itsmeveve

Members
  • Content Count

    22
  • Joined

  • Last visited

Community Reputation

0 Neutral

About itsmeveve

  • Rank
    Member
  1. Hi, And thanks for your support and having this site here. However I would like to ask that this thread be closed as the problem has been taken care of now! Have a great day!
  2. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:48 AM, on 2/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CS1\Services\Tcpip\..\{3BCFC3CB-1398-49B3-897A-7C9189E0B03C}: NameServer = 198.6.100.98 198.6.1.98 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7012 bytes Ad_Aware_20080201_11_05_05.log
  3. Thanks again, Nortons is out .......... that was a nightmare in itself! But its gone now and AVG is working! I had forgot about fire fox and will install that before I return the computer to its owners. Oh and I checked out Glubble How cute I will go do that last fix in HijackThis.
  4. I did the remove combo fix yesterday when you asked me to so it wouldnt run today since it couldnt find the file. My daughter thought that she took lime wire out of the computer before she brought it to me to fix. I have seen bits and peices of it in here. I dont see it in add and remove programs. We had plans to take Nortons out of this computer and run AVG free, after all the problems were gone. I switched to AVG from Nortons on my own computer about a year ago, and im very happy with it and it is not as much of a resource hog. The computer is much much better now! The kids cover all ages since there are five of them LOL I want to thank you for your help with this problem, and for being so quick about it also. You are greatly appreciated. I have never tried a forum to fix a problem I can usualy figure it out, this one stumped me though. Thanks for making my first experience a good one.
  5. Logfile of HijackThis v1.99.1 Scan saved at 10:46:05 AM, on 1/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  6. # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2766 (20080104) # vers_arch_module=1.060 (20071228) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=8b4928ed44a4804ca4775c2260a8d3c7 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-01-05 10:06:15 # local_time=2008-01-05 05:06:15 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=719584 # found=12 # scan_time=13691 C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip Win32/Adware.TrafficSol application (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip »ZIP »setup.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip »ZIP »setup.exe »NSIS »bann.exe Win32/Adware.TrafficSol application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Owner\Shared\[Full] black and white 2 with Bonus.zip »ZIP »setup.exe »NSIS »bann.exe »NSIS »gzmrotate.dll Win32/Adware.TrafficSol application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\QooBox\Quarantine\catchme2008-01-03_170411.81.zip Win32/Adware.Virtumonde application (deleted) 00000000000000000000000000000000 C:\QooBox\Quarantine\catchme2008-01-03_170411.81.zip »ZIP »awtrrrp.dll Win32/Adware.Virtumonde application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.tmp.vir a variant of Win32/TrojanDownloader.Agent.BLS trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir probably a variant of Win32/TrojanDropper.VB.NAI trojan (deleted) 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir »ZIP »Setup.exe probably a variant of Win32/TrojanDropper.VB.NAI trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir probably a variant of Win32/TrojanDropper.VB.NAI trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\QooBox\Quarantine\C\WINDOWS\system32\rlvknlg.exe.vir probably a variant of Win32/Genetik trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\mirc.ini IRC/Zapchast trojan (unable to clean - deleted) 00000000000000000000000000000000
  7. The infected computer is onlne now and is scanning on "ESET" seems it is going to take a while and thats ok, ill post back whenever it gets done. I wonder if you are allowed to suggest some way to keep kids out of trouble online as far as not being able to download things that could be dangerous to be on the computer, so it is a long time before we run into this kind of trouble again. Also before I contacted you I ran SpyBot and found a keylogger on the computer that I let SpyBot remove. SpyBot information on it said that it had to be installed manualy, so that means that it wasnt put there by spyware? Is that correct?
  8. ComboFix 08-01-03.4 - MOM 2008-01-05 12:50:48.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.467 [GMT -5:00] Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))) . 2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f 2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0 2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft 2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS 2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec 2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic 2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView 2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute 2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT 2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat 2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint 2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio 2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared 2007-12-24 15:08 . 2008-01-05 12:31 <DIR> d-------- C:\Program Files\Napster 2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield 2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 17:31 --------- d-----w C:\Program Files\Trojan Remover 2008-01-05 17:31 --------- d-----w C:\Program Files\QuickTime 2008-01-05 17:31 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-05 17:31 --------- d-----w C:\Program Files\Microsoft AntiSpyware 2008-01-05 17:31 --------- d-----w C:\Program Files\iTunes 2008-01-05 17:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft 2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant 2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire 2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE 2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio 2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat 2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat 2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ] C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ AutoTBar.exe [2003-06-18 21:19:08] mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ AutoTBar.exe [2007-12-30 14:05:47] mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe backup=C:\WINDOWS\pss\AutoTBar.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk backup=C:\WINDOWS\pss\RegFreeze.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] C:\hp\bin\AUTOTKIT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2007-12-30 14:01 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] C:\Program Files\Napster\napster.exe /systray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] rundll32.exe nview.dll,nViewLoadHook [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /keeploaded /nodetect [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2007-12-30 14:03 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask .exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter] wfxsnt40.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray] C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "omniserv"=2 (0x2) "iPodService"=3 (0x3) "Automatic LiveUpdate Scheduler"=2 (0x2) R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31] . Contents of the 'Scheduled Tasks' folder "2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe "2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-01-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job" - C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK: "2008-01-04 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N "2008-01-05 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N "2008-01-04 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 12:59:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Softex\OmniPass\opxpgina.dll . Completion time: 2008-01-05 13:01:11 ComboFix-quarantined-files.txt 2008-01-05 18:01:00 ComboFix2.txt 2008-01-05 10:09:14 ComboFix3.txt 2008-01-04 16:46:55 ComboFix4.txt 2008-01-03 22:12:28 . 2007-12-30 21:32:20 --- E O F ---
  9. OK this is the code done in safe mode.......... now im off to do the combo fix in normal start up. Ran on Sat 01/05/2008 - 12:32:04.45 Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0
  10. Whoops i left it for a bit and it did finaly get to safemode so im off to do the next step
  11. Also I tried to get to safe mode before I contacted you and couldnt get there the system seems to hang at loading \Windows\System32\DRIVERS\agp440.sys Now I just tried it again as you requested and it hangs at the same place still.
  12. I did the above step (netsh winsock reset) in the order that I read your list
  13. Ran on Sat 01/05/2008 - 4:57:04.28 ------w 115,816 2007-12-30 19:01:58 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 517,768 2007-12-30 19:24:58 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe ----a-w 26,248 2007-12-30 19:03:58 C:\Program Files\Norton AntiVirus\osCheck .exe Entries: 3 (3) Directories: 0 Files: 3 Bytes: 659,832 Blocks: 1,291 ComboFix 08-01-03.4 - MOM 2008-01-05 5:03:25.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.434 [GMT -5:00] Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))) . 2008-01-05 04:57 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f 2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0 2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft 2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS 2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec 2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic 2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView 2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute 2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT 2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat 2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint 2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio 2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared 2007-12-24 15:08 . 2008-01-05 04:56 <DIR> d-------- C:\Program Files\Napster 2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield 2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 09:56 --------- d-----w C:\Program Files\Trojan Remover 2008-01-05 09:56 --------- d-----w C:\Program Files\QuickTime 2008-01-05 09:56 --------- d-----w C:\Program Files\Microsoft AntiSpyware 2008-01-05 09:56 --------- d-----w C:\Program Files\iTunes 2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft 2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant 2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire 2007-12-30 19:05 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe 2007-12-30 19:05 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe 2007-12-30 19:05 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2007-12-30 19:03 81,920 ----a-w C:\WINDOWS\system32\ps2.exe 2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus 2007-12-30 18:31 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE 2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio 2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat 2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat 2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG . ------w 115,816 2007-12-30 19:01:58 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 517,768 2007-12-30 19:24:58 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe ----a-w 26,248 2007-12-30 19:03:58 C:\Program Files\Norton AntiVirus\osCheck .exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ] C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ AutoTBar.exe [2003-06-18 21:19:08] mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ AutoTBar.exe [2007-12-30 14:05:47] mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe backup=C:\WINDOWS\pss\AutoTBar.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk backup=C:\WINDOWS\pss\RegFreeze.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App] 2007-12-30 14:05 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] 2007-12-30 14:05 53248 --a------ C:\hp\bin\AUTOTKIT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] 2007-12-30 14:07 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-12-30 14:07 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2007-12-30 14:05 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] 2007-12-30 14:05 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-12-30 14:05 118784 --a------ C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-12-30 14:05 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] 2007-12-30 14:05 483328 --a------ C:\WINDOWS\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] 2007-12-30 14:05 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-12-30 14:05 52736 --a------ c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-12-30 14:05 155648 --a------ C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-12-30 14:04 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2007-12-30 14:04 61440 --a------ C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2007-12-30 14:01 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2007-12-30 14:04 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] C:\Program Files\Napster\napster.exe /systray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-12-30 14:04 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] rundll32.exe nview.dll,nViewLoadHook [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /keeploaded /nodetect [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] 2007-12-30 14:03 81920 --a------ C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] 2007-12-30 14:03 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask .exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2007-12-30 14:03 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-12-30 14:03 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2007-12-30 14:03 295936 --a------ C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe] 2007-12-30 14:02 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter] wfxsnt40.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] 2007-12-30 14:02 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray] C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "omniserv"=2 (0x2) "iPodService"=3 (0x3) "Automatic LiveUpdate Scheduler"=2 (0x2) R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31] . Contents of the 'Scheduled Tasks' folder "2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe "2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-01-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job" - C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK: "2008-01-04 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N "2008-01-05 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N "2008-01-04 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 05:07:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Softex\OmniPass\opxpgina.dll . Completion time: 2008-01-05 5:09:13 ComboFix-quarantined-files.txt 2008-01-05 10:09:01 ComboFix2.txt 2008-01-04 16:46:55 ComboFix3.txt 2008-01-03 22:12:28 . 2007-12-30 21:32:20 --- E O F ---
  14. Thanks for clearing up the questions for me and disregard the post about my missing posts as they are back now. Hope your evening is a good one. Your help is greatly appreciated!
  15. Ran on Fri 01/04/2008 - 20:00:42.21 ----a-w 53,248 2007-12-30 19:05:47 C:\hp\bin\AUTOTKIT .EXE ----a-w 61,440 2007-12-30 19:04:52 C:\hp\KBD\KBD .EXE ----a-w 94,208 2007-12-30 19:07:13 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe ----a-w 151,597 2007-12-30 19:01:39 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 110,592 2007-12-30 19:02:50 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe ----a-w 115,816 2007-12-30 19:01:58 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 517,768 2007-12-30 19:24:58 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe ----a-w 24,576 2007-12-30 19:07:27 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe ----a-w 90,112 2007-12-30 19:05:42 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe ----a-w 49,152 2007-12-30 19:05:16 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe ----a-w 49,152 2007-12-30 19:05:11 C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe ----a-w 278,528 2007-12-30 19:04:59 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 132,496 2007-12-30 19:03:05 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe ----a-w 473,920 2007-12-30 19:05:28 C:\Program Files\Microsoft AntiSpyware\gcasServ .exe ----a-w 53,248 2007-12-30 19:01:34 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe ----a-w 323,216 2007-12-30 19:01:37 C:\Program Files\Napster\napster .exe ----a-w 26,248 2007-12-30 19:03:58 C:\Program Files\Norton AntiVirus\osCheck .exe ----a-w 98,304 2007-12-30 19:01:54 C:\Program Files\QuickTime\qttask .exe ----a-w 98,304 2007-12-31 01:52:56 C:\Program Files\QuickTime\qttask .exe ----a-w 1,003,520 2007-12-30 19:06:23 C:\Program Files\Real\RealOne Player\realplay .exe ----a-w 295,936 2007-12-30 19:03:01 C:\Program Files\Trojan Remover\Trjscan .exe ----a-w 1,880,064 2007-12-30 19:02:47 C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe ----a-w 50,744 2007-12-30 19:05:56 C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE ----a-w 385,024 2007-12-30 19:04:50 C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe ----a-w 77,887 2007-12-30 19:03:24 C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE ----a-w 57,344 2007-12-30 19:02:23 C:\Program Files\Yahoo!\browser\ybrwicon .exe ----a-w 4,670,968 2007-12-30 17:42:13 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 4,670,968 2007-12-31 01:57:31 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 4,670,968 2007-12-31 01:57:37 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 4,670,968 2007-12-30 19:06:26 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ----a-w 4,670,968 2007-12-30 21:55:59 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ----a-w 6,104,568 2007-12-30 19:02:24 C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe ----a-w 158,208 2007-12-30 18:31:18 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe ----a-w 212,992 2007-12-30 19:03:10 C:\WINDOWS\SMINST\RECGUARD .EXE ----a-w 52,736 2007-12-30 19:05:08 C:\WINDOWS\system\hpsysdrv .exe ----a-w 118,784 2007-12-30 19:05:24 C:\WINDOWS\system32\hkcmd .exe ----a-w 483,328 2007-12-30 19:05:17 C:\WINDOWS\system32\hphmon05 .exe ----a-w 155,648 2007-12-30 19:05:04 C:\WINDOWS\system32\igfxtray .exe ----a-w 155,648 2007-12-30 19:04:41 C:\WINDOWS\system32\NeroCheck .exe ----a-w 81,920 2007-12-30 19:03:37 C:\WINDOWS\system32\ps2 .exe Entries: 40 (40) Directories: 0 Files: 40 Bytes: 37,431,116 Blocks: 73,114