.dat -> [Ver = | Size = 1032 bytes | Modified Date = 3/17/2007 7:57:48 AM | Attr = ]
c5688864e3c151dfb2c635e597ae -> %SystemDrive%\c5688864e3c151dfb2c635e597ae -> [Folder | Modified Date = 4/5/2007 10:26:22 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/30/2007 11:10:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Modified Date = 4/12/2007 6:53:34 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/10/2007 10:00:20 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 4/6/2007 8:30:44 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/12/2007 6:54:36 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/11/2007 12:12:12 AM | Attr = H ]
$NtUninstallKB824141$ -> %SystemRoot%\$NtUninstallKB824141$ -> [Folder | Modified Date = 4/5/2007 11:38:46 PM | Attr = H ]
$NtUninstallKB828028$ -> %SystemRoot%\$NtUninstallKB828028$ -> [Folder | Modified Date = 4/5/2007 11:38:46 PM | Attr = H ]
$NtUninstallKB828035$ -> %SystemRoot%\$NtUninstallKB828035$ -> [Folder | Modified Date = 4/5/2007 11:38:48 PM | Attr = H ]
$NtUninstallKB828741$ -> %SystemRoot%\$NtUninstallKB828741$ -> [Folder | Modified Date = 4/5/2007 11:38:58 PM | Attr = H ]
$NtUninstallKB833407$ -> %SystemRoot%\$NtUninstallKB833407$ -> [Folder | Modified Date = 4/5/2007 11:38:58 PM | Attr = H ]
$NtUninstallKB835732$ -> %SystemRoot%\$NtUninstallKB835732$ -> [Folder | Modified Date = 4/5/2007 11:39:06 PM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 4/5/2007 11:39:16 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/5/2007 3:12:06 AM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/16/2007 3:08:44 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/16/2007 3:18:18 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 3:01:34 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 3:01:46 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 3:02:02 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 3:01:16 AM | Attr = H ]
$NtUninstallQ828026$ -> %SystemRoot%\$NtUninstallQ828026$ -> [Folder | Modified Date = 4/5/2007 11:41:02 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/5/2007 11:41:28 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 4/12/2007 6:53:36 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/11/2007 11:22:16 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/11/2007 11:11:00 PM | Attr = S]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/11/2007 3:02:18 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/10/2007 10:01:18 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/6/2007 1:12:02 AM | Attr = ]
MSAGENT -> %SystemRoot%\MSAGENT -> [Folder | Modified Date = 4/11/2007 3:09:26 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/12/2007 6:57:56 AM | Attr = ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [Ver = | Size = 2161 bytes | Modified Date = 4/4/2007 4:45:48 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/6/2007 9:49:00 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/5/2007 11:58:46 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/11/2007 11:11:04 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/8/2007 5:30:32 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/12/2007 6:59:50 AM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 189 bytes | Modified Date = 4/5/2007 10:24:38 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/11/2007 4:24:02 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Nate.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nate.job -> [Ver = | Size = 562 bytes | Modified Date = 4/6/2007 8:00:46 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/12/2007 6:53:42 AM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/5/2007 11:59:10 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/11/2007 11:16:24 PM | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 13158 bytes | Modified Date = 4/11/2007 2:36:46 PM | Attr = ]
CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 4/5/2007 11:59:54 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 4/11/2007 3:09:26 AM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/10/2007 10:00:34 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 3/14/2007 1:07:52 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 471576 bytes | Modified Date = 4/5/2007 4:50:52 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/5/2007 10:18:42 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:24 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:28 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 4/5/2007 9:28:56 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/5/2007 10:18:42 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 53812 bytes | Modified Date = 4/6/2007 9:48:56 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 383584 bytes | Modified Date = 4/6/2007 9:48:56 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 432142 bytes | Modified Date = 4/6/2007 9:48:56 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/5/2007 10:18:42 PM | Attr = ]
WBEM -> %System32%\WBEM -> [Folder | Modified Date = 4/6/2007 12:03:08 AM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 4/12/2007 6:55:32 AM | Attr = ]
ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 4/6/2007 6:47:06 PM | Attr = ]
HOSTS.MVP -> %System32%\drivers\ETC\HOSTS.MVP -> [Ver = | Size = 568921 bytes | Modified Date = 4/6/2007 12:12:40 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\ETC\HOSTS.MVP:Zone.Identifier ->

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 5168 bytes -> %SystemRoot%\b2_t_STOCKS:WWE+&455.xml ->
@Alternate Data Stream - 5168 bytes -> %SystemRoot%\b2_t_STOCKS:WWE+149.xml ->
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Eliteclient.exe -> [Ver = 1.2.7.0 | Size = 353280 bytes | Modified Date = 1/1/2007 6:52:48 AM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\drivers\hamachi.sys -> Applied Networking Inc. [Ver = 5.9.9.8 | Size = 15440 bytes | Modified Date = 12/27/2006 5:16:24 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\ETC\HOSTS.MVP:Zone.Identifier ->
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\ETC\HOSTS.MVP -> [Ver = | Size = 568921 bytes | Modified Date = 4/6/2007 12:12:40 AM | Attr = ]

< End of report >













and heres the other log




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:21:18 PM 4/6/2007

+ Scan result:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212241.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217504.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217504.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mbbi8016.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\biN.exe/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\biN.exe/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tdbN.dll/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tdbN.dll/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\xclean.exe -> Adware.Broadcap : Cleaned with backup (quarantined).
C:\Program Files\Bcpc -> Adware.BroadcastPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212401.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\Downloads\18Wheels_of_Steel-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\AgeOfCastles_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\D2ProphecySetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\WormsArmageddon-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Adware.WebSearch : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212400.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212338.exe -> Downloader.Delf.aup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217493.dll -> Dropper.Small.abd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\in1bNs.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217503.dll -> Dropper.Small.op : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0224904.dll -> Dropper.Small.xm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1060\A0217490.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00099381.TXT -> TrackingCookie.180solutions : Cleaned.
C:\RECYCLER\NPROTECT\00099383.TXT -> TrackingCookie.180solutions : Cleaned.
C:\RECYCLER\NPROTECT\00099385.TXT -> TrackingCookie.180solutions : Cleaned.
C:\RECYCLER\NPROTECT\00099382.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00099388.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00099384.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00099387.TXT -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT\00099386.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Nate\My Documents\download\littlevasa\Here It Is.exe -> Trojan.Multidropper.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1056\A0212322.exe -> Trojan.Steal : Cleaned with backup (quarantined).


::Report end
Sd-Vortex
Active Member
 
Posts: 14
Joined: April 4th, 2007, 6:06 am

Unread postby tim s » April 12th, 2007, 8:04 pm

Hello Sd-Vortex

OK one more line here.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YN -> PowerSearch 2.07 ->


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix.

Let me know again how your computer in running now. That should have taken care of it. I am not seeing anything else in logs.

also refer back to my previous post here http://www.malwareremoval.com/forum/viewtop ... 088#169088
On how to help you stay clean of malware and how to reset your restore point.

Tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby tim s » April 19th, 2007, 11:25 pm

Hello Sd-Vortex,

Are you still needing anymore help?
If no reply in 48 hours of this post. I will ask to have topic closed.

Tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby NonSuch » April 28th, 2007, 2:51 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 484 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware