Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help with Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help with Malware

Unread postby maxxpower71 » April 12th, 2007, 8:16 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:14:57 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} -

C:\WINDOWS\system32\tmp71.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program

files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {85711073-2f92-481d-b4d1-be6225da6111} -

C:\WINDOWS\system32\dpvxec.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -

C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IESet] IExplorer.dll

.dbt
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat

7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\iihihf.dll",realset
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll

.dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US

ee://aol/imApp
O4 - HKCU\..\Run: [IESet] IExplorer.dll

.dbt
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program

Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program

Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) -

http://sef.mlxchange.com/Control/MultiS ... mboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) -

http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -

http://sef.mlxchange.com/Control/IRCSharc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -

C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: dpvxec - C:\WINDOWS\SYSTEM32\dpvxec.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program

Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -

C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program

files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -

C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. -

C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program

Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm
Advertisement
Register to Remove

Unread postby tim s » April 12th, 2007, 9:06 pm

Hi maxxpower71,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly

--------------------------------------------------------

When you copy and paste logs into forum please uncheck word wrap in notepad. It make checking logs difficult.
click on format at top of opened notepad and uncheck word wrap. thanks.


Please repost a HJT log in a reply to this thread.

---------------------------------------------------------------------------

After doing that Please do the following.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar. << do not change any settings
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby maxxpower71 » April 13th, 2007, 6:52 am

Logfile of HijackThis v1.99.1
Scan saved at 8:14:57 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tmp71.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {85711073-2f92-481d-b4d1-be6225da6111} - C:\WINDOWS\system32\dpvxec.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\iihihf.dll",realset
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiS ... mboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: dpvxec - C:\WINDOWS\SYSTEM32\dpvxec.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby maxxpower71 » April 13th, 2007, 6:53 am

WinPFind3 logfile created on: 4/13/2007 6:42:06 AM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\New Folder\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1.50 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 70.02% Memory free
2.11 Gb Paging File | 1.68 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 23.86 Gb Free Space | 32.01% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ALBERTO-4E1730A
Current User Name: Alberto
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 520192 bytes | Modified Date = 5/29/2004 12:08:52 AM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,137,0 | Size = 352856 bytes | Modified Date = 1/19/2007 8:57:56 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 12/22/2006 4:02:26 PM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.118.0 | Size = 841256 bytes | Modified Date = 3/9/2007 5:21:04 PM | Attr = ]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.131.0 | Size = 906792 bytes | Modified Date = 1/23/2007 7:16:12 PM | Attr = ]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.128.0 | Size = 304680 bytes | Modified Date = 1/16/2007 5:42:02 PM | Attr = ]
mskagent.exe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 5:30:24 PM | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 5:30:34 PM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 4/11/2007 8:03:38 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2/8/2007 10:39:34 PM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 3/18/2003 5:04:24 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\New Folder\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/11/2006 9:22:46 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 3/14/2006 7:16:52 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 10:56:48 PM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,206,0 | Size = 341584 bytes | Modified Date = 1/12/2007 4:13:24 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,137,0 | Size = 352856 bytes | Modified Date = 1/19/2007 8:57:56 PM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.118.0 | Size = 841256 bytes | Modified Date = 3/9/2007 5:21:04 PM | Attr = ]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.131.0 | Size = 906792 bytes | Modified Date = 1/23/2007 7:16:12 PM | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 5:30:34 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 4/11/2007 8:03:38 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
BootService -> %SystemRoot%\iihihf.dll [rundll32.exe "C:\WINDOWS\iihihf.dll",realset] -> [Ver = | Size = 106767 bytes | Modified Date = 4/12/2007 6:11:48 AM | Attr = ]
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 3/17/2007 5:09:04 PM | Attr = ]
MskAgentexe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 5:30:24 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2/8/2007 10:39:34 PM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 3/18/2003 5:04:24 AM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 3/17/2007 5:09:04 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 11:29:04 AM | Attr = ]
H/PC Connection Agent -> %ProgramFiles%\Microsoft ActiveSync\WCESCOMM.EXE -> File not found
IESet -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 3/17/2007 5:09:04 PM | Attr = ]
Shareaza -> %ProgramFiles%\Shareaza\Shareaza.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.7 | Size = 307200 bytes | Modified Date = 8/18/2005 3:49:06 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 3/17/2007 8:53:42 PM | Attr = R ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 5:44:06 AM | Attr = ]
%AllUsersStartup%\AutoCAD Startup Accelerator.lnk -> %CommonProgramFiles%\Autodesk Shared\acstart16.exe -> Autodesk, Inc [Ver = 16.2.54.0 | Size = 10872 bytes | Modified Date = 3/5/2005 10:18:22 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\digital imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 11:31:38 PM | Attr = ]
%AllUsersStartup%\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\digital imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 53248 bytes | Modified Date = 5/29/2004 12:06:36 AM | Attr = ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 13.0 R1 | Size = 724992 bytes | Modified Date = 10/25/2003 4:44:20 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
dpvxec -> %System32%\dpvxec.dll -> [Ver = | Size = 19689 bytes | Modified Date = 3/16/2007 6:14:44 PM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 3/30/2007 11:41:24 AM | Attr = ]
{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} [HKLM] -> %System32%\tmp71.tmp.dll [Reg Data - Value does not exist] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 67136 bytes | Modified Date = 12/22/2006 4:02:40 PM | Attr = ]
{85711073-2f92-481d-b4d1-be6225da6111} [HKLM] -> %System32%\dpvxec.dll [Reg Data - Value does not exist] -> [Ver = | Size = 19689 bytes | Modified Date = 3/16/2007 6:14:44 PM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 3/30/2007 11:41:24 AM | Attr = ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3F358668-1841-4A99-BA57-A88320AE4EA2} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{71097C6D-B110-498F-B69A-CF89F13E26D4} -> (SpeedStream 3060 Miniport ATM/ADSL Adapter) ->
{D60E6FD1-17F7-477C-80C2-E65CFAA7E26F} -> (Linksys NC100 Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 4:18:56 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 3/30/2007 11:41:24 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www2.snapfish.com/SnapfishActivia.cab ->
{4989312D-58CF-11D5-A7D7-00E02911103E} -> Interealty MultiSelect - CodeBase = http://sef.mlxchange.com/Control/MultiS ... mboBox.cab ->
{6FD482A3-7B57-438B-B040-52CAA30147EE} -> MLXchange Client Utils - CodeBase = http://sef.mlxchange.com/Control/MLXClientUtils.cab ->
{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} -> GeacRevw Control - CodeBase = http://sef.mlxchange.com/Control/IRCSharc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->


[Files/Folders - Created Within 30 days]
721491b988dba93861bd44 -> %SystemDrive%\721491b988dba93861bd44 -> [Folder | Created Date = 3/17/2007 10:01:16 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1610141696 bytes | Created Date = 1/1/1601 4:00:00 AM | Attr = HS]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 3/17/2007 10:04:10 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 3/17/2007 10:00:00 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 3/17/2007 10:04:31 PM | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 3/17/2007 10:04:24 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 3/17/2007 9:59:49 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 3/17/2007 10:02:08 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 3/17/2007 9:59:33 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 3/17/2007 10:00:23 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 3/17/2007 10:02:00 PM | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 3/17/2007 10:01:02 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Created Date = 3/17/2007 10:06:26 PM | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 3/17/2007 10:01:51 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 3/17/2007 10:00:44 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 3/17/2007 10:02:40 PM | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 3/17/2007 10:02:16 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 3/17/2007 10:00:30 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 3/17/2007 10:02:46 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 3/17/2007 9:59:42 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 3/17/2007 10:04:47 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 3/17/2007 10:02:26 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 3/17/2007 10:00:54 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 3/17/2007 10:05:42 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 3/17/2007 10:01:09 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 3/17/2007 10:05:35 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 3/17/2007 10:03:13 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 3/17/2007 10:00:14 PM | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 3/17/2007 10:04:38 PM | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 3/17/2007 10:05:50 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 3/17/2007 10:03:40 PM | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 3/17/2007 10:03:20 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 3/17/2007 10:04:17 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 3/17/2007 10:05:09 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/3/2007 8:40:16 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 3/17/2007 10:00:37 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 3/17/2007 10:02:34 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 3/17/2007 10:06:05 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 3/17/2007 10:05:58 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 3/17/2007 9:59:12 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 3/17/2007 10:05:23 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 3/17/2007 9:58:58 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/17/2007 10:03:29 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 3/17/2007 10:05:16 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/13/2007 3:00:29 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/13/2007 3:00:38 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/13/2007 3:01:08 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/12/2007 5:58:46 PM | Attr = H ]
ffiihk.ini -> %SystemRoot%\ffiihk.ini -> [Ver = | Size = 1456930 bytes | Created Date = 4/6/2007 4:18:16 PM | Attr = HS]
fhihii.ini -> %SystemRoot%\fhihii.ini -> [Ver = | Size = 1205182 bytes | Created Date = 4/12/2007 6:11:47 AM | Attr = HS]
iihihf.dll -> %SystemRoot%\iihihf.dll -> [Ver = | Size = 106767 bytes | Created Date = 4/12/2007 6:11:46 AM | Attr = ]
khiiff.dll -> %SystemRoot%\khiiff.dll -> [Ver = | Size = 106767 bytes | Created Date = 4/6/2007 4:18:14 PM | Attr = ]
llmpqr.ini -> %SystemRoot%\llmpqr.ini -> [Ver = | Size = 1176720 bytes | Created Date = 3/18/2007 11:27:01 AM | Attr = HS]
rstwwa.ini -> %SystemRoot%\rstwwa.ini -> [Ver = | Size = 1456207 bytes | Created Date = 4/6/2007 11:22:06 AM | Attr = HS]
vxwybc.ini -> %SystemRoot%\vxwybc.ini -> [Ver = | Size = 1176633 bytes | Created Date = 3/17/2007 4:32:16 PM | Attr = HS]
xybbay.ini -> %SystemRoot%\xybbay.ini -> [Ver = | Size = 1456090 bytes | Created Date = 3/23/2007 5:47:43 AM | Attr = HS]
xyyybc.ini -> %SystemRoot%\xyyybc.ini -> [Ver = | Size = 1456063 bytes | Created Date = 3/26/2007 8:01:50 PM | Attr = HS]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 354 bytes | Created Date = 3/17/2007 6:25:48 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Created Date = 3/17/2007 6:25:47 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 6230 bytes | Created Date = 3/17/2007 6:29:40 PM | Attr = ]
dpvxec.dll -> %System32%\dpvxec.dll -> [Ver = | Size = 19689 bytes | Created Date = 3/16/2007 6:14:43 PM | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 3/17/2007 6:27:37 PM | Attr = ]
Explorer.exe -> %System32%\Explorer.exe -> Microsoft [Ver = 1.00 | Size = 36864 bytes | Created Date = 3/17/2007 5:09:55 PM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Created Date = 3/17/2007 5:09:02 PM | Attr = ]
jkkllml.dll -> %System32%\jkkllml.dll -> [Ver = | Size = 8535 bytes | Created Date = 3/16/2007 6:09:41 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 4/12/2007 5:42:14 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Created Date = 4/10/2007 7:34:36 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/18/2007 6:09:41 PM | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 3/17/2007 6:26:16 PM | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 34184 bytes | Created Date = 3/17/2007 6:26:18 PM | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Created Date = 3/17/2007 6:26:17 PM | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 32008 bytes | Created Date = 3/17/2007 6:26:19 PM | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 37480 bytes | Created Date = 3/17/2007 6:26:18 PM | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Created Date = 3/17/2007 6:26:07 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
721491b988dba93861bd44 -> %SystemDrive%\721491b988dba93861bd44 -> [Folder | Modified Date = 3/17/2007 10:01:50 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/11/2007 8:15:30 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/18/2007 6:18:58 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1610141696 bytes | Modified Date = 4/13/2007 6:37:10 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/12/2007 8:06:00 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/27/2007 9:57:34 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/13/2007 6:39:36 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/12/2007 5:42:16 AM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 3/17/2007 10:04:12 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 3/17/2007 10:00:02 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 3/17/2007 10:04:32 PM | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 3/17/2007 10:04:26 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 3/17/2007 9:59:52 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 3/17/2007 10:02:10 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 3/17/2007 9:59:36 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 3/17/2007 10:00:26 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 3/17/2007 10:02:02 PM | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 3/17/2007 10:01:04 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Modified Date = 3/17/2007 10:06:30 PM | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 3/17/2007 10:01:54 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 3/17/2007 10:00:46 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 3/17/2007 10:02:42 PM | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 3/17/2007 10:02:18 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 3/17/2007 10:00:32 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 3/17/2007 10:02:48 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 3/17/2007 9:59:44 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 3/17/2007 10:04:50 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 3/17/2007 10:02:28 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 3/17/2007 10:00:56 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 3/17/2007 10:05:44 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 3/17/2007 10:01:12 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 3/17/2007 10:05:36 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Modified Date = 3/17/2007 10:03:16 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 3/17/2007 10:00:16 PM | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 3/17/2007 10:04:40 PM | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 3/17/2007 10:05:52 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 3/17/2007 10:03:42 PM | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 3/17/2007 10:03:22 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 3/17/2007 10:04:18 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 3/17/2007 10:05:12 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/3/2007 8:40:20 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 3/17/2007 10:00:40 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 3/17/2007 10:02:36 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 3/17/2007 10:06:08 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 3/17/2007 10:06:00 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 3/17/2007 9:59:18 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 3/17/2007 10:05:26 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 3/17/2007 9:59:00 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/17/2007 10:03:32 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 3/17/2007 10:05:18 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/13/2007 3:00:30 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/13/2007 3:00:40 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/13/2007 3:01:10 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/12/2007 5:58:48 PM | Attr = H ]
ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 50688 bytes | Modified Date = 3/26/2007 6:22:08 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/13/2007 6:37:12 AM | Attr = S]
ffiihk.ini -> %SystemRoot%\ffiihk.ini -> [Ver = | Size = 1456930 bytes | Modified Date = 4/8/2007 5:36:04 PM | Attr = HS]
fhihii.ini -> %SystemRoot%\fhihii.ini -> [Ver = | Size = 1205182 bytes | Modified Date = 4/13/2007 6:39:36 AM | Attr = HS]
iihihf.dll -> %SystemRoot%\iihihf.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/12/2007 6:11:48 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 4/13/2007 3:00:44 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/13/2007 3:01:16 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/11/2007 8:15:30 PM | Attr = HS]
khiiff.dll -> %SystemRoot%\khiiff.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/6/2007 4:18:16 PM | Attr = ]
llmpqr.ini -> %SystemRoot%\llmpqr.ini -> [Ver = | Size = 1176720 bytes | Modified Date = 3/18/2007 6:01:54 PM | Attr = HS]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/13/2007 3:07:40 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/13/2007 6:31:26 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/13/2007 6:38:08 AM | Attr = ]
rstwwa.ini -> %SystemRoot%\rstwwa.ini -> [Ver = | Size = 1456207 bytes | Modified Date = 4/6/2007 4:18:08 PM | Attr = HS]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1082474 bytes | Modified Date = 4/2/2007 10:47:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/18/2007 8:45:34 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/13/2007 6:38:24 AM | Attr = ]
vxwybc.ini -> %SystemRoot%\vxwybc.ini -> [Ver = | Size = 1176633 bytes | Modified Date = 3/17/2007 5:17:44 PM | Attr = HS]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/17/2007 10:04:20 PM | Attr = ]
xybbay.ini -> %SystemRoot%\xybbay.ini -> [Ver = | Size = 1456090 bytes | Modified Date = 3/23/2007 3:24:26 PM | Attr = HS]
xyyybc.ini -> %SystemRoot%\xyyybc.ini -> [Ver = | Size = 1456063 bytes | Modified Date = 3/27/2007 3:15:44 PM | Attr = HS]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 354 bytes | Modified Date = 3/17/2007 6:25:50 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 4/1/2007 1:00:20 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/13/2007 6:37:14 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/13/2007 3:00:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/13/2007 12:22:42 AM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 6230 bytes | Modified Date = 4/13/2007 6:38:16 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/13/2007 3:07:40 AM | Attr = RHS]
dpvxec.dll -> %System32%\dpvxec.dll -> [Ver = | Size = 19689 bytes | Modified Date = 3/16/2007 6:14:44 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/18/2007 6:09:42 PM | Attr = ]
Explorer.exe -> %System32%\Explorer.exe -> Microsoft [Ver = 1.00 | Size = 36864 bytes | Modified Date = 3/17/2007 5:18:32 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 192976 bytes | Modified Date = 4/4/2007 7:51:58 PM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 3/17/2007 5:09:04 PM | Attr = ]
jkkllml.dll -> %System32%\jkkllml.dll -> [Ver = | Size = 8535 bytes | Modified Date = 3/16/2007 6:09:42 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 4/12/2007 5:43:24 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 50532 bytes | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 374064 bytes | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 430700 bytes | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Modified Date = 4/10/2007 7:35:28 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 4/7/2007 12:12:10 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\iihihf.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/12/2007 6:11:48 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\khiiff.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/6/2007 4:18:16 PM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.1.00 | Size = 6648320 bytes | Modified Date = 3/26/2003 6:02:44 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 7/21/2001 12:15:32 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/26/2006 2:36:02 PM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\jkkllml.dll -> [Ver = | Size = 8535 bytes | Modified Date = 3/16/2007 6:09:42 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 7/21/2001 12:23:44 PM | Attr = ]
Thawte Consulting , -> %System32%\XZip.dll -> Belus Technology Inc. [Ver = 2, 5, 0, 0 | Size = 141072 bytes | Modified Date = 7/27/2004 4:08:12 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/17/2001 8:34:46 PM | Attr = ]

< End of report >
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby tim s » April 13th, 2007, 9:05 am

Hi maxxpower71,

Thanks for posting logs. Ok let get started here.

I see you already have AVG Anti-Spyware 7.5 good. It needs to be setup as follows:
Open AVG Anti-Spyware 7.5
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
    • Close AVG Anti-Spyware without running yet.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________


Now in this step we are going to download Ccleaner and set it up Do not run scan with this tool yet we are just setting it up to run to run later I will let you know when.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here It will start to download automatically. If ask if you want to download let it. Save to your Desktop.
Note: If you get and Error page from this link.
Try again you will see this message Your download of CCleaner will automatically start in 5 seconds. Click here if it does not do not wait go ahead and click on it.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Follow prompts to install finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
    • On the Windows tab, under Internet Explorer,
      • All Boxes should have a check mark. (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    • On the Windows tab, under Windows Explorer,
      • All Boxes should have a check mark.
    • On the Windows tab, under System,
      • All Boxes should have a check mark.
    • On the Windows tab, under Advanced,
      • NO check marks
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Close Ccleaner Do not run Yet I will let you know when.
_______________________________


Next, Please follow the steps below in order:

Step #1
Now start WinPFind3U.exe. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. (make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> BootService -> %SystemRoot%\iihihf.dll [rundll32.exe "C:\WINDOWS\iihihf.dll",realset]
YY -> IESet -> %System32%\IExplorer.dll .dbt
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> IESet -> %System32%\IExplorer.dll .dbt
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> IESet -> %System32%\IExplorer.dll .dbt
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> dpvxec -> %System32%\dpvxec.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} [HKLM] -> %System32%\tmp71.tmp.dll [Reg Data - Value does not exist]
YY -> {85711073-2f92-481d-b4d1-be6225da6111} [HKLM] -> %System32%\dpvxec.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> ffiihk.ini -> %SystemRoot%\ffiihk.ini
NY -> fhihii.ini -> %SystemRoot%\fhihii.ini
NY -> iihihf.dll -> %SystemRoot%\iihihf.dll
NY -> khiiff.dll -> %SystemRoot%\khiiff.dll
NY -> llmpqr.ini -> %SystemRoot%\llmpqr.ini
NY -> rstwwa.ini -> %SystemRoot%\rstwwa.ini
NY -> vxwybc.ini -> %SystemRoot%\vxwybc.ini
NY -> xybbay.ini -> %SystemRoot%\xybbay.ini
NY -> xyyybc.ini -> %SystemRoot%\xyyybc.ini
NY -> dpvxec.dll -> %System32%\dpvxec.dll
NY -> IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt
NY -> jkkllml.dll -> %System32%\jkkllml.dll
[Files/Folders - Modified Within 30 days]
NY -> bootstat.dat -> %SystemRoot%\bootstat.dat
NY -> ffiihk.ini -> %SystemRoot%\ffiihk.ini
NY -> fhihii.ini -> %SystemRoot%\fhihii.ini
NY -> iihihf.dll -> %SystemRoot%\iihihf.dll
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> khiiff.dll -> %SystemRoot%\khiiff.dll
NY -> llmpqr.ini -> %SystemRoot%\llmpqr.ini
NY -> rstwwa.ini -> %SystemRoot%\rstwwa.ini
NY -> vxwybc.ini -> %SystemRoot%\vxwybc.ini
NY -> xybbay.ini -> %SystemRoot%\xybbay.ini
NY -> xyyybc.ini -> %SystemRoot%\xyyybc.ini
NY -> dpvxec.dll -> %System32%\dpvxec.dll
NY -> IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt
NY -> jkkllml.dll -> %System32%\jkkllml.dll
[File String Scan - Non-Microsoft Only]
NY -> UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\iihihf.dll
NY -> UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\khiiff.dll
NY -> UpackByDwing , MZKERNEL32.DLL , -> %System32%\jkkllml.dll


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


Step #2

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:


  1. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  2. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
      This here I already had you setup this way just a double check to make sure.
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button

    Note: Don't save the report before you hit the Apply action button.
  3. Next select the "Reports" icon at the top.
  4. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  5. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


Step #4

Post the following back here:

  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • New HJT log

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

WinPFind3U report

Unread postby maxxpower71 » April 14th, 2007, 8:43 am

WinPFind3 logfile created on: 4/14/2007 8:35:24 AM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1.50 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 71.02% Memory free
2.11 Gb Paging File | 1.75 Gb Available in Paging File | 82.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 24.58 Gb Free Space | 32.98% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ALBERTO-4E1730A
Current User Name: Alberto
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 520192 bytes | Modified Date = 5/29/2004 12:08:52 AM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,137,0 | Size = 352856 bytes | Modified Date = 1/19/2007 8:57:56 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 12/22/2006 4:02:26 PM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.118.0 | Size = 841256 bytes | Modified Date = 3/9/2007 5:21:04 PM | Attr = ]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.131.0 | Size = 906792 bytes | Modified Date = 1/23/2007 7:16:12 PM | Attr = ]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.128.0 | Size = 304680 bytes | Modified Date = 1/16/2007 5:42:02 PM | Attr = ]
mskagent.exe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 5:30:24 PM | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 5:30:34 PM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 4/11/2007 8:03:38 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2/8/2007 10:39:34 PM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 3/18/2003 5:04:24 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(0008491176539081mcinstcleanup) McAfee Application Installer Cleanup (0008491176539081) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\000849~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/11/2006 9:22:46 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 3/14/2006 7:16:52 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 10:56:48 PM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,206,0 | Size = 341584 bytes | Modified Date = 1/12/2007 4:13:24 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,137,0 | Size = 352856 bytes | Modified Date = 1/19/2007 8:57:56 PM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.118.0 | Size = 841256 bytes | Modified Date = 3/9/2007 5:21:04 PM | Attr = ]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.131.0 | Size = 906792 bytes | Modified Date = 1/23/2007 7:16:12 PM | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 5:30:34 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6066\SAService.exe -> McAfee, Inc. [Ver = 2.4.0 | Size = 321064 bytes | Modified Date = 4/11/2007 8:03:38 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
MskAgentexe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 5:30:24 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2/8/2007 10:39:34 PM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 3/18/2003 5:04:24 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 11:29:04 AM | Attr = ]
H/PC Connection Agent -> %ProgramFiles%\Microsoft ActiveSync\WCESCOMM.EXE -> File not found
Shareaza -> %ProgramFiles%\Shareaza\Shareaza.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.7 | Size = 307200 bytes | Modified Date = 8/18/2005 3:49:06 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 3/17/2007 8:53:42 PM | Attr = R ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 5:44:06 AM | Attr = ]
%AllUsersStartup%\AutoCAD Startup Accelerator.lnk -> %CommonProgramFiles%\Autodesk Shared\acstart16.exe -> Autodesk, Inc [Ver = 16.2.54.0 | Size = 10872 bytes | Modified Date = 3/5/2005 10:18:22 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\digital imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 11:31:38 PM | Attr = ]
%AllUsersStartup%\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\digital imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 53248 bytes | Modified Date = 5/29/2004 12:06:36 AM | Attr = ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 13.0 R1 | Size = 724992 bytes | Modified Date = 10/25/2003 4:44:20 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
dpvxec -> dpvxec.dll -> File not found
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 3/30/2007 11:41:24 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 67136 bytes | Modified Date = 12/22/2006 4:02:40 PM | Attr = ]
{85711073-2f92-481d-b4d1-be6225da6111} [HKLM] -> %System32%\dpvxec.dll [Reg Data - Value does not exist] -> File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 3/30/2007 11:41:24 AM | Attr = ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/24/2005 1:41:42 AM | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3F358668-1841-4A99-BA57-A88320AE4EA2} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{71097C6D-B110-498F-B69A-CF89F13E26D4} -> (SpeedStream 3060 Miniport ATM/ADSL Adapter) ->
{D60E6FD1-17F7-477C-80C2-E65CFAA7E26F} -> (Linksys NC100 Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 4:18:56 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 3/30/2007 11:41:24 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www2.snapfish.com/SnapfishActivia.cab ->
{4989312D-58CF-11D5-A7D7-00E02911103E} -> Interealty MultiSelect - CodeBase = http://sef.mlxchange.com/Control/MultiS ... mboBox.cab ->
{6FD482A3-7B57-438B-B040-52CAA30147EE} -> MLXchange Client Utils - CodeBase = http://sef.mlxchange.com/Control/MLXClientUtils.cab ->
{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} -> GeacRevw Control - CodeBase = http://sef.mlxchange.com/Control/IRCSharc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->


[Files/Folders - Created Within 30 days]
721491b988dba93861bd44 -> %SystemDrive%\721491b988dba93861bd44 -> [Folder | Created Date = 3/17/2007 10:01:16 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1610141696 bytes | Created Date = 1/1/1601 4:00:00 AM | Attr = HS]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 3/17/2007 10:04:10 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 3/17/2007 10:00:00 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 3/17/2007 10:04:31 PM | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 3/17/2007 10:04:24 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 3/17/2007 9:59:49 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 3/17/2007 10:02:08 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 3/17/2007 9:59:33 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 3/17/2007 10:00:23 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 3/17/2007 10:02:00 PM | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 3/17/2007 10:01:02 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Created Date = 3/17/2007 10:06:26 PM | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 3/17/2007 10:01:51 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 3/17/2007 10:00:44 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 3/17/2007 10:02:40 PM | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 3/17/2007 10:02:16 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 3/17/2007 10:00:30 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 3/17/2007 10:02:46 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 3/17/2007 9:59:42 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 3/17/2007 10:04:47 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 3/17/2007 10:02:26 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 3/17/2007 10:00:54 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 3/17/2007 10:05:42 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 3/17/2007 10:01:09 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 3/17/2007 10:05:35 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 3/17/2007 10:03:13 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 3/17/2007 10:00:14 PM | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 3/17/2007 10:04:38 PM | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 3/17/2007 10:05:50 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 3/17/2007 10:03:40 PM | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 3/17/2007 10:03:20 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 3/17/2007 10:04:17 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 3/17/2007 10:05:09 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/3/2007 8:40:16 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 3/17/2007 10:00:37 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 3/17/2007 10:02:34 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 3/17/2007 10:06:05 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 3/17/2007 10:05:58 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 3/17/2007 9:59:12 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 3/17/2007 10:05:23 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 3/17/2007 9:58:58 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/17/2007 10:03:29 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 3/17/2007 10:05:16 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/13/2007 3:00:29 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/13/2007 3:00:38 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/13/2007 3:01:08 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/12/2007 5:58:46 PM | Attr = H ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 354 bytes | Created Date = 3/17/2007 6:25:48 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Created Date = 3/17/2007 6:25:47 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 6230 bytes | Created Date = 3/17/2007 6:29:40 PM | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 3/17/2007 6:27:37 PM | Attr = ]
Explorer.exe -> %System32%\Explorer.exe -> Microsoft [Ver = 1.00 | Size = 36864 bytes | Created Date = 3/17/2007 5:09:55 PM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Created Date = 3/17/2007 5:09:02 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 4/12/2007 5:42:14 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Created Date = 4/10/2007 7:34:36 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/18/2007 6:09:41 PM | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 3/17/2007 6:26:16 PM | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 34184 bytes | Created Date = 3/17/2007 6:26:18 PM | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Created Date = 3/17/2007 6:26:17 PM | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 32008 bytes | Created Date = 3/17/2007 6:26:19 PM | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 37480 bytes | Created Date = 3/17/2007 6:26:18 PM | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Created Date = 3/17/2007 6:26:07 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
721491b988dba93861bd44 -> %SystemDrive%\721491b988dba93861bd44 -> [Folder | Modified Date = 3/17/2007 10:01:50 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/11/2007 8:15:30 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/18/2007 6:18:58 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1610141696 bytes | Modified Date = 4/14/2007 8:31:48 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/12/2007 8:06:00 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/27/2007 9:57:34 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/14/2007 8:33:22 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/12/2007 5:42:16 AM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 3/17/2007 10:04:12 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 3/17/2007 10:00:02 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 3/17/2007 10:04:32 PM | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 3/17/2007 10:04:26 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 3/17/2007 9:59:52 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 3/17/2007 10:02:10 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 3/17/2007 9:59:36 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 3/17/2007 10:00:26 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 3/17/2007 10:02:02 PM | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 3/17/2007 10:01:04 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Modified Date = 3/17/2007 10:06:30 PM | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 3/17/2007 10:01:54 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 3/17/2007 10:00:46 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 3/17/2007 10:02:42 PM | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 3/17/2007 10:02:18 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 3/17/2007 10:00:32 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 3/17/2007 10:02:48 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 3/17/2007 9:59:44 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 3/17/2007 10:04:50 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 3/17/2007 10:02:28 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 3/17/2007 10:00:56 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 3/17/2007 10:05:44 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 3/17/2007 10:01:12 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 3/17/2007 10:05:36 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Modified Date = 3/17/2007 10:03:16 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 3/17/2007 10:00:16 PM | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 3/17/2007 10:04:40 PM | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 3/17/2007 10:05:52 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 3/17/2007 10:03:42 PM | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 3/17/2007 10:03:22 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 3/17/2007 10:04:18 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 3/17/2007 10:05:12 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/3/2007 8:40:20 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 3/17/2007 10:00:40 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 3/17/2007 10:02:36 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 3/17/2007 10:06:08 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 3/17/2007 10:06:00 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 3/17/2007 9:59:18 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 3/17/2007 10:05:26 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 3/17/2007 9:59:00 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/17/2007 10:03:32 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 3/17/2007 10:05:18 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/13/2007 3:00:30 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/13/2007 3:00:40 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/13/2007 3:01:10 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/12/2007 5:58:48 PM | Attr = H ]
ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 50688 bytes | Modified Date = 3/26/2007 6:22:08 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/14/2007 7:13:26 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/14/2007 4:24:42 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/11/2007 8:15:30 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/14/2007 7:13:26 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/13/2007 3:07:40 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/13/2007 6:56:56 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/14/2007 8:32:16 AM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1082474 bytes | Modified Date = 4/2/2007 10:47:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/14/2007 7:11:50 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/18/2007 8:45:34 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/14/2007 8:34:04 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/17/2007 10:04:20 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 354 bytes | Modified Date = 3/17/2007 6:25:50 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 4/1/2007 1:00:20 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/14/2007 8:31:52 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/13/2007 3:00:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/14/2007 4:24:38 AM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 6230 bytes | Modified Date = 4/14/2007 8:32:22 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/13/2007 3:07:40 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/18/2007 6:09:42 PM | Attr = ]
Explorer.exe -> %System32%\Explorer.exe -> Microsoft [Ver = 1.00 | Size = 36864 bytes | Modified Date = 3/17/2007 5:18:32 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 192976 bytes | Modified Date = 4/4/2007 7:51:58 PM | Attr = ]
IExplorer.dll .dbt -> %System32%\IExplorer.dll .dbt -> [Ver = | Size = 0 bytes | Modified Date = 3/17/2007 5:09:04 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 4/12/2007 5:43:24 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 50532 bytes | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 374064 bytes | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 430700 bytes | Modified Date = 4/13/2007 6:41:42 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Modified Date = 4/10/2007 7:35:28 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 4/14/2007 7:12:14 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.1.00 | Size = 6648320 bytes | Modified Date = 3/26/2003 6:02:44 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 7/21/2001 12:15:32 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/26/2006 2:36:02 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 7/21/2001 12:23:44 PM | Attr = ]
Thawte Consulting , -> %System32%\XZip.dll -> Belus Technology Inc. [Ver = 2, 5, 0, 0 | Size = 141072 bytes | Modified Date = 7/27/2004 4:08:12 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/17/2001 8:34:46 PM | Attr = ]

< End of report >
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

AVG Report

Unread postby maxxpower71 » April 14th, 2007, 8:45 am

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:30:12 AM 4/14/2007

+ Scan result:



C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\jkkllml.dll -> Downloader.ConHook.ah : Cleaned with backup (quarantined).


::Report end
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

HJT Report

Unread postby maxxpower71 » April 14th, 2007, 8:45 am

Logfile of HijackThis v1.99.1
Scan saved at 8:41:30 AM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {85711073-2f92-481d-b4d1-be6225da6111} - C:\WINDOWS\system32\dpvxec.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiS ... mboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: dpvxec - dpvxec.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0008491176539081) (0008491176539081mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\000849~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby tim s » April 14th, 2007, 7:14 pm

Hi maxxpower71,

Thanks for posting logs. Looking better but still some more to go here.

I forgot to ask for this log, my fault. When I had you run winpfind3u fix it created a log and put in side winpfind3u folder.
Open WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)
This log will let me know if what I had you fix worked.

OK this is next anyway.

Some information on these programs
Viewpoint Manager and all Viewpoint Media Player items listed in add/remove programs list.

Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto?updating for the Viewpoint Manager" ?? the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


I recommend that you remove the Viewpoint products; however, decide for yourself.

----------------------------------------------------------------------------

This is to double check that AVG Anti-Spyware 7.5 is disabled it should already be. If it is skip this step.

Disable program can interfer (block removal of infection) with HJT fix.
  • Right-click the AVG Anti-Spyware 7.5 Tray Icon (on bottom right corner of monitor screen) and choose Exit. Confirm by clicking Yes.
------------------------------------------------------------------

This is next please do the following.

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

------------------------------------------------------------------------------

Please post these in next reply
  • the log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)
  • vundofix.txt
  • New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby maxxpower71 » April 14th, 2007, 8:50 pm

The VundoFIX program did not find any files. Here is the WinPFind3u

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BootService deleted successfully.
C:\WINDOWS\iihihf.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IESet deleted successfully.
File C:\WINDOWS\SYSTEM32\IExplorer.dll .dbt not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\IESet deleted successfully.
File C:\WINDOWS\SYSTEM32\IExplorer.dll .dbt not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IESet deleted successfully.
File C:\WINDOWS\SYSTEM32\IExplorer.dll .dbt not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpvxec deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\dpvxec.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} deleted successfully.
File C:\WINDOWS\SYSTEM32\tmp71.tmp.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85711073-2f92-481d-b4d1-be6225da6111} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85711073-2f92-481d-b4d1-be6225da6111} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\dpvxec.dll scheduled to be moved on reboot.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\ffiihk.ini moved successfully.
C:\WINDOWS\fhihii.ini moved successfully.
File C:\WINDOWS\iihihf.dll not found!
C:\WINDOWS\khiiff.dll moved successfully.
C:\WINDOWS\llmpqr.ini moved successfully.
C:\WINDOWS\rstwwa.ini moved successfully.
C:\WINDOWS\vxwybc.ini moved successfully.
C:\WINDOWS\xybbay.ini moved successfully.
C:\WINDOWS\xyyybc.ini moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\dpvxec.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\IExplorer.dll .dbt not found!
C:\WINDOWS\SYSTEM32\jkkllml.dll moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\bootstat.dat moved successfully.
File C:\WINDOWS\ffiihk.ini not found!
File C:\WINDOWS\fhihii.ini not found!
File C:\WINDOWS\iihihf.dll not found!
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\khiiff.dll not found!
File C:\WINDOWS\llmpqr.ini not found!
File C:\WINDOWS\rstwwa.ini not found!
File C:\WINDOWS\vxwybc.ini not found!
File C:\WINDOWS\xybbay.ini not found!
File C:\WINDOWS\xyyybc.ini not found!
File move failed. C:\WINDOWS\SYSTEM32\dpvxec.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\IExplorer.dll .dbt not found!
File C:\WINDOWS\SYSTEM32\jkkllml.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\iihihf.dll not found!
File C:\WINDOWS\khiiff.dll not found!
File C:\WINDOWS\SYSTEM32\jkkllml.dll not found!
< End of log >
Created on 04/14/2007 07:10:40
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

HJT Log

Unread postby maxxpower71 » April 14th, 2007, 8:50 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:47:31 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {85711073-2f92-481d-b4d1-be6225da6111} - C:\WINDOWS\system32\dpvxec.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiS ... mboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: dpvxec - dpvxec.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0229851176555894) (0229851176555894mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\022985~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby tim s » April 14th, 2007, 9:15 pm

Hi maxxpower71,

Ok that's good that vundofix did't find anything.

This is next

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O2 - BHO: (no name) - {85711073-2f92-481d-b4d1-be6225da6111} - C:\WINDOWS\system32\dpvxec.dll (file missing)
    O20 - Winlogon Notify: dpvxec - dpvxec.dll (file missing)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

--------------------------------------------------------------


Ok now I need you to run and online scan to see if any thing else needs removing that is not showing in other scans.

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site scroll to the bottom of page and click the "Scan your PC" button NOTE: If you have a popblocker enable you will have to allow popup here.
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan
(Note: It will take a couple minutes. You may have to reboot here and start back with step 1. I did.)

10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply with others requested.
----------------------------------------------------------------

Please post in your next reply
Panda scan report
New HJT log.


Please let me know how your computer is running now?
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Active Scan Report

Unread postby maxxpower71 » April 14th, 2007, 11:38 pm

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@bluestreak[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@mediaplex[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@statse.webtrendslive[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\SmitfraudFix\restart.exe
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@888[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@adopt.hbmediapro[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@adopt.hbmediapro[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@btg.btgrab[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@cgi-bin[5].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@desktop.kazaa[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@drivecleaner[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@fe.lea.lycos[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@i.screensavers[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@mediaplex[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@offeroptimizer[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@rn11[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@stats.drivecleaner[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@terra.com[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@www.drivecleaner[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@xiti[1].txt
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Temporary Internet Files\Content.IE5\GLMBWPA7\installdrivecleanerstart[1].exe
Hacktool:HackTool/Zapgon.A Not disinfected C:\Program Files\mIRC\Invision\Stdio.dll
Virus:Trj/Downloader.NMS Disinfected C:\WINDOWS\system32\Explorer.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

HJT Log

Unread postby maxxpower71 » April 14th, 2007, 11:39 pm

Logfile of HijackThis v1.99.1
Scan saved at 11:36:24 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiS ... mboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O23 - Service: McAfee Application Installer Cleanup (0229851176555894) (0229851176555894mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\022985~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby tim s » April 15th, 2007, 12:41 am

Hello maxxpower71


Ok now delete SmitfraudFix.exe and Smitfraud folder that is on your desktop.

And delete vundofix that I had you download previously.

These cookies need to go.
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@888[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@bluestreak[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@mediaplex[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\alberto@statse.webtrendslive[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@adopt.hbmediapro[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@adopt.hbmediapro[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@btg.btgrab[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@cgi-bin[5].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@desktop.kazaa[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@drivecleaner[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@fe.lea.lycos[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@i.screensavers[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@mediaplex[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@offeroptimizer[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@rn11[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@stats.drivecleaner[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@terra.com[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@www.drivecleaner[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\nimia@xiti[1].txt


Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.
  • Under Main choose (put a check in boxes next to the following):
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Cookies
  • Temporary Internet Files
  • Java Cache
  • *The other boxes are optional*
  • Then click the Empty Selected button.

    The next part is if you use Firefox are Opera browser instead of Internet Explorer if you do not have either of theses skip to next part:
    Firefox:
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • *NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    Opera:
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • *NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  • Click Exit on the Main menu to close the program.

----------------------------------------------------------------------------------------------

To enable the viewing of Hidden files follow these steps:
  1. Close all programs so that you are at your desktop.
  2. Click Start, then select My Computer)
  3. Select the Tools (at top of opened screen in menu and click Folder Options.
  4. After the new window appears select the View tab.
  5. Put a checkmark in the checkbox labeled Display the contents of system folders.
  6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  9. Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.
-------------------------------------------------------------------------------------------

This installdrivecleanerstart[1].exe here should have been cleaned out with ATF Cleaner but if it was't you need to search for it to make sure file has been deleted.
This file Stdio.dll would not have been deleted so you will have to delete it.

Use Explorer to navigate to and delete the following files (if they are present) just what is in red:

Files:

  • C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Temporary Internet Files\Content.IE5\GLMBWPA7\installdrivecleanerstart[1].exe
  • C:\Program Files\mIRC\Invision\Stdio.dll


Reboot computer
NOTE: If these files will not delete in normal mode you can boot into safe mode and try again.

Here are instructions on how to boot into safemode if needed.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


---------------------------------------------------------------------------------------------

I need to know how your computer is running now?
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware