1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacker help

Discussion in 'Virus & Other Malware Removal' started by handmaps, Oct 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    OK, I was a dummy and downloaded an .exe I never should have. I encountered some malware that stated out redirecting my browser to an anti-spyware site to remove my spyware! Spyware-secure was the bug.

    I know I caught a bug. What I have done to this point is:
    1. Updated my IE browser from 6.0 to 7.0
    2. Cleaned my registry with Abexo Free
    3. Added Spybot Search & Destroy
    4. Cleaned with Lava-Soft 2007
    5. Went to regedit and cleared out all the spyware secure entries

    I fixed 1/2 of the issue by doing all of the above. The hijacker now comes up with an IE browser that is blank (white) with no address showing. Therefore, every time I start a browser in a minute or two a white blank browser pops up and I close it. The behavior of IE is affected but it is killing me...

    XP Pro user

    Please help,
    handmaps
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    Cheeseball:
    Sorry for the slow response. First thanks for offering to help. I was trying to follow your directions but I can'tdownload HJTsetup.exe. It seems to be gone off the URL link you gave me.

    Is there another way to get the softwae? my e-mail is [email protected]
     
  4. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    OK I got it... Here is the log. Sorry for the last message. I had to find hijack this at another site...

    Logfile of HijackThis v1.99.1
    Scan saved at 4:15:15 PM, on 11/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\AOL\1192969337\ee\AOLSoftware.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\ACT\act.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\palmOne\Palm.exe
    C:\Program Files\palmOne\Hotsync.exe
    c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cityu.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192969337\ee\AOLSoftware.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.whataboutadog.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136258895453
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://workscapeevents.webex.com/client/T25L/webex/ieatgpc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.fiberlink.com/dana-cached/setup/JuniperSetupSP1.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    that is the old version of HJT

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
    Click on the entry in start menu to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    you have pointers to what looks like trojan AWF

    Download FindAWF by Noahdfear

    save it to desktop & double click it to run it. Select option 1 scan only & post back the log it makes
     
  6. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    BTW, the link that you send me to to get Hijack This really does not seem to have a spot to download the software from? I found V2.0.2 that did the notepad copy and past for me. I hop this is a good version.

    I have not run the AWF fixer yet. I'll wait until I hear back.

    Thanks!
    Handmaps

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:41:59 PM, on 11/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\AOL\1192969337\ee\AOLSoftware.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\palmOne\Palm.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\American Psychological Association\APA-Style Helper 5.1\SH5_Main_510.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\WINDOWS\system32\notepad.exe
    c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cityu.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192969337\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.whataboutadog.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136258895453
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://workscapeevents.webex.com/client/T25L/webex/ieatgpc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.fiberlink.com/dana-cached/setup/JuniperSetupSP1.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 11589 bytes
     
  7. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    Here you go. Do I have it?


    Find AWF report by noahdfear ©2006
    Version 1.40

    The current date is: Fri 11/23/2007
    The current time is: 0:01:58.20


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\ITUNES\BAK

    06/28/2007 08:14 AM 270,648 iTunesHelper.exe
    1 File(s) 270,648 bytes

    Directory of C:\PROGRA~1\MESSEN~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    04/27/2007 08:41 AM 282,624 qttask.exe
    1 File(s) 282,624 bytes

    Directory of C:\PROGRA~1\USBSTO~1\BAK

    02/21/2003 08:30 PM 212,992 udsi.exe
    1 File(s) 212,992 bytes

    Directory of C:\WINDOWS\SYSTEM\BAK

    10/18/2007 11:08 AM 183 hpsysdrv.DAT
    05/07/1998 03:04 PM 52,736 hpsysdrv.exe
    2 File(s) 52,919 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    08/04/2004 12:56 AM 15,360 ctfmon.exe
    03/11/2003 04:11 PM 114,688 hkcmd.exe
    2 File(s) 130,048 bytes

    Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

    04/17/2002 04:42 PM 69,632 hpgs2wnd.exe
    1 File(s) 69,632 bytes

    Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

    12/26/2006 10:50 PM 180,269 realsched.exe
    1 File(s) 180,269 bytes

    Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

    01/27/2007 10:17 AM 171,448 GoogleToolbarNotifier.exe
    1 File(s) 171,448 bytes

    Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

    10/07/2002 12:23 AM 90,112 hpqcmon.exe
    1 File(s) 90,112 bytes

    Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

    07/12/2007 03:00 AM 132,496 jusched.exe
    1 File(s) 132,496 bytes

    Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

    06/06/2005 11:46 PM 57,344 apdproxy.exe
    1 File(s) 57,344 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    270648 Jun 28 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    102400 Jun 30 2007 "C:\WINDOWS\Installer\{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}\iTunesIco.exe"
    116024 Jun 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe"
    282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
    212992 Feb 21 2003 "C:\Program Files\USB Storage RW\bak\udsi.exe"
    186 Oct 5 2007 "C:\WINDOWS\system\hpsysdrv.DAT"
    183 Oct 18 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
    52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
    15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
    15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
    15360 Aug 3 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
    69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
    180269 Dec 26 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar4user.exe"
    13736064 Aug 2 2006 "C:\Documents and Settings\Administrator\Desktop\GoogleEarthWin4.exe"
    559784 Dec 26 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
    138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    171448 Jan 27 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
    90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
    90112 Oct 7 2002 "C:\Documents and Settings\Administrator\Desktop\12-31-05 Jeff Bird\SONYC\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe"
    36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
    49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
    57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


    end of report
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    First
    Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
    To disable SpybotSD TeaTimer:

    Open Spybot and click on Mode and check Advanced Mode
    Check yes to next window.
    Click on Tools in bottom left hand corner.
    Click on System Startup icon.
    Uncheck Teatimer box.
    Click Allow Change box.

    You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm
    then
    start FindAWF & select option 2

    copy the contents of the code box below and paste under the line in the white screen that will open in awf

    Code:
    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\QuickTime\bak\qttask.exe"
    "C:\Program Files\USB Storage RW\bak\udsi.exe"
    "C:\WINDOWS\system\bak\hpsysdrv.DAT"
    "C:\WINDOWS\system\bak\hpsysdrv.exe"
    "C:\WINDOWS\system32\bak\hkcmd.exe"
    "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
    "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier. exe"
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
    
    press file/exit & say yes to the prompt that will come up

    a blue box will appear saying searching for bak folders, please wait

    it will eventually say all files restored and a notepad file will open

    post the contents back here

    then run awf again and choose option 4
     
  9. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    OK, I am running option 4 on the noahdfear program... Below is the lod you requested.


    Find AWF report by noahdfear ©2006
    Version 1.40
    Option 2 run successfully

    The current date is: Sat 11/24/2007
    The current time is: 5:44:42.81


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\ITUNES\BAK

    06/28/2007 08:14 AM 270,648 iTunesHelper.exe
    1 File(s) 270,648 bytes

    Directory of C:\PROGRA~1\MESSEN~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    04/27/2007 08:41 AM 282,624 qttask.exe
    1 File(s) 282,624 bytes

    Directory of C:\PROGRA~1\USBSTO~1\BAK

    02/21/2003 08:30 PM 212,992 udsi.exe
    1 File(s) 212,992 bytes

    Directory of C:\WINDOWS\SYSTEM\BAK

    10/18/2007 11:08 AM 183 hpsysdrv.DAT
    05/07/1998 03:04 PM 52,736 hpsysdrv.exe
    2 File(s) 52,919 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    08/04/2004 12:56 AM 15,360 ctfmon.exe
    03/11/2003 04:11 PM 114,688 hkcmd.exe
    2 File(s) 130,048 bytes

    Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

    04/17/2002 04:42 PM 69,632 hpgs2wnd.exe
    1 File(s) 69,632 bytes

    Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

    12/26/2006 10:50 PM 180,269 realsched.exe
    1 File(s) 180,269 bytes

    Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

    01/27/2007 10:17 AM 171,448 GoogleToolbarNotifier.exe
    1 File(s) 171,448 bytes

    Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

    10/07/2002 12:23 AM 90,112 hpqcmon.exe
    1 File(s) 90,112 bytes

    Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

    07/12/2007 03:00 AM 132,496 jusched.exe
    1 File(s) 132,496 bytes

    Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

    06/06/2005 11:46 PM 57,344 apdproxy.exe
    1 File(s) 57,344 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    270648 Jun 28 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
    270648 Jun 28 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    102400 Jun 30 2007 "C:\WINDOWS\Installer\{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}\iTunesIco.exe"
    116024 Jun 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe"
    282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
    282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
    212992 Feb 21 2003 "C:\Program Files\USB Storage RW\udsi.exe"
    212992 Feb 21 2003 "C:\Program Files\USB Storage RW\bak\udsi.exe"
    183 Oct 18 2007 "C:\WINDOWS\system\hpsysdrv.DAT"
    183 Oct 18 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
    52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe"
    52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
    15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
    15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
    15360 Aug 3 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\hkcmd.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
    69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
    180269 Dec 26 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
    180269 Dec 26 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar4user.exe"
    13736064 Aug 2 2006 "C:\Documents and Settings\Administrator\Desktop\GoogleEarthWin4.exe"
    559784 Dec 26 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
    138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    171448 Jan 27 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
    90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
    90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
    90112 Oct 7 2002 "C:\Documents and Settings\Administrator\Desktop\12-31-05 Jeff Bird\SONYC\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe"
    36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
    49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
    57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


    end of report
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,371
    First Name:
    Derek
    how are things now

    it should be clean

    post a new HJT log so we can check and also

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  11. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    I did everything to get rid of the bak files... I still have an issue...

    It seemed to go have got less frequent at first but now is back in a big way.

    Every time I fire up an IE browser, I get a "tag along" browser. It is 100% white. No data, no url just white. I will then get another and another and another during the same browser session until I have to shut down the browser. Sometimes it crashes my IE all together.

    Is there a tool that can track my browser traffic? Then I can send you guys the logs?

    Help
    :(
     
  12. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    Just got a blue scree that said my device drivers caused an issue...

    Please help
     
  13. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    Find AWF report by noahdfear ©2006
    Version 1.40
    Option 2 run successfully

    The current date is: Sun 12/09/2007
    The current time is: 20:06:02.12


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\ITUNES\BAK

    06/28/2007 08:14 AM 270,648 iTunesHelper.exe
    1 File(s) 270,648 bytes

    Directory of C:\PROGRA~1\MESSEN~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    04/27/2007 08:41 AM 282,624 qttask.exe
    1 File(s) 282,624 bytes

    Directory of C:\PROGRA~1\USBSTO~1\BAK

    02/21/2003 08:30 PM 212,992 udsi.exe
    1 File(s) 212,992 bytes

    Directory of C:\WINDOWS\SYSTEM\BAK

    10/18/2007 11:08 AM 183 hpsysdrv.DAT
    05/07/1998 03:04 PM 52,736 hpsysdrv.exe
    2 File(s) 52,919 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    08/04/2004 12:56 AM 15,360 ctfmon.exe
    03/11/2003 04:11 PM 114,688 hkcmd.exe
    2 File(s) 130,048 bytes

    Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

    04/17/2002 04:42 PM 69,632 hpgs2wnd.exe
    1 File(s) 69,632 bytes

    Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

    12/26/2006 10:50 PM 180,269 realsched.exe
    1 File(s) 180,269 bytes

    Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

    01/27/2007 10:17 AM 171,448 GoogleToolbarNotifier.exe
    1 File(s) 171,448 bytes

    Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

    10/07/2002 12:23 AM 90,112 hpqcmon.exe
    1 File(s) 90,112 bytes

    Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

    07/12/2007 03:00 AM 132,496 jusched.exe
    1 File(s) 132,496 bytes

    Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

    06/06/2005 11:46 PM 57,344 apdproxy.exe
    1 File(s) 57,344 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    270648 Jun 28 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
    270648 Jun 28 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    102400 Jun 30 2007 "C:\WINDOWS\Installer\{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}\iTunesIco.exe"
    116024 Jun 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe"
    282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
    282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
    212992 Feb 21 2003 "C:\Program Files\USB Storage RW\udsi.exe"
    212992 Feb 21 2003 "C:\Program Files\USB Storage RW\bak\udsi.exe"
    183 Oct 18 2007 "C:\WINDOWS\system\hpsysdrv.DAT"
    183 Oct 18 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
    52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe"
    52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
    15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
    15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
    15360 Aug 3 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\hkcmd.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
    114688 Mar 11 2003 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
    69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
    180269 Dec 26 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
    180269 Dec 26 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar4user.exe"
    13736064 Aug 2 2006 "C:\Documents and Settings\Administrator\Desktop\GoogleEarthWin4.exe"
    559784 Dec 26 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
    138168 Jan 27 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    171448 Jan 27 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
    90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
    90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
    90112 Oct 7 2002 "C:\Documents and Settings\Administrator\Desktop\12-31-05 Jeff Bird\SONYC\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe"
    36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
    49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
    57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


    end of report
     
  14. handmaps

    handmaps Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    10
    OK I did the "combo fix" below is the log. I seem to have a lot of bad stuff. Please help. The bak files are still there.

    Handmaps

    ------------------------------------

    ComboFix 07-12-21.4 - Administrator 2007-12-21 17:09:09.2 - NTFSx86
    Running from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\30R125IM\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
    .

    2007-12-21 14:45 . 2007-12-21 14:45 <DIR> d-------- C:\WINDOWS\aolshare
    2007-12-21 14:44 . 2007-12-21 14:52 <DIR> d-------- C:\Program Files\AOL 9.1
    2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    2007-11-28 11:32 . 2007-11-28 11:32 <DIR> d-------- C:\Program Files\MSECache
    2007-11-24 06:44 . 2007-12-20 13:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-24 06:44 . 2007-11-24 06:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-24 05:44 . 2003-03-11 16:11 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe
    2007-11-24 05:44 . 1998-05-07 15:04 52,736 --a------ C:\WINDOWS\system\hpsysdrv.exe
    2007-11-22 23:41 . 2007-11-22 23:41 <DIR> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-21 22:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AOL
    2007-12-21 22:47 --------- d-----w C:\Program Files\Common Files\AOL
    2007-12-21 22:45 --------- d-----w C:\Program Files\Common Files\aolshare
    2007-12-21 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-12-21 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-12-17 23:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-12-11 00:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-10 04:06 --------- d-----w C:\Program Files\USB Storage RW
    2007-12-10 04:06 --------- d-----w C:\Program Files\QuickTime
    2007-12-06 05:49 --------- d-----w C:\Program Files\Symantec
    2007-12-06 00:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-12-06 00:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-12-06 00:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-06 00:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-24 14:42 --------- d-----w C:\Program Files\Norton AntiVirus
    2007-11-24 13:44 --------- d-----w C:\Program Files\iTunes
    2007-11-22 04:57 --------- d-----w C:\Program Files\Java
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
    2007-10-31 03:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
    2007-10-31 03:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
    2007-10-31 03:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
    2007-10-31 03:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
    2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
    2007-10-31 03:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
    2007-10-31 03:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
    2007-10-31 03:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
    2007-10-31 03:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
    2007-10-31 03:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-28 01:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-24 23:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2007-10-22 21:24 --------- d-----w C:\Program Files\AOL 9.0
    2007-10-22 18:05 --------- d-----w C:\Program Files\America Online 8.0
    2007-10-11 11:21 103,808 ----a-w C:\WINDOWS\system32\AOLDial.dll
    2006-10-26 18:08 28,672 ----a-w C:\Documents and Settings\Administrator\atwbxdet.dll
    2006-05-09 18:34 42,544 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-03 16:45 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_18.37.22.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
    + 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
    + 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
    + 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
    + 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
    + 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
    + 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
    + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
    + 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
    + 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
    + 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
    + 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
    + 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
    + 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
    + 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
    + 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
    + 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
    + 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
    + 2007-08-20 22:34:42 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
    + 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
    + 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
    + 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
    + 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
    + 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
    + 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
    + 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
    + 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    - 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    - 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    + 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    - 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
    - 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    + 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    + 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    - 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    + 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    - 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    - 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    - 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys
    + 2007-07-06 12:46:59 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll
    + 2007-07-06 12:46:59 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll
    + 2007-07-06 12:46:59 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll
    - 2004-08-04 08:56:44 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
    + 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
    - 2004-08-04 08:56:44 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
    + 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
    + 2007-07-06 12:46:59 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
    + 2007-07-06 12:46:59 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll
    + 2007-07-06 12:46:59 471,552 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
    - 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    + 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    + 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    - 2007-08-20 22:34:42 3,584,512 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    + 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    + 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
    - 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    + 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    - 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-10-28 01:39:20 230,912 -c----w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2006-12-08 01:02:24 2,174,976 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
    + 2007-10-28 01:37:38 2,109,440 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
    - 2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
    + 2007-10-11 11:20:56 24,960 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
    - 2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
    + 2007-10-11 11:20:58 33,384 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
    - 2007-05-29 20:55:35 22,112 ----a-r C:\WINDOWS\system32\drivers\COH_Mon.sys
    + 2007-05-29 21:55:35 22,112 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    - 2004-08-04 06:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    - 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\system32\extmgr.dll
    + 2007-10-10 23:55:51 132,608 ------w C:\WINDOWS\system32\extmgr.dll
    - 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    - 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe
    + 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
    + 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
    + 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
    + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\ieakui.dll
    - 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    + 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
    + 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
    - 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
    + 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\iernonce.dll
    + 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\system32\iernonce.dll
    - 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    + 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    - 2007-04-18 06:49:06 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
    + 2007-10-27 17:45:06 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
    - 2007-04-18 06:49:06 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
    + 2007-10-27 17:45:06 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
    - 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
    - 2004-08-04 08:56:44 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
    + 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
    - 2004-08-04 08:56:44 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
    + 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
    - 2004-08-04 08:56:44 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
    + 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
    - 2004-08-04 08:56:44 660,992 -c--a-w C:\WINDOWS\system32\mqqm.dll
    + 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
    - 2004-08-04 08:56:44 177,152 -c--a-w C:\WINDOWS\system32\mqrt.dll
    + 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
    - 2004-08-04 08:56:44 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
    + 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
    - 2004-08-04 08:56:44 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
    + 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
    - 2004-08-04 08:56:44 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
    + 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
    - 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    - 2007-08-20 22:34:42 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\system32\msrating.dll
    + 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\system32\msrating.dll
    - 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\system32\mstime.dll
    + 2007-10-10 23:55:59 671,232 ------w C:\WINDOWS\system32\mstime.dll
    - 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\occache.dll
    + 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\system32\occache.dll
    - 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-12-14 05:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    - 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
    + 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
    - 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2006-12-08 01:02:24 2,174,976 ----a-w C:\WINDOWS\system32\wmvcore.dll
    + 2007-10-28 01:37:38 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 57,344 2005-06-07 07:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
    ----a-w 57,344 2005-06-07 07:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    ----a-w 180,269 2006-12-27 06:50:43 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
    ----a-w 180,269 2006-12-27 06:50:43 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    ----a-w 171,448 2007-01-27 18:17:12 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

    ----a-w 90,112 2002-10-07 08:23:20 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe
    ----a-w 90,112 2002-10-07 08:23:20 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

    ----a-w 69,632 2002-04-18 00:42:56 C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe
    ----a-w 69,632 2002-04-18 00:42:56 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    ----a-w 270,648 2007-06-28 16:14:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
    ----a-w 270,648 2007-06-28 16:14:42 C:\Program Files\iTunes\iTunesHelper.exe

    ----a-w 132,496 2007-07-12 11:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

    ----a-w 282,624 2007-04-27 16:41:54 C:\Program Files\QuickTime\bak\qttask.exe
    ----a-w 282,624 2007-04-27 16:41:54 C:\Program Files\QuickTime\qttask.exe

    ----a-w 212,992 2003-02-22 04:30:40 C:\Program Files\USB Storage RW\bak\udsi.exe
    ----a-w 212,992 2003-02-22 04:30:40 C:\Program Files\USB Storage RW\udsi.exe

    ----a-w 183 2007-10-18 19:08:43 C:\WINDOWS\system\bak\hpsysdrv.DAT
    ----a-w 183 2007-12-20 21:49:49 C:\WINDOWS\system\hpsysdrv.DAT

    ----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
    ----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\hpsysdrv.exe

    ----a-w 15,360 2004-08-04 08:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-04 08:56:50 C:\WINDOWS\system32\ctfmon.exe

    ----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\bak\hkcmd.exe
    ----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\hkcmd.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
    "AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2007-10-27 09:44]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 16:11]
    "KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-21 20:30]
    "Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 16:42]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
    "CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 00:23]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "HostManager"="C:\Program Files\Common Files\AOL\1192969337\ee\AOLSoftware.exe" [2007-05-25 09:16]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-24 04:29:26]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
    Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-04-23 20:53:23]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCNT]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2003-02-11 19:02 61440 --a------ C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    2002-10-16 15:57 81920 --a------ C:\WINDOWS\system32\ps2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2002-09-13 20:42 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-21 10:21:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-12-15 07:36:46 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-21 17:12:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-21 17:17:04
    C:\ComboFix2.txt ... 2007-12-09 19:46
    .
    2007-12-20 22:01:14 --- E O F ---
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/644571

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice