Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Some Programs Cannot Be Opened At All


  • Please log in to reply
26 replies to this topic

#1 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 03 May 2007 - 08:02 AM

when i try to open a program a ms dos windows pop up and nothing happens.
Hope if you can help me solve this problem.
heres the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:02 PM, on 5/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\autocheck.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\naruto\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe autocheck.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [testrun] C:\WINDOWS\testexe.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

    Advertisements

Register to Remove


#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 03 May 2007 - 09:21 AM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 03 May 2007 - 10:13 PM

Hello :)

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


#4 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 04 May 2007 - 06:08 AM

the problem is still dere....
what virus is that?

heres the SDfix report text:

SDFix: Version 1.81

Run by Owner - Wed 05/04/2005 - 19:40:56.12

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\A3QT32.XMO - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a3sre65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a3srea4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a3srea5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a3srea6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a3sread.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\A3VFW32.XMO - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\A4QT32.XMO - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\A4VFW32.XMO - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\A5QT32.XMO - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\A5VFW32.XMO - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a6qt36.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a6qt65.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a6vfw36.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a6vfw65.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a6wmp65.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a7qt32.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a7vfw32.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\a7wmp32.xmo - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\activ65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Active5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\active6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\activex.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\aiffre65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\aiffrea4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\aiffrea5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\aiffrea6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\aiffread.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AnimG65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AnimGI5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AnimGI6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AnimGIF.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AWIML32.DLL - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AWIML35.DLL - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AWIML36.DLL - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\AWIML65.DLL - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\awm65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\awmp3.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\awmp6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\awswax.inf - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\awswax.ocx - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\bmpvi65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\bmpvie4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\bmpvie5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\bmpvie6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\bmpview.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVER65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVERI5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVERI6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVERIN.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVERO65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVEROU5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVEROU6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\COVEROUT.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\CROSS65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\CROSSI5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\CROSSI6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\CROSSIN.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\DIRTRA65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Dirtran3.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Dirtran4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\DIRTRAN5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\DIRTRAN6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\DIRTRANS.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\DVD.DLL - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\emfvi65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\emfvie5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\emfvie6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\emfview.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\f65.u32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\file65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\fileI5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\fileI6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\fileIO.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\FLASHA65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\flashas5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\FLASHAS6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\FLASHAST.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ft5.u32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ft6.u32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ftp.u32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\GIFI65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Gifim4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\GIFIM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\GIFIM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\GIFIMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ima4dc65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ima4dcm4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ima4dcm5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ima4dcm6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\ima4dcmp.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\INETU65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Inetur4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\INETUR5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\INETUR6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\INETURL.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\JPEGI65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Jpegim4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\JPEGIM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\JPEGIM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\JPEGIMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\js32.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\LRGI65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Lrgim4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\LRGIM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\LRGIM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\LRGIMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\macedc65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\macedcm4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\macedcm5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\macedcm6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\macedcmp.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MIX32.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Mix34.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MIX35.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MIX36.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MIX65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\mixvi65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\mixvie4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\mixvie5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\mixvie6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\mixview.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MoaFil65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MoaFile2.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MoaFile5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MoaFile6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\msvc65.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\msvcr5.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\msvcr6.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\msvcrt.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MVoi65.vwp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MVoic5.vwp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MVoic6.vwp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\MVoice.vwp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\NetFi65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\NetFil5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\NetFil6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\NetFile.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\np32asw.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pcmre65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pcmrea4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pcmrea5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pcmrea6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pcmread.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pictvi65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pictvie4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pictvie5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pictvie6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pictview.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PNGI65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PNGIM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PNGIM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PNGIMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PS3I65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Ps3im4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PS3IM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PS3IM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PS3IMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PWI65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PWIn5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PWIn6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\pwint.u32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\PWInt.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\QTAss65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\QTAsse5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\QTAsse6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\QTAsset.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\runa3w32.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\runa4w32.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\runa5w32.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\runa6w36.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\runa6w65.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\runa7w32.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\secu65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\secur5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\secur6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\secure.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Speech.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWADCM65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Swadcmp4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWADCMP5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWADCMP6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWADCMPR.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWARE65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\Swarea4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWAREA5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWAREA6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\SWAREAD.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TARGAI65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TARGAIM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TARGAIM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TARGAIMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TIFFI65.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TIFFIM5.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TIFFIM6.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\TIFFIMP.X32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\VCT32161.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\VCT32165.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\VCT32166.dll - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\views65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\viewsv4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\viewsv5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\viewsv6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\viewsvc.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxdc65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxdcm5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxdcm6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxdcmp.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxre65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxrea5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxrea6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\voxread.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wavre65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wavrea4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wavrea5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wavrea6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wavread.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wmfvi65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wmfvie4.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wmfvie5.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wmfvie6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\wmfview.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\XmlPar65.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\XmlPars6.x32 - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\XmlParse.x32 - Deleted
C:\Documents and Settings\Owner\Application Data\Install.dat - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system32\drivers\ntndis.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted


Folder C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Game.exe"="Game.exe:*:Ena"
"C:\\tmp037z.exe"="C:\\tmp037z.exe:*:Enabled:Control"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\ctfnom.exe
C:\WINDOWS\system32\systemm.exe
C:\Program Files\Internet Explorer\PLUGINS\System64.sys
C:\WINDOWS\SMINST\HPCD.SYS
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\LastGood.Tmp\INF\oem244.inf
C:\WINDOWS\LastGood.Tmp\INF\oem244.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem245.inf
C:\WINDOWS\LastGood.Tmp\INF\oem245.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem246.inf
C:\WINDOWS\LastGood.Tmp\INF\oem246.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem247.inf
C:\WINDOWS\LastGood.Tmp\INF\oem247.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem248.inf
C:\WINDOWS\LastGood.Tmp\INF\oem248.PNF

Finished

HERES THE HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 7:58:52 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\naruto\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


HOPE U CAN HELP ME SOLVE THE PROBLEM AS SOON AS POSSIBLE TY A LOT

#5 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 04 May 2007 - 01:10 PM

Hello :)

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Game.exe"=-
"C:\\tmp037z.exe"=-

It should look like this -> Posted Image

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open HijackThis, Click Do a system scan only, checkmark these. Then close all others windows except HijackThis and press fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Delete these files: (if found)
C:\WINDOWS\system32\ctfnom.exe
C:\WINDOWS\system32\systemm.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please Download F-Secure's Blacklight and save it to your desktop.

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post:* A fresh HijackThis log
* AVG's log
* Logfile of Blacklight


#6 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 04 May 2007 - 10:29 PM

a lot of virsues were found with AVG....

heres the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:18:21 PM, on 5/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\naruto\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



HERES THE AVG REPORT:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:05:22 PM 5/5/2005

+ Scan result:



C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP134\A0193502.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP134\A0193519.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-379949359-2232435455-2384118160-1003\Dc1.exe -> Backdoor.Agent.alh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP104\A0178198.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP104\A0178196.sys -> Backdoor.SdBot.aqp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP111\A0181420.sys -> Backdoor.SdBot.aqp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP111\A0181434.sys -> Backdoor.SdBot.aqp : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/ntndis.exe -> Downloader.Agent.avr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220265.exe -> Downloader.Agent.avr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220976.exe -> Downloader.Agent.avr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0221001.exe -> Downloader.Agent.avr : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-379949359-2232435455-2384118160-1003\Dc2.exe -> Downloader.Small.czl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220890.sys -> Downloader.Small.czl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\usbine.sys -> Downloader.Small.czl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP118\A0190884.exe -> Downloader.Small.ekx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP118\A0190885.exe -> Downloader.Small.ekx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP118\A0190886.exe -> Downloader.Small.ekx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP118\A0190887.exe -> Downloader.Small.ekx : Cleaned with backup (quarantined).
C:\WINDOWS\ijh.exe -> Downloader.Small.ekx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP104\A0178199.exe -> Dropper.Small.na : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP117\A0189794.exe -> Logger.Banker.cmb : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\naruto\backups\backup-20050505-100942-177.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP104\A0177174.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP104\A0178165.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP139\A0198968.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xlibgfl254.dll -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\SERVICES.EXE -> Trojan.Lmir.awq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220900.dll -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220901.dll -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\WINDOWS\cmdbcs.exe -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\WINDOWS\mppds.exe -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cmdbcs.dll -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\WINDOWS\system32\testdll.dll -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\WINDOWS\testexe.exe -> Trojan.OnLineGames.es : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220891.DLL -> Trojan.OnLineGames.nn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\snapshot\MFEX-1.DAT -> Trojan.OnLineGames.nn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LYLOADER.EXE -> Trojan.OnLineGames.nn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LYMANGR.DLL -> Trojan.OnLineGames.nn : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\PLUGINS\system2.jmp -> Trojan.QQPass.wm : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\WINLOGON.EXE -> Trojan.QQPass.wm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP112\A0184495.sys -> Trojan.Rkproc.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP112\A0184496.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Kernelmoduleunloader.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\My Downloads\RealPlayer10-5GOLD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\AUT\Aut.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\CoverDesigner\CoverDes.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\ImageDrive\ImageDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero BackItUp\NBR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero Toolkit\hwinfo.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero\NRESTORE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero\NeroCmd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\Nero\nero.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Ahead\WMPBurn\WMPBurn.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ArcSoft\ShowBiz 2\ArcRegister.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ArcSoft\ShowBiz 2\CheckUpdate.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ArcSoft\ShowBiz 2\ShowBiz.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ArcSoft\ShowBiz 2\Wizard.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ArcSoft\ShowBiz 2\sbzSendMail.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\AsiaSoft\KongKong\HspL.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\AsiaSoft\KongKong\kongkong.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Install\LiteInst.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Install\bwUnin.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\ChannelStatus.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\Infocenter.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\PrvCnt.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\RepBead.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\Restart.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\Sprite6.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\register.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BitComet\CrashReport.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\BitComet\codec\CodecCheck.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Canon\CanoCraft CS-P 3.7\Canoit32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Canon\CanoCraft CS-P 3.7\Cngspeed.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Canon\ScanGear Toolbox CS\40comupd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Canon\ScanGear Toolbox CS\CHREG.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Canon\ScanGear Toolbox CS\SGTBPBM.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Cerbere\AutoUpdate.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Compaq Connections\1940576\Program\NewProbe.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Compaq Connections\1940576\Program\ToggleClient.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Compaq Connections\1940576\Program\UninstallShortcuts.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\DivX\DivXCodecUninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\DivX\DivXPlayerUninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\DivX\DivX\bgregister.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\DivX\DivX\config.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Easy Internet signup\HPSdpApp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Easy Internet signup\HPUpdater.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Easy Internet signup\ISPSignup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\GameFlier\GhostOnline\Game.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\GameFlier\GhostOnline\GhostSoul.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\GameFlier\GhostOnline\xpatch.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Album\hpqaprnt.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Diagnostics\Diagnostics\HPSysDig.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Diagnostics\HPSysDig.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\DocProc\DocProc.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\DocProc\dpe_ocr.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\HP Print Screen\prnconf.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Unload\HpqApkil.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Unload\HpqPSmon.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\Unload\HpqUnSet.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\DestTest.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\HPXMLPDF.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpocpy08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpokpy08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpospd08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpostl08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hposvc08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpowiz08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqEmlsz.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqanon.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqanonp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqaol08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqclpbd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqdstcp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqfru07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqgrcpy.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqimvac.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqindex.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqisiex.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqpos.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqpos08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqpprop.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqprntw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqptc08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqqpa.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqqpj08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqselsk.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqudc08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqvapa.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqvfpa.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqvwr08.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqwrap.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\hpsjrreg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\bin\svtf.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\uninstall\hpzmsi01.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\HP Software Update\DoReboot.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\HP Software Update\HPUpdateUtility.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\HP Software Update\enum.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\HP Software Update\hpwuSchd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\HP Software Update\shellExWin.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\skingen\MEMDISC\PROVIDED\BIN\PROGSHIM.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\skingen\MEMDISC\PROVIDED\RETAILPF\SETUP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\HP\Temp\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\OCR\api_iris.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\OCR\ljrcg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Register\Itp32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Register\Remind32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Register\WebLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Uninstall\delprint.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Uninstall\hpourn07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Uninstall\hpouun07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Uninstall\hprboot.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\Uninstall\ioinst.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\HPOtax07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\HPovwr07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Hpo1pd07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Hpodf207.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Hpodif07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Hpompd07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Hposcv07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Hpospd07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\Scan2Web.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpiris.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoaol07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoapm07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoarp07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoart07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodir07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoevm07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoflt07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpofxm07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpofxs07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpoint07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpopie07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpornt07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hposct07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hposdn07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hposfx07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hposto07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hposts07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hposvc07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpotbx07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpouun07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpowiz07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpsspii.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\hp officejet v series\bin\usbready.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\drivers\dot4\win2000\hpzinw12.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\drivers\dot4\win2000\hpzipm12.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphdnd05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphuni03.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphver05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hpzglu09.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphusg05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzmsi01.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\util\hid\hphghl05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\util\hid\hphpdi05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\util\hid\hphpin05.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\InterVideo\WinDVD4\WinDVD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\java.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\javacpl.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\keytool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\kinit.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\klist.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\ktab.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\orbd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\pack200.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\policytool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\rmid.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\rmiregistry.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\servertool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\tnameserv.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_09\bin\unpack200.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\java.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\javacpl.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\javaws.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\keytool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\kinit.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\klist.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\ktab.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\orbd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\pack200.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\policytool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\rmid.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\rmiregistry.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\servertool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\tnameserv.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_10\bin\unpack200.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\UNWISE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\mtbs.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN Apps\Updater1.02.0002.1001\zh-sg\msnappau.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN Apps\Updater1.02.3000.1001\zh-sg\msnappau.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN Apps\Updater1.03.0000.1005\zh-sg\msnappau.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN Apps\Updater\Download\AU4003609\MsnSearchToolbarSetup_en-sg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN\MSNCoreFiles\copymar.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN\MSNCoreFiles\dw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MSN\MSNCoreFiles\update.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMFWLaunch.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJBBurn.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJBLaunch.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJBPortables.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJBPortablesLaunch.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Setup\mmsetup_8.00.0105_ENU_Presario_ER_Silent.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmdiag.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjbrun.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ti.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\unmatch.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Update\DLM\MMUpdateMgr.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Update\DLM\MMUpdateMgrSetup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Setup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMUpdateMgr.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Matroska Pack\MatroskaDiag\MatroskaDiag.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Matroska Pack\haali\uninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Matroska Pack\uninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2004\DW15.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2004\encarta.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Office\Office\EXCEL.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Office\Office\WINWORD.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\WksProj.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\WksWP.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\msworks.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wkfud.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wkgdcach.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wklnckml.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wkpdfsnf.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wkplmstp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wksab.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wksdb.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wkssb.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wksss.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Microsoft Works\wkwcestp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\BOOTWARN.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\CCIMSCAN.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\NAVAPW32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\NAVSTUB.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\NAVWNT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\OPSCAN.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\QCONSOLE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Norton AntiVirus\Quarantine\7A9B242F.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\DeviceReferenceServer.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCBEEP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDr1394.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDr2D3DVideo.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrAvi.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCMOS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCPU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCardReader.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCdRw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdMinusRw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdRamDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdRw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrFloppy.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrKeyboard.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMemory.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMicrophone.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrModem.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMonitor.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMouse.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrNetwork.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrPCCard.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrPCI.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrParallelPort.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrPrinter.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSCSI.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSerialPort.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSmart.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSound.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrUSB.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrWav.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrCdDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrHardDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrLSDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrZipDrive.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Diagnostics\PcdrSystemBoard.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\Native Help\PCDrBrowser.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\java.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\javaw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\jpicpl32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\keytool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\kinit.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\klist.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\ktab.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\orbd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\policytool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\rmid.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\rmiregistry.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\servertool.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\bin\tnameserv.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Java\jre\javaws-1_2_0_02-windows-i586-i.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Services\EventsPublisherServer.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Services\PCDrCMD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Services\PCDrCmdLn.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Services\PCDrEngine.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Services\PCDrFactory.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\Services\RegRGS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PC-Doctor for Windows\YOURAPP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\PopCap Games\Insaniquarium Deluxe\PopUninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Presario PC Help\Presario\XPHWWRP4\plugin\bin\ContentUpdater.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Presario PC Help\Presario\XPHWWRP4\plugin\bin\jsharpde\pchealthde.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Presario PC Help\UNWISE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\PictureViewer.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\QTInfo.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\QTSystem\QTPluginInstaller.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ReadIRIS\READIRIS.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ReadIRIS\Regri50.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ReadIRIS\hpouun07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\ReadIRIS\setbrows.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\RecordNow!\Launch.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\RecordNow!\LeaderReg.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\RecordNow!\Tutorial\ENU\TutorialENU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\RecordNow!\Tutorial\Movies\movies.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\SUPERAntiSpyware\BootSafe.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\SUPERAntiSpyware\SSUpdate.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Drivers\Signed\DPInst.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrsrv.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmobexsrv.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmobxsrv.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Image Editor\mmdownload.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\makesis.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\MMS Home Studio\mmscomposer.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Networking Wizard\mngui.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\caleditatl.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\catcheventatl.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\closedbgout.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\dbgout.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\enableirsocketutil.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epm_util.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\setdbgout.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\setregsecurity.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Notifier\Notifier.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\DXP Pim.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\DXP SyncML.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\SyncController.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\SyncEngineApp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\SyncMLDesktopServer.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\SyncStarter.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Sync Station\regsvr32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Sony Ericsson\Mobile2\Telecalib\Log Settings\LogSettings.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\SopCast\StreamServer\StreamServer.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\SopCast\uninst.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\SopCast\update\SopChecker.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\SopCast\update\UNZIP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\LUInit.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\T-TIME\WD2\WHITEDIAMOND2.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\T-TIME\WD2\uninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WC3Banlist\WC3Banlist.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WC3Banlist\unins000.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WIZET\MapleStory\Patcher.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WIZET\MapleStory\Setup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Warcraft III\BNUpdate.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\hpwelcome\gamelinks.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WildTangent\Apps\GameChannel\Notifications\hpwelcome\rungame.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WildTangent\LFS\Temp\GC15_5f1ce890-6d3e-4056-85ee-350f66e2c81d.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinPcap\NetMonInstaller.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinPcap\Uninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinPcap\daemon_mgm.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinPcap\npf_mgm.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinPcap\rpcapd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinZip\WZMSG.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinZip\WZQKPICK.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\WinZip\WZSEPE32.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Windows Messaging\EXCHNG32.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Windows Messaging\NEWPROF.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\Windows Messaging\SCANPST.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\XviD\AviC.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\XviD\MiniCalc.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\XviD\OGMCalc.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\XviD\StatsReader.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\XviD\unins000.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Program Files\XviD\vidccleaner.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Project1.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\Lib\site-packages\Pythonwin\Pythonwin.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\Lib\site-packages\UnWisePW32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\Lib\site-packages\win32\PythonService.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\Lib\site-packages\win32\win32popenWin9x.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\UNWISE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\python.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\pythonw.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Python22\w9xpopen.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\SOPHTEMP\SophosBootTasksR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\SOPHTEMP\helper.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\SOPHTEMP\sarcli.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\SOPHTEMP\sargui.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220882.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220897.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220898.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220902.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220903.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220904.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220905.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220906.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220907.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220908.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220910.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220911.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220914.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220915.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220931.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220932.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220933.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220959.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220960.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0220961.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP163\A0221050.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Temp\W2k\hpoeng07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Temp\W2k\hpoopm07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\Temp\W2k\hpopre07.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\231.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\290.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\720.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\Logo1_.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising109.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising123.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising161.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising188.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising204.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising212.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising22.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising231.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising278.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising290.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising309.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising326.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising393.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising394.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising403.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising417.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising42.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising429.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising430.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising433.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising456.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising485.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising492.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising501.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising520.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising548.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising555.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising559.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising573.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising582.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising590.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising60.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising627.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising655.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising666.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising672.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising675.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising682.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising693.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising715.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising720.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising778.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising786.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising803.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising830.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising84.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising89.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising909.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising917.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising939.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising943.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising949.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising960.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising964.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\rising974.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\WINDOWS\uninstall\rundl132.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\emptyprocess.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\IAccess\IAccess.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\KBD\CreateVF.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\KBD\KBUPDATE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\KBD\STATIC\Common\hpkey.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\VINETLINK\autorun.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\AUTOMOD.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\AddDevicePath.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\COMMANDS.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\COPYDISK.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\CleanRec.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\DISTILL.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\DM.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\FindWindow.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Finis.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\FondleWindow.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\FullScreen.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\HPBI.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\HPLocale.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\HPPICT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\HtmlMsg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\IniMerge.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\IsRunning.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\KillIt.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\KillWind.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Locale.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\MSGBOX.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\MsgAction.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\OSType.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\PartLog.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\ProcessLogger.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Progress.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\PwrMgt.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Python-2.2.1.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\RECURSE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\RPCOPY.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\RefCount.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\SETLEVEL.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\SendKey.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\SetIni.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\SetRes.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Sleep.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Spawn.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\Terminator.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\TransientMessage.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\UIni.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\USBPwrMGMT.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\automod32.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\autorun.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\boxit.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\cloaker.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\hpdmi.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\replace.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\strcmpi.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\bin\win32all-146.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\WebCam\Elch\HVideoS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\WebCam\Elch\LVComS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\WebCam\MSGR\HVideoS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\WebCam\MSGR\LVComS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\WebCam\XPRS\HVideoS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\WebCam\XPRS\LVComS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\audio_realtek\Alcxmntr.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\keyboard\PS2.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\printers\deskjet\install.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\printers\deskjet\setup.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\video_Intel\hkcmd.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\video_Intel\igfxcfg.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\video_Intel\igfxdiag.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\video_Intel\igfxext.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\drivers\video_Intel\igfxtray.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\features\bin\hpqinfo.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1CDC\files\CD Creator.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1MON\APP04827.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ARA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-CHS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-CHT.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-DAN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-DEU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ENU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ESN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-FIN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-FRA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ITA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-JPN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-KOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-NLD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-NOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-PLK.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-PTB.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-PTG.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-RUS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-SVE.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-TRK.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\Arabic\Q331958_WXP_SP2_x86_ARA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\Dan\Q331958_WXP_SP2_x86_DAN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\En\Q331958_WXP_SP2_x86_ENU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\Ger\Q331958_WXP_SP2_x86_DEU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\Jpn\Q331958_WXP_SP2_x86_JPN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\SC\Q331958_WXP_SP2_x86_CHS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\Sp\Q331958_WXP_SP2_x86_ESN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\TC\Q331958_WXP_SP2_x86_CHT.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\Turk\Q331958_WXP_SP2_x86_TRK.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\fin\Q331958_WXP_SP2_x86_FIN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\fr\Q331958_WXP_SP2_x86_FRA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\it\Q331958_WXP_SP2_x86_ITA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\kor\Q331958_WXP_SP2_x86_KOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\nl\Q331958_WXP_SP2_x86_NLD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\nor\Q331958_WXP_SP2_x86_NOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\por\Q331958_WXP_SP2_x86_PTG.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2128\128GB\sw\Q331958_WXP_SP2_x86_SVE.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2BOO\APCmpOff.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2BOO\FullScreen.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\patches\41WW2NDR\files\findstr.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\SWR_Wizard.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\AppRecoveryLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\CDLogic.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\CreatorLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\RTCDLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\RestoreLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\RunLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\SysRecoveryLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\WizardLink.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\recovery\wizard\uninstall.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\region\wallpaper\wp.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\register\REGINIT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\hp\support\HPSysInfo.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\tempo4w.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\tmp037z.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP01869\App01869.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP06334\App06334.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP14771\App14771.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP17035\App17035.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP18467\App18467.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP23811\App23811.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP26500\App26500.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\APPS\APP31322\App31322.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\AUTOCHK.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\AUTOFMT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP00153\App00153.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP00292\App00292.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP04827\App04827.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP05436\App05436.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP09961\App09961.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP16827\App16827.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP19718\App19718.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRV\APP19895\App19895.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\DRW\DWWIN.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\EXPAND.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\NETSETUP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\NTSD.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\REGEDIT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\SYSPARSE.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\TELNET.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\USETUP.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\WINNT.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\I386\WINNT32.EXE -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\Info.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\cmdcons\autochk.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\cmdcons\autofmt.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1CDC\files\CD Creator.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1MON\APP04827.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ARA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-CHS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-CHT.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-DAN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-DEU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ENU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ESN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-FIN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-FRA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-ITA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-JPN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-KOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-NLD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-NOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-PLK.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-PTB.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-PTG.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-RUS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-SVE.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW1WSS\src\WindowsXP-KB828035-x86-TRK.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\Arabic\Q331958_WXP_SP2_x86_ARA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\Dan\Q331958_WXP_SP2_x86_DAN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\En\Q331958_WXP_SP2_x86_ENU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\Ger\Q331958_WXP_SP2_x86_DEU.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\Jpn\Q331958_WXP_SP2_x86_JPN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\SC\Q331958_WXP_SP2_x86_CHS.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\Sp\Q331958_WXP_SP2_x86_ESN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\TC\Q331958_WXP_SP2_x86_CHT.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\Turk\Q331958_WXP_SP2_x86_TRK.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\fin\Q331958_WXP_SP2_x86_FIN.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\fr\Q331958_WXP_SP2_x86_FRA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\it\Q331958_WXP_SP2_x86_ITA.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\kor\Q331958_WXP_SP2_x86_KOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\nl\Q331958_WXP_SP2_x86_NLD.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\nor\Q331958_WXP_SP2_x86_NOR.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\por\Q331958_WXP_SP2_x86_PTG.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2128\128GB\sw\Q331958_WXP_SP2_x86_SVE.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2BOO\APCmpOff.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2BOO\FullScreen.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
D:\hp\patches\41WW2NDR\files\findstr.exe -> Worm.Viking.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP162\A0220912.dll -> Worm.Viking.jo : Cleaned with backup (quarantined).
C:\WINDOWS\RichDll.dll -> Worm.Viking.jo : Cleaned with backup (quarantined).


::Report end


Here the logfile of blacklight:
05/05/05 12:12:58 [Info]: BlackLight Engine 1.0.61 initialized
05/05/05 12:12:58 [Info]: OS: 5.1 build 2600 (Service Pack 1)
05/05/05 12:12:58 [Note]: 7019 4
05/05/05 12:12:58 [Note]: 7005 0
05/05/05 12:13:03 [Note]: 7006 0
05/05/05 12:13:03 [Note]: 7011 1260
05/05/05 12:13:03 [Note]: 7026 0
05/05/05 12:13:03 [Note]: 7026 0
05/05/05 12:13:17 [Note]: FSRAW library version 1.7.1021
05/05/05 12:16:37 [Note]: 2000 1012
05/05/05 12:16:37 [Note]: 2000 1012
05/05/05 12:16:37 [Note]: 2000 1012
05/05/05 12:16:37 [Note]: 2000 1012
05/05/05 12:17:13 [Note]: 7007 0

#7 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 05 May 2007 - 04:26 AM

Hello :)

Please Download Dr.Web CureIt and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Run a scan with Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found Posted Image
  • If so, click it and then click the next icon right below and select Move incurable
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot the computer in Normal Mode,
  • Post the Cure-it report and a fresh HijackThis log


#8 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 05 May 2007 - 04:55 AM

sorie double post

Edited by chankfj, 05 May 2007 - 04:56 AM.


#9 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 05 May 2007 - 04:56 AM

errrm when i try to open the dr web cureit.exe it says " license key file working period is not active yet" then i canot run the drwebcureit.exe at all so what should and i do and is my computer with a lot of viruses?

#10 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 06 May 2007 - 08:01 AM

Hi :)

We must replace Dr.Web CureIt with Panda online scanner.

Panda online scanner works only with IE!

  • Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.



Post:
- A fresh HijackThis log
- The report of the Panda

    Advertisements

Register to Remove


#11 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 06 May 2007 - 08:15 AM

:scratch: the pandaactivescan canot be used nothing happens when i click the icon of My Computer , it saes error on page.
i realli need to get this problem solved as i really need to use my com to do my project and hand up on time.
Hope you can help me solve the problem thanks in advance.

this is the fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 10:29:32 PM, on 5/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\naruto\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by chankfj, 06 May 2007 - 08:38 AM.


#12 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 06 May 2007 - 11:47 AM

Hello :)


Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.


Post:
- A fresh HijackThis log
- Logfile of WinPFind3

#13 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 07 May 2007 - 05:26 AM

heres the Logfile of WinPFind3:
WinPFind3 logfile created on: 5/7/2005 5:55:09 PM
WinPFind3U by OldTimer - Version 1.0.35 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

247.48 Mb Total Physical Memory | 116.72 Mb Available Physical Memory | 47.16% Memory free
606.74 Mb Paging File | 395.57 Mb Available in Paging File | 65.20% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 33.73 Gb Free Space | 47.27% Space Free
Drive D: | 4.95 Gb Total Space | 0.69 Gb Free Space | 13.96% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
backweb-1940576.exe -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/16/2003 9:46:10 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 71328 bytes | Modified Date = 3/9/2006 11:47:52 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 255648 bytes | Modified Date = 3/9/2006 11:47:58 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 235168 bytes | Modified Date = 3/9/2006 11:48:22 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 2:07:38 PM | Attr = ]
hphmon05.exe -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/23/2003 9:55:38 AM | Attr = ]
hpqcmon.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 10/7/2002 2:23:20 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 11:04:38 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/12/2003 3:02:48 AM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 7/23/2003 11:37:56 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 10.00.2 | Size = 158848 bytes | Modified Date = 4/23/2004 11:04:16 AM | Attr = ]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 11/21/1996 | Attr = ]
pchbutton.exe -> %ProgramFiles%\Presario PC Help\Presario\XPHWWRP4\plugin\bin\pchbutton.exe -> Motive Communications, Inc. [Ver = 4.12.0.pchealthclient.pchclient.20030625_085000 | Size = 159744 bytes | Modified Date = 10/16/2003 9:49:42 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 12/30/2006 12:37:10 AM | Attr = ]
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 7/17/2002 2:03:00 AM | Attr = ]
savscan.exe -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = | Size = 194272 bytes | Modified Date = 1/25/2005 9:48:50 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.35.0 | Size = 319488 bytes | Modified Date = 5/6/2007 9:38:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 255648 bytes | Modified Date = 3/9/2006 11:47:58 AM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 87712 bytes | Modified Date = 3/9/2006 11:48:08 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 235168 bytes | Modified Date = 3/9/2006 11:48:22 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/16/2003 4:54:04 PM | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 7/17/2002 2:03:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 10.00.2 | Size = 158848 bytes | Modified Date = 4/23/2004 11:04:16 AM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> File not found
(SAVScan) SAVScan [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = | Size = 194272 bytes | Modified Date = 1/25/2005 9:48:50 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CamMonitor -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 10/7/2002 2:23:20 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 71328 bytes | Modified Date = 3/9/2006 11:47:52 AM | Attr = ]
CloneCDTray -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe -> File not found
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 2:07:38 PM | Attr = ]
HPAIO_PrintFolderMgr -> %System32%\spool\DRIVERS\W32X86\hpoopm07.exe -> File not found
HPHmon05 -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/23/2003 9:55:38 AM | Attr = ]
HPHUPD05 -> %ProgramFiles%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe -> File not found
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 11:04:38 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/12/2003 3:02:48 AM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 7/23/2003 11:37:56 PM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/17/2003 12:24:08 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 8/1/2002 3:28:38 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> [Ver = | Size = 159232 bytes | Modified Date = 9/3/2006 9:40:32 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 4:42:26 AM | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 10/26/2005 5:17:24 PM | Attr = ]
SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 11/2/2004 4:59:52 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> [Ver = | Size = 100568 bytes | Modified Date = 7/11/2006 10:09:54 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 12/30/2006 12:37:10 AM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 3:01:00 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Acme.PCHButton -> %ProgramFiles%\Presario PC Help\Presario\XPHWWRP4\plugin\bin\pchbutton.exe -> Motive Communications, Inc. [Ver = 4.12.0.pchealthclient.pchclient.20030625_085000 | Size = 159744 bytes | Modified Date = 10/16/2003 9:49:42 PM | Attr = ]
MsnMsgr -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> [Ver = | Size = 5675888 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> [Ver = | Size = 1958400 bytes | Modified Date = 5/19/2005 7:38:08 PM | Attr = ]
RecordNow! -> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/16/2003 9:46:10 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [Ver = | Size = 233984 bytes | Modified Date = 7/7/2003 3:20:40 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup
%UserStartup%\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 111376 bytes | Modified Date = 11/21/1996 | Attr = ]
%UserStartup%\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 11/21/1996 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 PM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1006 | Size = 77824 bytes | Modified Date = 9/28/2006 12:22:36 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
xlibgfl254.dll -> xlibgfl254.dll -> File not found
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 10/19/2006 10:12:20 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 2:06:48 PM | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://qsg10.hpwis.com/ ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://qsg10.hpwis.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://qsg10.hpwis.com/ ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
jump_ggyy8.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 5/15/2003 2:47:54 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 10.00.13 | Size = 103368 bytes | Modified Date = 12/4/2003 6:22:30 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.13 | Size = 103368 bytes | Modified Date = 12/4/2003 6:22:30 PM | Attr = ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/16/2003 4:56:30 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 10.00.13 | Size = 103368 bytes | Modified Date = 12/4/2003 6:22:30 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{916353DA-1AB1-4607-885A-5EA869DD0F54} -> (Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5)) ->
{D374001C-691F-4569-8E4D-590BCBE41938} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{D39392E4-EC7E-4C73-9939-88589F668FC4} -> (1394 Net Adapter) ->
{E628D40D-875C-4015-858C-0870A7918F16} -> (Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5)) ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/16/2003 4:56:30 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop...p/PCPitStop.CAB ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zon...er.cab31267.cab ->
{87056D28-9730-4A47-B9F9-7E890B62C58A} -> WildfireActiveXHost Class - CodeBase = http://www.gamehouse...bugs/axhost.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 196 bytes | Created Date = 7/11/2006 9:48:19 PM | Attr = RHS]
CEHook.dll -> %SystemDrive%\CEHook.dll -> [Ver = | Size = 515584 bytes | Created Date = 4/29/2007 3:05:18 PM | Attr = ]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 7/11/2006 9:48:07 PM | Attr = RHS]
driver.dat -> %SystemDrive%\driver.dat -> [Ver = | Size = 23 bytes | Created Date = 4/29/2007 3:05:26 PM | Attr = ]
emptydll.dll -> %SystemDrive%\emptydll.dll -> [Ver = | Size = 13824 bytes | Created Date = 4/29/2007 3:05:27 PM | Attr = ]
ffastun.ffa -> %SystemDrive%\ffastun.ffa -> [Ver = | Size = 4379 bytes | Created Date = 8/3/2006 10:33:21 PM | Attr = H ]
ffastun.ffl -> %SystemDrive%\ffastun.ffl -> [Ver = | Size = 344064 bytes | Created Date = 8/3/2006 10:32:23 PM | Attr = H ]
ffastun.ffo -> %SystemDrive%\ffastun.ffo -> [Ver = | Size = 65536 bytes | Created Date = 8/3/2006 10:33:21 PM | Attr = H ]
ffastun0.ffx -> %SystemDrive%\ffastun0.ffx -> [Ver = | Size = 475136 bytes | Created Date = 8/3/2006 10:33:21 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = HS]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Created Date = 12/30/2006 12:26:04 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 7/12/2006 12:11:51 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 7/11/2006 11:07:27 PM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 5/4/2005 7:35:03 PM | Attr = ]
SOPHTEMP -> %SystemDrive%\SOPHTEMP -> [Folder | Created Date = 10/21/2006 8:24:50 AM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 3/29/2007 8:28:35 AM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 3/29/2007 4:45:32 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/27/2007 8:51:52 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/27/2007 12:50:38 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/27/2007 7:30:39 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 3/29/2007 8:28:35 AM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 3/29/2007 4:45:32 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/27/2007 8:51:52 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/27/2007 12:50:38 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/27/2007 7:30:39 PM | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 5/12/1745 5:11:26 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 8/16/2006 5:18:41 PM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Created Date = 8/3/2006 7:46:15 PM | Attr = ]
_desktop.ini -> %SystemDrive%\_desktop.ini -> [Ver = | Size = 8 bytes | Created Date = 5/3/2007 7:28:03 PM | Attr = ]
оø´úË«½¾3Ã÷Ô¹ÂÐÇ -> %SystemDrive%\оø´úË«½¾3Ã÷Ô¹ÂÐÇ -> [Folder | Created Date = 1/7/2007 11:59:07 AM | Attr = ]
A4W.INI -> %SystemRoot%\A4W.INI -> [Ver = | Size = 35 bytes | Created Date = 9/18/2006 10:05:05 PM | Attr = ]
A4W_DATA -> %SystemRoot%\A4W_DATA -> [Folder | Created Date = 9/18/2006 10:05:05 PM | Attr = ]
Application Data -> %SystemRoot%\Application Data -> [Folder | Created Date = 2/24/2007 7:33:24 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 7/12/2006 12:11:30 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 5/3/2005 9:36:31 PM | Attr = ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Created Date = 5/25/2006 1:22:06 AM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 100 bytes | Created Date = 1/14/2007 10:58:36 PM | Attr = ]
d3dx.dat -> %SystemRoot%\d3dx.dat -> [Ver = | Size = 4096 bytes | Created Date = 4/23/2007 11:02:00 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 9/2/2006 7:52:13 PM | Attr = ]
EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [Ver = | Size = 9662 bytes | Created Date = 8/15/2006 2:31:11 PM | Attr = ]
EPSTPLOG.BAK -> %SystemRoot%\EPSTPLOG.BAK -> [Ver = | Size = 16427 bytes | Created Date = 11/26/2006 1:47:36 PM | Attr = ]
exchng.ini -> %SystemRoot%\exchng.ini -> [Ver = | Size = 22 bytes | Created Date = 8/3/2006 10:31:59 PM | Attr = ]
extend.dat -> %SystemRoot%\extend.dat -> [Ver = | Size = 7601 bytes | Created Date = 8/8/2006 6:40:49 PM | Attr = ]
FA124.INI -> %SystemRoot%\FA124.INI -> [Ver = | Size = 155 bytes | Created Date = 3/30/2007 11:14:25 PM | Attr = ]
forms -> %SystemRoot%\forms -> [Folder | Created Date = 8/3/2006 10:30:33 PM | Attr = ]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 10/16/2006 3:25:52 PM | Attr = HS]
IsUn0404.exe -> %SystemRoot%\IsUn0404.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 327168 bytes | Created Date = 8/16/2006 5:18:03 PM | Attr = ]
kulionj.dll -> %SystemRoot%\kulionj.dll -> [Ver = | Size = 26112 bytes | Created Date = 5/3/2007 7:35:05 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 9/7/2006 4:20:03 PM | Attr = ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp -> [Folder | Created Date = 9/3/2006 1:16:38 AM | Attr = ]
Microsoft Outlook.FAV -> %SystemRoot%\Microsoft Outlook.FAV -> [Ver = | Size = 23464 bytes | Created Date = 10/27/2006 12:24:51 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 12/24/2006 4:08:34 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Created Date = 7/12/2006 11:04:32 PM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 7/12/2006 12:11:18 PM | Attr = R ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Created Date = 10/20/2006 5:20:35 PM | Attr = ]
outlook.pst -> %SystemRoot%\outlook.pst -> [Ver = | Size = 114688 bytes | Created Date = 8/8/2006 6:40:48 PM | Attr = ]
Owner.acl -> %SystemRoot%\Owner.acl -> [Ver = | Size = 35342 bytes | Created Date = 8/4/2006 9:42:13 AM | Attr = ]
Owner.pcb -> %SystemRoot%\Owner.pcb -> [Ver = | Size = 7680 bytes | Created Date = 11/17/2006 9:14:09 PM | Attr = ]
PCDLIB32.DLL -> %SystemRoot%\PCDLIB32.DLL -> Eastman Kodak [Ver = 3, 0, 0, 0 | Size = 212480 bytes | Created Date = 7/11/2006 9:30:36 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 9/16/2006 9:11:12 AM | Attr = H ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 19 bytes | Created Date = 4/22/2007 11:20:58 AM | Attr = ]
popcinfot.dat -> %SystemRoot%\popcinfot.dat -> [Ver = | Size = 23 bytes | Created Date = 4/22/2007 10:19:12 AM | Attr = ]
popcreg.dat -> %SystemRoot%\popcreg.dat -> [Ver = | Size = 0 bytes | Created Date = 4/22/2007 10:19:12 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 7/11/2006 9:26:48 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/25/2007 11:24:26 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/25/2007 11:24:26 AM | Attr = H ]
ScFBPPM2.DLL -> %SystemRoot%\ScFBPPM2.DLL -> Canon Inc. [Ver = 1.00 | Size = 63488 bytes | Created Date = 9/18/2006 10:04:27 PM | Attr = ]
SendTo -> %SystemRoot%\SendTo -> [Folder | Created Date = 8/3/2006 10:32:14 PM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 7/11/2006 9:48:05 PM | Attr = ]
setupupd -> %SystemRoot%\setupupd -> [Folder | Created Date = 7/11/2006 9:47:39 PM | Attr = ]
SICALIB2.DAT -> %SystemRoot%\SICALIB2.DAT -> [Ver = | Size = 40866 bytes | Created Date = 9/18/2006 10:12:24 PM | Attr = ]
Sifbp2.dll -> %SystemRoot%\Sifbp2.dll -> Canon Inc. [Ver = 1.00 | Size = 133120 bytes | Created Date = 9/18/2006 10:04:27 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 7/14/2006 5:29:50 PM | Attr = ]
twinnt30.ini -> %SystemRoot%\twinnt30.ini -> [Ver = | Size = 43 bytes | Created Date = 3/30/2007 8:37:54 PM | Attr = ]
uninst.exe -> %SystemRoot%\uninst.exe -> Stirling Technologies, Inc. [Ver = 2.20.911.0 | Size = 283648 bytes | Created Date = 8/3/2006 7:50:54 PM | Attr = ]
uninstall -> %SystemRoot%\uninstall -> [Folder | Created Date = 5/3/2007 7:27:32 PM | Attr = ]
War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 65419 bytes | Created Date = 7/11/2006 10:18:42 PM | Attr = ]
War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Created Date = 7/11/2006 10:18:40 PM | Attr = ]
War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Created Date = 7/11/2006 10:18:40 PM | Attr = ]
wt -> %SystemRoot%\wt -> [Folder | Created Date = 2/24/2007 6:58:59 PM | Attr = ]
Norton AntiVirus - Scan my computer.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer.job -> [Ver = | Size = 530 bytes | Created Date = 7/11/2006 9:49:20 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 10/20/2006 7:40:59 PM | Attr = ]
asinst.cfg -> %System32%\asinst.cfg -> [Ver = | Size = 128 bytes | Created Date = 4/3/2006 10:59:16 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 5/6/2005 9:58:25 PM | Attr = ]
CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Created Date = 8/14/2006 2:37:50 PM | Attr = ]
CNBJHLP.CNT -> %System32%\CNBJHLP.CNT -> [Ver = | Size = 787 bytes | Created Date = 12/24/2006 8:04:30 PM | Attr = ]
CNBJHLP.HLP -> %System32%\CNBJHLP.HLP -> [Ver = | Size = 25645 bytes | Created Date = 12/24/2006 8:04:30 PM | Attr = ]
COLOR -> %System32%\COLOR -> [Folder | Created Date = 9/18/2006 10:04:24 PM | Attr = ]
cpuinf32.dll -> %System32%\cpuinf32.dll -> Intel Corporation [Ver = 1.0.0.4 | Size = 49152 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
Csp2osu.dll -> %System32%\Csp2osu.dll -> Canon [Ver = 3.7.0 | Size = 96256 bytes | Created Date = 9/18/2006 10:04:27 PM | Attr = ]
Csp2utl.dll -> %System32%\Csp2utl.dll -> Canon [Ver = 3.7.0 | Size = 16896 bytes | Created Date = 9/18/2006 10:04:27 PM | Attr = ]
Dec.exe -> %System32%\Dec.exe -> [Ver = | Size = 78848 bytes | Created Date = 1/7/2007 11:58:59 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Created Date = 7/12/2006 12:09:29 PM | Attr = RHS]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 9/2/2006 7:56:22 PM | Attr = ]
EBAPI2.dll -> %System32%\EBAPI2.dll -> SEIKO EPSON CORPORATION [Ver = 1, 4, 0, 0 | Size = 139264 bytes | Created Date = 8/3/2006 7:50:34 PM | Attr = ]
EBPCHP.DLL -> %System32%\EBPCHP.DLL -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 34304 bytes | Created Date = 8/3/2006 7:49:06 PM | Attr = ]
EBPMON2.DLL -> %System32%\EBPMON2.DLL -> SEIKO EPSON CORPORATION [Ver = 2, 34, 0, 0 | Size = 73676 bytes | Created Date = 8/3/2006 7:49:06 PM | Attr = ]
EBPPORT.DAT -> %System32%\EBPPORT.DAT -> [Ver = | Size = 182 bytes | Created Date = 8/3/2006 7:49:07 PM | Attr = ]
ECBTEG.DLL -> %System32%\ECBTEG.DLL -> SEIKO EPSON CORPORATION [Ver = 2, 0, 0, 25 | Size = 61440 bytes | Created Date = 8/3/2006 7:49:07 PM | Attr = ]
Epcmlib.dll -> %System32%\Epcmlib.dll -> SEIKO EPSON CORPORATION [Ver = 1.1.0.7 | Size = 131072 bytes | Created Date = 8/3/2006 7:51:23 PM | Attr = ]
FLASH.OCX -> %System32%\FLASH.OCX -> Macromedia, Inc. [Ver = 6,0,79,0 | Size = 827392 bytes | Created Date = 10/16/2006 3:25:53 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 10/20/2006 7:41:05 PM | Attr = ]
hpo5300a.aio -> %System32%\hpo5300a.aio -> [Ver = | Size = 18411 bytes | Created Date = 8/16/2006 5:14:42 PM | Attr = ]
hpo5400a.aio -> %System32%\hpo5400a.aio -> [Ver = | Size = 18411 bytes | Created Date = 8/16/2006 5:14:42 PM | Attr = ]
hpo5500a.aio -> %System32%\hpo5500a.aio -> [Ver = | Size = 18411 bytes | Created Date = 8/16/2006 5:14:42 PM | Attr = ]
hpofax07.dll -> %System32%\hpofax07.dll -> HP [Ver = 1, 5, 0, 0 | Size = 161792 bytes | Created Date = 8/16/2006 5:18:57 PM | Attr = ]
hpoidr07.dll -> %System32%\hpoidr07.dll -> HP [Ver = 4, 5, 0, 617 | Size = 73728 bytes | Created Date = 8/16/2006 5:18:41 PM | Attr = ]
hpoimn07.dll -> %System32%\hpoimn07.dll -> HP [Ver = 4, 5, 0, 412 | Size = 40960 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoinw07.exe -> %System32%\hpoinw07.exe -> HP [Ver = 4, 5, 0, 140 | Size = 61440 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoipm07.exe -> %System32%\hpoipm07.exe -> HP [Ver = 4, 5, 0, 767 | Size = 57344 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoipr07.dll -> %System32%\hpoipr07.dll -> HP [Ver = 4, 5, 0, 512 | Size = 53248 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoipt07.dll -> %System32%\hpoipt07.dll -> HP [Ver = 4, 4, 1, 0 | Size = 94208 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoisn07.dll -> %System32%\hpoisn07.dll -> HP [Ver = 4, 4, 1, 0 | Size = 57344 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpomem07.dll -> %System32%\hpomem07.dll -> Hewlett-Packard Co. [Ver = 01.00.04 | Size = 28672 bytes | Created Date = 8/16/2006 5:18:49 PM | Attr = ]
HPOtap07.dll -> %System32%\HPOtap07.dll -> Hewlett-Packard Co. [Ver = 01.00.00 | Size = 40960 bytes | Created Date = 8/16/2006 5:18:46 PM | Attr = ]
hpousd07.dll -> %System32%\hpousd07.dll -> Hewlett-Packard Co. [Ver = 3.00 | Size = 53248 bytes | Created Date = 8/16/2006 5:18:49 PM | Attr = ]
ImagX7.dll -> %System32%\ImagX7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 1568768 bytes | Created Date = 7/12/2006 10:56:56 PM | Attr = ]
ImagXpr7.dll -> %System32%\ImagXpr7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 476320 bytes | Created Date = 7/12/2006 10:56:56 PM | Attr = ]
ImagXR7.dll -> %System32%\ImagXR7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 262144 bytes | Created Date = 7/12/2006 10:56:56 PM | Attr = ]
ImagXRA7.dll -> %System32%\ImagXRA7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 471040 bytes | Created Date = 7/12/2006 10:56:56 PM | Attr = ]
INETWH32.DLL -> %System32%\INETWH32.DLL -> Blue Sky Software Corporation. [Ver = 7.00.131 | Size = 54784 bytes | Created Date = 8/16/2006 5:18:46 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 3/13/2007 6:39:39 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 3/13/2007 6:39:39 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 3/13/2007 6:39:39 PM | Attr = ]
jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Created Date = 10/20/2006 7:35:24 PM | Attr = ]
lmpgad.ax -> %System32%\lmpgad.ax -> Ligos Corporation [Ver = 4.0.0.110 | Size = 47104 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
lmpgspl.ax -> %System32%\lmpgspl.ax -> Ligos Corporation [Ver = 4.0.0.110 | Size = 106496 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
lmpgvd.ax -> %System32%\lmpgvd.ax -> Ligos Corporation [Ver = 4.0.0.110 | Size = 94208 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplaa6.dll -> %System32%\mplaa6.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 81920 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplam6.dll -> %System32%\mplam6.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 69632 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplapx.dll -> %System32%\mplapx.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 69632 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplaw7.dll -> %System32%\mplaw7.dll -> Ligos Corporation [Ver = 1.5.0.5 | Size = 81920 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplva6.dll -> %System32%\mplva6.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1675264 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplvm6.dll -> %System32%\mplvm6.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1581056 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplvpx.dll -> %System32%\mplvpx.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1150976 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mplvw7.dll -> %System32%\mplvw7.dll -> Ligos Corporation [Ver = 2.0.0.1 | Size = 1630208 bytes | Created Date = 7/11/2006 9:31:21 PM | Attr = ]
mppds.dll -> %System32%\mppds.dll -> [Ver = | Size = 12800 bytes | Created Date = 5/3/2007 7:29:26 PM | Attr = ]
MSDEG32.DLL -> %System32%\MSDEG32.DLL -> [Ver = | Size = 4848 bytes | Created Date = 5/3/2007 7:28:24 PM | Attr = ]
MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Created Date = 8/4/2006 9:42:16 AM | Attr = ]
NeroCheck.exe -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 7/12/2006 10:56:55 PM | Attr = ]
nppt9x.vxd -> %System32%\nppt9x.vxd -> [Ver = | Size = 5174 bytes | Created Date = 7/16/2006 7:56:30 AM | Attr = ]
npptNT2.sys -> %System32%\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Created Date = 7/16/2006 7:56:31 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 10/20/2006 7:41:04 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 12/30/2006 12:37:11 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 12/30/2006 12:37:12 AM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 12/30/2006 12:37:12 AM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Computer, Inc. [Ver = 7.0.2 | Size = 49152 bytes | Created Date = 9/1/2005 5:05:36 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Computer, Inc. [Ver = 7.0.2 | Size = 65536 bytes | Created Date = 9/1/2005 5:05:40 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 12/30/2006 12:37:31 AM | Attr = ]
roboex32.dll -> %System32%\roboex32.dll -> Blue Sky Software Corporation. [Ver = 8.00.141 | Size = 1048576 bytes | Created Date = 8/16/2006 5:18:46 PM | Attr = ]
sirenacm.dll -> %System32%\sirenacm.dll -> Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Created Date = 1/19/2007 12:53:04 PM | Attr = ]
system.mdw -> %System32%\system.mdw -> [Ver = | Size = 69632 bytes | Created Date = 8/3/2006 10:31:54 PM | Attr = ]
TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 7/12/2006 10:56:57 PM | Attr = ]
uchgmpmz.dll -> %System32%\uchgmpmz.dll -> [Ver = | Size = 0 bytes | Created Date = 10/19/2006 2:12:37 PM | Attr = ]
Ucs32p.dll -> %System32%\Ucs32p.dll -> Canon [Ver = 1.7.0 | Size = 271872 bytes | Created Date = 9/18/2006 10:04:27 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 10/20/2006 7:41:06 PM | Attr = ]
VSFlex8L.inf -> %System32%\VSFlex8L.inf -> [Ver = | Size = 197 bytes | Created Date = 3/30/2007 10:57:02 PM | Attr = ]
VSFlex8L.ocx -> %System32%\VSFlex8L.ocx -> ComponentOne [Ver = 8, 0, 20031, 183 | Size = 503808 bytes | Created Date = 3/30/2007 10:57:02 PM | Attr = ]
xposer.cfg -> %System32%\xposer.cfg -> [Ver = | Size = 128 bytes | Created Date = 4/3/2006 10:59:54 AM | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 7/17/2006 12:37:06 PM | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 761856 bytes | Created Date = 7/17/2006 12:37:06 PM | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 7/17/2006 12:37:04 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 5/6/2005 9:58:25 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/5/2005 9:58:00 AM | Attr = ]
CESG502.sys -> %System32%\drivers\CESG502.sys -> Hitachi Semiconductor and Devices Sales Co.,Ltd. [Ver = 1, 0, 0, 0 | Size = 40672 bytes | Created Date = 3/30/2007 10:57:02 PM | Attr = ]
hpoid407.sys -> %System32%\drivers\hpoid407.sys -> HP [Ver = 4, 5, 0, 618 | Size = 50448 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoipr07.sys -> %System32%\drivers\hpoipr07.sys -> HP [Ver = 4, 5, 0, 446 | Size = 15984 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
hpoius07.sys -> %System32%\drivers\hpoius07.sys -> HP [Ver = 4, 5, 0, 308 | Size = 17904 bytes | Created Date = 8/16/2006 5:18:42 PM | Attr = ]
HP_DT124A-AB4 S6150AP SE410_YC_Pres_QTWL405_E41SEhwRET1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.05_T031125_WXH1_L409_M248_J82_7Intel_8Pentium 4_92.6_111063044_N10EC8139_P_Z14F12F00_K.MRK -> %System32%\drivers\HP_DT124A-AB4 S6150AP SE410_YC_Pres_QTWL405_E41SEhwRET1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.05_T031125_WXH1_L409_M248_J82_7Intel_8Pentium 4_92.6_111063044_N10EC8139_P_Z14F12F00_K.MRK -> [Ver = | Size = 3690 bytes | Created Date = 7/11/2006 9:35:50 PM | Attr = RHS]
imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 5504 bytes | Created Date = 7/12/2006 10:57:20 PM | Attr = ]
imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 125184 bytes | Created Date = 7/12/2006 10:57:20 PM | Attr = ]
pfc.sys -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Created Date = 7/11/2006 9:31:26 PM | Attr = ]
ScFBPNT2.sys -> %System32%\drivers\ScFBPNT2.sys -> [Ver = | Size = 15488 bytes | Created Date = 9/18/2006 10:04:27 PM | Attr = ]
SE2Ebus.sys -> %System32%\drivers\SE2Ebus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Created Date = 9/7/2006 4:20:04 PM | Attr = R ]
SE2Ecm.sys -> %System32%\drivers\SE2Ecm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 9/7/2006 4:23:08 PM | Attr = R ]
SE2Ecmnt.sys -> %System32%\drivers\SE2Ecmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 9/7/2006 4:23:08 PM | Attr = R ]
se2Ecr.sys -> %System32%\drivers\se2Ecr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 9/7/2006 4:23:31 PM | Attr = R ]
SE2Emdfl.sys -> %System32%\drivers\SE2Emdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 9/7/2006 4:22:18 PM | Attr = R ]
SE2Emdm.sys -> %System32%\drivers\SE2Emdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Created Date = 9/7/2006 4:22:18 PM | Attr = R ]
SE2Emgmt.sys -> %System32%\drivers\SE2Emgmt.sys -> MCCI [Ver = V4.34 | Size = 88688 bytes | Created Date = 9/7/2006 4:23:08 PM | Attr = R ]
se2End5.sys -> %System32%\drivers\se2End5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 9/7/2006 4:23:50 PM | Attr = R ]
SE2Eobex.sys -> %System32%\drivers\SE2Eobex.sys -> MCCI [Ver = V4.34 | Size = 86560 bytes | Created Date = 9/7/2006 4:22:42 PM | Attr = R ]
se2Eunic.sys -> %System32%\drivers\se2Eunic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 9/7/2006 4:23:31 PM | Attr = R ]
se2Ewh.sys -> %System32%\drivers\se2Ewh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 9/7/2006 4:23:31 PM | Attr = R ]
SE2Ewhnt.sys -> %System32%\drivers\SE2Ewhnt.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 9/7/2006 4:20:05 PM | Attr = R ]
sptd.sys -> %System32%\drivers\sptd.sys -> Duplex Secure Ltd. [Ver = 1.24.0.0 built by: WinDDK | Size = 642560 bytes | Created Date = 4/29/2007 2:30:58 PM | Attr = ]
U3SHLPDR200.SYS -> %System32%\drivers\U3SHLPDR200.SYS -> [Ver = | Size = 4518 bytes | Created Date = 9/18/2006 11:36:55 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 686 bytes | Created Date = 12/27/2006 10:47:23 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 196 bytes | Modified Date = 7/11/2006 9:28:16 PM | Attr = RHS]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 266 bytes | Modified Date = 7/11/2006 9:48:24 PM | Attr = RHS]
CEHook.dll -> %SystemDrive%\CEHook.dll -> [Ver = | Size = 515584 bytes | Modified Date = 4/29/2007 3:05:28 PM | Attr = ]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 5/3/2005 9:43:18 PM | Attr = RHS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 7/13/2006 7:20:20 PM | Attr = ]
driver.dat -> %SystemDrive%\driver.dat -> [Ver = | Size = 23 bytes | Modified Date = 4/29/2007 3:05:28 PM | Attr = ]
emptydll.dll -> %SystemDrive%\emptydll.dll -> [Ver = | Size = 13824 bytes | Modified Date = 4/29/2007 3:05:28 PM | Attr = ]
ffastun.ffa -> %SystemDrive%\ffastun.ffa -> [Ver = | Size = 4379 bytes | Modified Date = 8/9/2006 2:59:18 PM | Attr = H ]
ffastun.ffl -> %SystemDrive%\ffastun.ffl -> [Ver = | Size = 344064 bytes | Modified Date = 8/9/2006 2:59:18 PM | Attr = H ]
ffastun.ffo -> %SystemDrive%\ffastun.ffo -> [Ver = | Size = 65536 bytes | Modified Date = 8/9/2006 2:59:18 PM | Attr = H ]
ffastun0.ffx -> %SystemDrive%\ffastun0.ffx -> [Ver = | Size = 475136 bytes | Modified Date = 8/9/2006 2:59:18 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Modified Date = 5/7/2005 5:47:48 PM | Attr = HS]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 5/5/2005 11:52:40 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/7/2005 5:50:32 PM | Attr = R ]
Python22 -> %SystemDrive%\Python22 -> [Folder | Modified Date = 5/3/2007 7:32:02 PM | Attr = H ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 7/11/2006 11:07:28 PM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 5/4/2005 7:51:48 PM | Attr = ]
SOPHTEMP -> %SystemDrive%\SOPHTEMP -> [Folder | Modified Date = 5/3/2007 7:32:08 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/29/2007 8:28:36 AM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 3/29/2007 4:45:34 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/27/2007 8:51:54 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/27/2007 12:50:40 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/27/2007 7:30:40 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/29/2007 8:28:36 AM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/29/2007 4:45:34 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/27/2007 8:51:54 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/27/2007 12:50:40 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/27/2007 7:30:40 PM | Attr = H ]
sysprep -> %SystemDrive%\sysprep -> [Folder | Modified Date = 7/11/2006 9:34:22 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/11/2006 9:34:22 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/6/2007 9:26:34 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/7/2005 5:49:04 PM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Modified Date = 8/3/2006 7:46:16 PM | Attr = ]
_desktop.ini -> %SystemDrive%\_desktop.ini -> [Ver = | Size = 8 bytes | Modified Date = 5/3/2005 7:56:36 PM | Attr = ]
оø´úË«½¾3Ã÷Ô¹ÂÐÇ -> %SystemDrive%\оø´úË«½¾3Ã÷Ô¹ÂÐÇ -> [Folder | Modified Date = 1/7/2007 11:59:08 AM | Attr = ]
$NtUninstallKB823559$ -> %SystemRoot%\$NtUninstallKB823559$ -> [Folder | Modified Date = 7/12/2006 12:17:46 PM | Attr = H ]
$NtUninstallKB824146$ -> %SystemRoot%\$NtUninstallKB824146$ -> [Folder | Modified Date = 7/12/2006 12:17:46 PM | Attr = H ]
$NtUninstallQ328310$ -> %SystemRoot%\$NtUninstallQ328310$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ329112$ -> %SystemRoot%\$NtUninstallQ329112$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ329115$ -> %SystemRoot%\$NtUninstallQ329115$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ329170$ -> %SystemRoot%\$NtUninstallQ329170$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ329390$ -> %SystemRoot%\$NtUninstallQ329390$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ329834$ -> %SystemRoot%\$NtUninstallQ329834$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ331953$ -> %SystemRoot%\$NtUninstallQ331953$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ331958$ -> %SystemRoot%\$NtUninstallQ331958$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ810565$ -> %SystemRoot%\$NtUninstallQ810565$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ810577$ -> %SystemRoot%\$NtUninstallQ810577$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ810833$ -> %SystemRoot%\$NtUninstallQ810833$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ814033$ -> %SystemRoot%\$NtUninstallQ814033$ -> [Folder | Modified Date = 7/12/2006 12:17:48 PM | Attr = H ]
$NtUninstallQ814995$ -> %SystemRoot%\$NtUninstallQ814995$ -> [Folder | Modified Date = 7/12/2006 12:17:50 PM | Attr = H ]
$NtUninstallQ815485$ -> %SystemRoot%\$NtUninstallQ815485$ -> [Folder | Modified Date = 7/12/2006 12:17:50 PM | Attr = H ]
$NtUninstallQ817287$ -> %SystemRoot%\$NtUninstallQ817287$ -> [Folder | Modified Date = 7/12/2006 12:17:50 PM | Attr = H ]
A4W.INI -> %SystemRoot%\A4W.INI -> [Ver = | Size = 35 bytes | Modified Date = 9/18/2006 10:05:06 PM | Attr = ]
A4W_DATA -> %SystemRoot%\A4W_DATA -> [Folder | Modified Date = 9/18/2006 10:05:06 PM | Attr = ]
addins -> %SystemRoot%\addins -> [Folder | Modified Date = 7/12/2006 12:18:04 PM | Attr = ]
Application Data -> %SystemRoot%\Application Data -> [Folder | Modified Date = 2/24/2007 7:33:26 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 7/12/2006 12:17:50 PM | Attr = ]
ArtGalry.cag -> %SystemRoot%\ArtGalry.cag -> [Ver = | Size = 6144 bytes | Modified Date = 11/21/2006 10:05:20 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 7/12/2006 12:17:22 PM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 5/3/2005 9:46:42 PM | Attr = ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/25/2006 1:22:06 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/7/2005 5:47:48 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 100 bytes | Modified Date = 1/21/2007 6:24:24 PM | Attr = ]
CREATOR -> %SystemRoot%\CREATOR -> [Folder | Modified Date = 7/12/2006 12:22:14 PM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 7/12/2006 12:17:50 PM | Attr = ]
d3dx.dat -> %SystemRoot%\d3dx.dat -> [Ver = | Size = 4096 bytes | Modified Date = 4/23/2007 11:02:02 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/7/2005 5:48:12 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 9/2/2006 7:54:02 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/6/2005 9:57:12 PM | Attr = S]
EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [Ver = | Size = 9662 bytes | Modified Date = 8/15/2006 2:31:12 PM | Attr = ]
EPSTPLOG.BAK -> %SystemRoot%\EPSTPLOG.BAK -> [Ver = | Size = 16427 bytes | Modified Date = 11/26/2006 1:48:22 PM | Attr = ]
exchng.ini -> %SystemRoot%\exchng.ini -> [Ver = | Size = 22 bytes | Modified Date = 8/3/2006 10:32:00 PM | Attr = ]
extend.dat -> %SystemRoot%\extend.dat -> [Ver = | Size = 7601 bytes | Modified Date = 8/8/2006 6:40:50 PM | Attr = ]
FA124.INI -> %SystemRoot%\FA124.INI -> [Ver = | Size = 155 bytes | Modified Date = 3/30/2007 11:14:26 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/30/2007 10:57:04 PM | Attr = R S]
forms -> %SystemRoot%\forms -> [Folder | Modified Date = 8/3/2006 10:32:24 PM | Attr = ]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 10/16/2006 3:25:54 PM | Attr = HS]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/24/2007 8:39:00 PM | Attr = ]
I386 -> %SystemRoot%\I386 -> [Folder | Modified Date = 7/12/2006 12:22:16 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 7/12/2006 12:18:04 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/6/2005 9:58:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/7/2005 5:49:10 PM | Attr = HS]
kulionj.dll -> %SystemRoot%\kulionj.dll -> [Ver = | Size = 26112 bytes | Modified Date = 5/3/2007 7:35:06 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 5/6/2005 9:58:44 PM | Attr = ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp -> [Folder | Modified Date = 9/3/2006 1:20:40 AM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 8/3/2006 10:31:18 PM | Attr = ]
Microsoft Outlook.FAV -> %SystemRoot%\Microsoft Outlook.FAV -> [Ver = | Size = 23464 bytes | Modified Date = 10/27/2006 12:24:54 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/16/2007 7:20:54 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 7/12/2006 12:18:04 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/28/2007 4:42:28 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4346 bytes | Modified Date = 8/3/2006 10:32:00 PM | Attr = ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 7/12/2006 12:17:22 PM | Attr = R ]
ORUN32.EXE -> %SystemRoot%\ORUN32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 10/20/2006 5:20:36 PM | Attr = ]
outlook.pst -> %SystemRoot%\outlook.pst -> [Ver = | Size = 114688 bytes | Modified Date = 2/14/2007 8:29:30 AM | Attr = ]
Owner.acl -> %SystemRoot%\Owner.acl -> [Ver = | Size = 35342 bytes | Modified Date = 1/14/2007 8:54:54 PM | Attr = ]
Owner.pcb -> %SystemRoot%\Owner.pcb -> [Ver = | Size = 7680 bytes | Modified Date = 2/7/2007 8:51:34 AM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 9/16/2006 9:11:14 AM | Attr = H ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 19 bytes | Modified Date = 4/22/2007 11:21:00 AM | Attr = ]
popcinfot.dat -> %SystemRoot%\popcinfot.dat -> [Ver = | Size = 23 bytes | Modified Date = 4/22/2007 11:21:00 AM | Attr = ]
popcreg.dat -> %SystemRoot%\popcreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 4/22/2007 10:19:14 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/7/2005 5:54:08 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4/25/2007 11:24:28 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/25/2007 11:24:28 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/3/2005 10:06:56 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 7/11/2006 9:25:00 PM | Attr = ]
SendTo -> %SystemRoot%\SendTo -> [Folder | Modified Date = 8/3/2006 10:32:16 PM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 7/11/2006 9:48:06 PM | Attr = ]
setupupd -> %SystemRoot%\setupupd -> [Folder | Modified Date = 7/11/2006 9:48:04 PM | Attr = ]
SICALIB2.DAT -> %SystemRoot%\SICALIB2.DAT -> [Ver = | Size = 40866 bytes | Modified Date = 9/18/2006 10:12:26 PM | Attr = ]
SMINST -> %SystemRoot%\SMINST -> [Folder | Modified Date = 7/12/2006 12:21:34 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 7/12/2006 12:18:04 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 7/14/2006 5:29:52 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 10/20/2006 8:19:06 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 3/30/2007 8:43:42 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/6/2005 9:58:28 PM | Attr = H ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/11/2006 9:49:22 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/7/2005 5:53:34 PM | Attr = ]
twinnt30.ini -> %SystemRoot%\twinnt30.ini -> [Ver = | Size = 43 bytes | Modified Date = 3/30/2007 8:41:20 PM | Attr = ]
uninstall -> %SystemRoot%\uninstall -> [Folder | Modified Date = 5/5/2005 11:56:48 AM | Attr = ]
War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 65419 bytes | Modified Date = 7/11/2006 11:23:02 PM | Attr = ]
War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Modified Date = 7/11/2006 10:23:04 PM | Attr = ]
War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Modified Date = 7/11/2006 10:23:04 PM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 7/12/2006 12:18:02 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1248 bytes | Modified Date = 3/30/2007 8:54:14 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/14/2007 9:43:52 PM | Attr = ]
wt -> %SystemRoot%\wt -> [Folder | Modified Date = 3/31/2007 1:45:44 PM | Attr = ]
Norton AntiVirus - Scan my computer.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer.job -> [Ver = | Size = 530 bytes | Modified Date = 4/6/2007 8:03:20 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/7/2005 5:48:00 PM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 412 bytes | Modified Date = 7/11/2006 9:49:22 PM | Attr = ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 991 bytes | Modified Date = 7/11/2006 9:34:22 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 5/6/2005 9:59:24 PM | Attr = ]
asinst.cfg -> %System32%\asinst.cfg -> [Ver = | Size = 128 bytes | Modified Date = 4/3/2006 10:59:16 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 7/11/2006 9:32:32 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/6/2005 10:31:32 PM | Attr = ]
CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 8/14/2006 2:37:52 PM | Attr = ]
COLOR -> %System32%\COLOR -> [Folder | Modified Date = 9/18/2006 10:04:28 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 7/12/2006 12:18:06 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 5/3/2005 10:07:18 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/14/2007 9:53:34 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/5/2005 9:58:02 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 3/14/2007 9:44:02 PM | Attr = ]
FLASH.OCX -> %System32%\FLASH.OCX -> Macromedia, Inc. [Ver = 6,0,79,0 | Size = 827392 bytes | Modified Date = 10/16/2006 3:25:54 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 220040 bytes | Modified Date = 3/31/2007 12:28:12 AM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 12/26/2006 6:02:30 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 5/6/2005 10:03:06 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 7/12/2006 12:18:56 PM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 7/12/2006 12:18:56 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Modified Date = 11/9/2006 1:28:20 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Modified Date = 11/9/2006 1:28:30 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Modified Date = 11/9/2006 3:07:32 PM | Attr = ]
jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Modified Date = 11/9/2006 3:07:28 PM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/3/2006 9:13:36 PM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 6147 bytes | Modified Date = 8/3/2006 10:32:02 PM | Attr = ]
mppds.dll -> %System32%\mppds.dll -> [Ver = | Size = 12800 bytes | Modified Date = 5/3/2005 9:16:34 PM | Attr = ]
MSDEG32.DLL -> %System32%\MSDEG32.DLL -> [Ver = | Size = 4848 bytes | Modified Date = 5/3/2005 9:16:30 PM | Attr = ]
MSForms.TWD -> %System32%\MSForms.TWD -> [Ver = | Size = 120872 bytes | Modified Date = 8/4/2006 9:42:18 AM | Attr = ]
npp -> %System32%\npp -> [Folder | Modified Date = 7/12/2006 12:19:06 PM | Attr = ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 7/12/2006 12:19:10 PM | Attr = ]
packet.dll -> %System32%\packet.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 81920 bytes | Modified Date = 5/3/2007 7:45:44 PM | Attr = HS]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 5/6/2005 10:03:06 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53552 bytes | Modified Date = 10/19/2006 3:01:10 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 382000 bytes | Modified Date = 10/19/2006 3:01:10 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 10/19/2006 3:01:10 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 12/30/2006 12:37:12 AM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 12/30/2006 12:37:14 AM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 12/30/2006 12:37:14 AM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Computer, Inc. [Ver = 7.0.2 | Size = 49152 bytes | Modified Date = 9/1/2005 5:05:36 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Computer, Inc. [Ver = 7.0.2 | Size = 65536 bytes | Modified Date = 9/1/2005 5:05:40 PM | Attr = ]
ras -> %System32%\ras -> [Folder | Modified Date = 7/12/2006 12:19:12 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 7/11/2006 9:30:26 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 5/3/2005 10:05:52 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 12/30/2006 12:37:32 AM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.6.7.2 | Size = 91904 bytes | Modified Date = 1/31/2006 2:35:34 PM | Attr = ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 7/12/2006 12:18:08 PM | Attr = ]
sirenacm.dll -> %System32%\sirenacm.dll -> Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Modified Date = 1/19/2007 12:53:04 PM | Attr = ]
system.mdw -> %System32%\system.mdw -> [Ver = | Size = 69632 bytes | Modified Date = 8/3/2006 10:31:56 PM | Attr = ]
uchgmpmz.dll -> %System32%\uchgmpmz.dll -> [Ver = | Size = 0 bytes | Modified Date = 10/19/2006 2:12:38 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 5/6/2005 10:03:06 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 7/12/2006 12:19:18 PM | Attr = ]
wanpacket.dll -> %System32%\wanpacket.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 61440 bytes | Modified Date = 5/3/2007 7:45:44 PM | Attr = HS]
wbem -> %System32%\wbem -> [Folder | Modified Date = 5/3/2005 10:06:56 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/3/2005 10:08:04 PM | Attr = ]
wpcap.dll -> %System32%\wpcap.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 233472 bytes | Modified Date = 5/3/2007 7:45:44 PM | Attr = HS]
xposer.cfg -> %System32%\xposer.cfg -> [Ver = | Size = 128 bytes | Modified Date = 4/3/2006 10:59:54 AM | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Modified Date = 12/30/2005 8:16:02 PM | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 761856 bytes | Modified Date = 12/30/2005 8:10:30 PM | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Modified Date = 12/30/2005 8:18:26 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/6/2006 12:03:16 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/4/2005 7:41:10 PM | Attr = ]
HP_DT124A-AB4 S6150AP SE410_YC_Pres_QTWL405_E41SEhwRET1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.05_T031125_WXH1_L409_M248_J82_7Intel_8Pentium 4_92.6_111063044_N10EC8139_P_Z14F12F00_K.MRK -> %System32%\drivers\HP_DT124A-AB4 S6150AP SE410_YC_Pres_QTWL405_E41SEhwRET1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.05_T031125_WXH1_L409_M248_J82_7Intel_8Pentium 4_92.6_111063044_N10EC8139_P_Z14F12F00_K.MRK -> [Ver = | Size = 3690 bytes | Modified Date = 7/11/2006 9:35:52 PM | Attr = RHS]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.114 | Size = 28256 bytes | Modified Date = 12/3/2006 12:14:42 AM | Attr = ]
npf.sys -> %System32%\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 5/3/2007 7:45:44 PM | Attr = HS]
SE2Ebus.sys -> %System32%\drivers\SE2Ebus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Modified Date = 5/1/2006 7:16:22 PM | Attr = R ]
SE2Ecm.sys -> %System32%\drivers\SE2Ecm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Modified Date = 5/1/2006 7:18:50 PM | Attr = R ]
SE2Ecmnt.sys -> %System32%\drivers\SE2Ecmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Modified Date = 5/1/2006 7:18:50 PM | Attr = R ]
se2Ecr.sys -> %System32%\drivers\se2Ecr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Modified Date = 5/1/2006 7:15:40 PM | Attr = R ]
SE2Emdfl.sys -> %System32%\drivers\SE2Emdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Modified Date = 5/1/2006 7:17:12 PM | Attr = R ]
SE2Emdm.sys -> %System32%\drivers\SE2Emdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Modified Date = 5/1/2006 7:17:16 PM | Attr = R ]
SE2Emgmt.sys -> %System32%\drivers\SE2Emgmt.sys -> MCCI [Ver = V4.34 | Size = 88688 bytes | Modified Date = 5/1/2006 7:18:04 PM | Attr = R ]
se2End5.sys -> %System32%\drivers\se2End5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Modified Date = 5/1/2006 7:15:50 PM | Attr = R ]
SE2Eobex.sys -> %System32%\drivers\SE2Eobex.sys -> MCCI [Ver = V4.34 | Size = 86560 bytes | Modified Date = 5/1/2006 7:18:54 PM | Attr = R ]
se2Eunic.sys -> %System32%\drivers\se2Eunic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Modified Date = 5/1/2006 7:15:44 PM | Attr = R ]
se2Ewh.sys -> %System32%\drivers\se2Ewh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Modified Date = 5/1/2006 7:16:20 PM | Attr = R ]
SE2Ewhnt.sys -> %System32%\drivers\SE2Ewhnt.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Modified Date = 5/1/2006 7:16:20 PM | Attr = R ]
sptd.sys -> %System32%\drivers\sptd.sys -> Duplex Secure Ltd. [Ver = 1.24.0.0 built by: WinDDK | Size = 642560 bytes | Modified Date = 4/29/2007 3:04:38 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.7.1 | Size = 123248 bytes | Modified Date = 1/31/2006 2:35:34 PM | Attr = ]
U3SHLPDR200.SYS -> %System32%\drivers\U3SHLPDR200.SYS -> [Ver = | Size = 4518 bytes | Modified Date = 9/18/2006 11:36:56 PM | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 686 bytes | Modified Date = 10/20/2006 4:59:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.07 | Size = 10435584 bytes | Modified Date = 9/13/2003 9:24:20 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\autocheck.exe -> [Ver = | Size = 30659 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Dec.exe -> [Ver = | Size = 78848 bytes | Modified Date = 9/15/2001 2:50:02 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/16/2003 10:40:04 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Modified Date = 10/27/2004 6:38:24 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\find.leb -> [Ver = | Size = 30659 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\MSDEG32.DLL -> [Ver = | Size = 4848 bytes | Modified Date = 5/3/2005 9:16:30 PM | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 11/21/1996 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 12/30/2006 12:37:32 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\service01.dll -> [Ver = | Size = 15424 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\service02.dll -> [Ver = | Size = 15424 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\service03.dll -> [Ver = | Size = 15424 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\service04.dll -> [Ver = | Size = 15424 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/16/2003 5:41:44 PM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\winsock01.dll -> [Ver = | Size = 7035 bytes | Modified Date = 11/7/2003 5:37:50 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/17/2003 5:36:26 AM | Attr = ]

< End of report >

Heres the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:13:40 PM, on 5/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\WinPFind3u\WinPFind3U.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\naruto\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ty a lot

#14 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 07 May 2007 - 12:15 PM

Hello :)

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.


Delete these files: (if found)
C:\CEHook.dll
C:\_desktop.ini
C:\Windows\System32\uchgmpmz.dll
C:\Windows\kulionj.dll
C:\Windows\System32\mppds.dll


Post:
- A fresh HijackThis log
- Contents of main.txt and the extra.txt

#15 chankfj

chankfj

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 08 May 2007 - 08:38 AM

Sorie for late reply

heres the content for main.txt:

Deckard's System Scanner v20070426.43
Run by Owner on 2005-05-08 at 22:15:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2005-05-08 14:16:06 UTC - RP166 - Deckard's System Scanner Restore Point
84: 2005-05-07 10:12:49 UTC - RP165 - System Checkpoint
83: 2005-05-05 04:38:56 UTC - RP164 - System Checkpoint
82: 2005-05-03 14:05:51 UTC - RP163 - Restore Operation
81: 2007-05-03 03:04:34 UTC - RP162 - System Checkpoint


-- First Restore Point --
1: 2007-02-03 13:53:26 UTC - RP82 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:17:12 PM, on 5/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\naruto\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\naruto\backups\) --------

backup-20050505-100942-177 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
backup-20050505-100942-649 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20050505-100942-782 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
backup-20061020-191116-603 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20061020-191116-707 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 ScFBPNT2 (CanoScan FBP2 Port Driver) - c:\windows\system32\drivers\scfbpnt2.sys
R2 U3SHLPDR200 - c:\windows\system32\drivers\u3shlpdr200.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 dump_wmimmc - c:\windows\system32\drivers\dump_wmimmc.sys (file missing)
S3 kaspersky1 - c:\documents and settings\owner\desktop\naruto\maple hacks\kaspersky.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\sophosmemsweep.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - c:\windows\system32\drivers\se2ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
S3 SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - c:\windows\system32\drivers\se2emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
S3 SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - c:\windows\system32\drivers\se2emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
S3 SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se2emgmt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Device Management>
S3 se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - c:\windows\system32\drivers\se2end5.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
S3 SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - c:\windows\system32\drivers\se2eobex.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
S3 se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - c:\windows\system32\drivers\se2eunic.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-04-06 20:03:19 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2006-07-11 21:49:21 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2005-04-08 and 2005-05-08 -----------------------------

2007-05-03 19:35:05 26112 --a------ C:\WINDOWS\kulionj.dll
2007-05-03 19:29:26 12800 --a------ C:\WINDOWS\System32\mppds.dll
2007-05-03 19:28:24 4848 --a------ C:\WINDOWS\System32\MSDEG32.DLL
2007-05-03 19:27:32 0 d-------- C:\WINDOWS\uninstall
2007-04-29 20:29:36 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2007-04-29 20:29:36 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-04-29 15:08:33 0 d-------- C:\Program Files\SlySoft
2007-04-29 15:05:27 13824 --a------ C:\emptydll.dll
2007-04-29 15:05:26 23 --a------ C:\driver.dat
2007-04-29 15:05:18 515584 --a------ C:\CEHook.dll
2007-04-29 14:30:58 642560 --a------ C:\WINDOWS\System32\drivers\sptd.sys <Not Verified; Duplex Secure Ltd.; SCSI Pass Through Direct>
2007-04-23 23:02:00 4096 --a------ C:\WINDOWS\d3dx.dat
2007-04-23 23:01:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Wildfire
2007-04-22 11:20:58 19 --a------ C:\WINDOWS\popcinfo.dat
2007-04-22 10:19:12 0 --a------ C:\WINDOWS\popcreg.dat
2007-04-22 10:19:12 23 --a------ C:\WINDOWS\popcinfot.dat
2007-04-22 10:19:12 0 d-------- C:\Program Files\PopCap Games
2007-03-30 22:57:02 40672 --a------ C:\WINDOWS\System32\drivers\CESG502.sys <Not Verified; Hitachi Semiconductor and Devices Sales Co.,Ltd.; CESG502>
2007-03-30 22:57:01 0 d-------- C:\Program Files\CASIO
2007-03-30 20:40:33 0 d-------- C:\Program Files\AUT
2007-03-14 21:45:02 0 d-------- C:\Documents and Settings\Owner\Contacts
2007-03-13 21:58:56 0 d-------- C:\Documents and Settings\Owner\Application Data\SopCast
2007-03-13 21:58:54 0 d-------- C:\Program Files\SopCast
2007-03-13 18:41:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-03-13 18:40:21 0 d-------- C:\Program Files\Google
2007-03-13 18:40:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-03-11 13:52:57 0 d-------- C:\Documents and Settings\Owner\Application Data\ultra
2007-02-24 19:33:24 0 d-------- C:\WINDOWS\Application Data
2007-02-24 18:58:59 0 d-------- C:\WINDOWS\wt
2007-01-20 13:01:32 0 d-------- C:\Program Files\GameFlier
2007-01-07 11:59:07 0 d-------- C:\оø´úË«½¾3Ã÷Ô¹ÂÐÇ
2007-01-07 11:58:59 78848 --a------ C:\WINDOWS\System32\Dec.exe
2006-12-30 00:37:47 0 d-------- C:\Program Files\Common Files\xing shared
2006-12-30 00:37:03 0 d-------- C:\Program Files\Real
2006-12-30 00:26:04 0 d-------- C:\My Downloads
2006-12-25 10:26:14 0 d-------- C:\Program Files\Ad Muncher
2006-11-20 22:13:07 0 d-------- C:\Program Files\Cerbere
2006-10-21 08:24:50 0 d-------- C:\SOPHTEMP
2006-10-20 19:40:59 0 d-------- C:\WINDOWS\System32\ActiveScan
2006-10-20 19:32:16 0 d-------- C:\Program Files\Common Files\Java
2006-10-20 17:20:35 0 --a------ C:\WINDOWS\ORUN32.EXE
2006-10-20 17:12:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2006-10-20 17:12:57 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2006-10-20 17:12:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-19 14:12:37 56 --a------ C:\WINDOWS\System32\x
2006-10-19 14:12:37 0 --a------ C:\WINDOWS\System32\uchgmpmz.dll
2006-10-16 15:25:52 0 d--hs---- C:\WINDOWS\ftpcache
2006-10-14 09:57:55 0 d-------- C:\Program Files\mIRC
2006-09-23 19:48:34 0 d-------- C:\Program Files\WinPcap
2006-09-23 19:48:28 0 d-------- C:\Program Files\WC3Banlist
2006-09-18 23:36:55 4518 --a------ C:\WINDOWS\System32\drivers\U3SHLPDR200.SYS
2006-09-18 22:12:24 40866 --a------ C:\WINDOWS\SICALIB2.DAT
2006-09-18 22:05:05 0 d-------- C:\WINDOWS\A4W_DATA
2006-09-18 22:04:27 271872 --a------ C:\WINDOWS\System32\Ucs32p.dll <Not Verified; Canon; ColorGear>
2006-09-18 22:04:27 15488 --a------ C:\WINDOWS\System32\drivers\ScFBPNT2.sys
2006-09-18 22:04:27 16896 --a------ C:\WINDOWS\System32\Csp2utl.dll <Not Verified; Canon; ScanCraft CS-P>
2006-09-18 22:04:27 96256 --a------ C:\WINDOWS\System32\Csp2osu.dll <Not Verified; Canon; ScanCraft CS-P>
2006-09-18 22:04:27 133120 --a------ C:\WINDOWS\Sifbp2.dll <Not Verified; Canon Inc.; Canon sifbp2.dll>
2006-09-18 22:04:27 63488 --a------ C:\WINDOWS\ScFBPPM2.DLL <Not Verified; Canon Inc.; CANON INC. ScFBPPM2>
2006-09-18 22:04:24 0 d-------- C:\WINDOWS\System32\COLOR
2006-09-18 22:04:24 0 d-------- C:\Program Files\Canon
2006-09-16 09:11:12 0 d--h----- C:\WINDOWS\PIF
2006-09-07 16:23:50 18704 -ra------ C:\WINDOWS\System32\drivers\se2End5.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
2006-09-07 16:23:31 5872 -ra------ C:\WINDOWS\System32\drivers\se2Ewh.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
2006-09-07 16:23:31 90800 -ra------ C:\WINDOWS\System32\drivers\se2Eunic.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
2006-09-07 16:23:31 4128 -ra------ C:\WINDOWS\System32\drivers\se2Ecr.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
2006-09-07 16:23:08 88688 -ra------ C:\WINDOWS\System32\drivers\SE2Emgmt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Device Management>
2006-09-07 16:23:08 6240 -ra------ C:\WINDOWS\System32\drivers\SE2Ecmnt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
2006-09-07 16:23:08 6240 -ra------ C:\WINDOWS\System32\drivers\SE2Ecm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
2006-09-07 16:22:42 86560 -ra------ C:\WINDOWS\System32\drivers\SE2Eobex.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
2006-09-07 16:22:18 97184 -ra------ C:\WINDOWS\System32\drivers\SE2Emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
2006-09-07 16:22:18 9360 -ra------ C:\WINDOWS\System32\drivers\SE2Emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
2006-09-07 16:20:05 5872 -ra------ C:\WINDOWS\System32\drivers\SE2Ewhnt.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
2006-09-07 16:20:04 61600 -ra------ C:\WINDOWS\System32\drivers\SE2Ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
2006-09-07 16:20:03 0 d-------- C:\WINDOWS\LastGood
2006-09-03 21:41:52 1751 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2006-09-03 21:41:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-09-03 21:39:42 0 d-------- C:\Program Files\QuickTime
2006-09-03 21:39:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-09-03 01:16:38 0 d-------- C:\WINDOWS\LastGood.Tmp
2006-09-02 19:58:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Teleca
2006-09-02 19:56:22 0 d------c- C:\WINDOWS\System32\DRVSTORE
2006-09-02 19:55:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2006-09-02 19:55:02 0 d-------- C:\Program Files\Common Files\Teleca Shared
2006-09-02 19:55:00 0 d-------- C:\Program Files\Sony Ericsson
2006-09-02 19:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2006-09-02 19:52:13 0 d-------- C:\WINDOWS\Downloaded Installations
2006-08-23 19:41:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2006-08-16 17:18:57 161792 -----n--- C:\WINDOWS\System32\hpofax07.dll <Not Verified; HP; HP OfficeJet>
2006-08-16 17:18:49 53248 -----n--- C:\WINDOWS\System32\hpousd07.dll <Not Verified; Hewlett-Packard Co.; hp officeJet v series>
2006-08-16 17:18:49 28672 -----n--- C:\WINDOWS\System32\hpomem07.dll <Not Verified; Hewlett-Packard Co.; hp officeJet v series>
2006-08-16 17:18:46 1048576 -----n--- C:\WINDOWS\System32\roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP for WinHelp 2000>
2006-08-16 17:18:46 54784 -----n--- C:\WINDOWS\System32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2006-08-16 17:18:46 40960 -----n--- C:\WINDOWS\System32\HPOtap07.dll <Not Verified; Hewlett-Packard Co.; hp officeJet v series>
2006-08-16 17:18:42 57344 -----n--- C:\WINDOWS\System32\hpoisn07.dll <Not Verified; HP; HP SNMP Windows>
2006-08-16 17:18:42 94208 -----n--- C:\WINDOWS\System32\hpoipt07.dll <Not Verified; HP; HP SNMP Windows>
2006-08-16 17:18:42 53248 -----n--- C:\WINDOWS\System32\hpoipr07.dll <Not Verified; HP; HP PmlRtl>
2006-08-16 17:18:42 57344 -----n--- C:\WINDOWS\System32\hpoipm07.exe <Not Verified; HP; HP PML>
2006-08-16 17:18:42 61440 -----n--- C:\WINDOWS\System32\hpoinw07.exe <Not Verified; HP; HP Dot4Net Windows>
2006-08-16 17:18:42 40960 -----n--- C:\WINDOWS\System32\hpoimn07.dll <Not Verified; HP; HP Dot4Mon>
2006-08-16 17:18:42 17904 -----n--- C:\WINDOWS\System32\drivers\hpoius07.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
2006-08-16 17:18:42 15984 -----n--- C:\WINDOWS\System32\drivers\hpoipr07.sys <Not Verified; HP; HP Dot4Print>
2006-08-16 17:18:42 50448 -----n--- C:\WINDOWS\System32\drivers\hpoid407.sys <Not Verified; HP; HP Dot4 Windows 2000>
2006-08-16 17:18:41 73728 -----n--- C:\WINDOWS\System32\hpoidr07.dll <Not Verified; HP; HP Dot4Rtl>
2006-08-16 17:18:41 0 d-------- C:\Temp
2006-08-16 17:18:40 0 d-------- C:\Program Files\ReadIRIS
2006-08-16 17:18:03 327168 --a------ C:\WINDOWS\IsUn0404.exe <Not Verified; InstallShield Software Corporation; InstallShield ® unInstaller>
2006-08-14 14:37:50 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2006-08-14 14:31:46 0 d-------- C:\Program Files\T-TIME
2006-08-08 18:40:49 7601 --a------ C:\WINDOWS\extend.dat
2006-08-04 19:06:07 0 d-------- C:\Program Files\AsiaSoft
2006-08-03 22:32:14 0 d-------- C:\WINDOWS\SendTo
2006-08-03 22:30:33 0 d-------- C:\WINDOWS\forms
2006-08-03 22:30:31 0 d-------- C:\Program Files\Windows Messaging
2006-08-03 19:51:23 131072 --a------ C:\WINDOWS\System32\Epcmlib.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON CardMonitor Library>
2006-08-03 19:50:54 283648 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2006-08-03 19:50:34 139264 --a------ C:\WINDOWS\System32\EBAPI2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2006-08-03 19:50:34 0 d-------- C:\Program Files\Common Files\EPSON
2006-08-03 19:49:06 0 d-------- C:\Program Files\EPSON
2006-08-03 19:46:15 0 d-------- C:\WUTemp
2006-07-30 18:43:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-07-28 18:46:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2006-07-25 17:03:19 0 d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-07-22 22:24:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-07-17 12:37:35 0 d-------- C:\Program Files\Matroska Pack
2006-07-17 12:37:06 761856 --a------ C:\WINDOWS\System32\xvidcore.dll
2006-07-17 12:37:04 180224 --a------ C:\WINDOWS\System32\xvidvfw.dll
2006-07-17 12:37:04 0 d-------- C:\Program Files\XviD
2006-07-16 07:56:31 4682 --a------ C:\WINDOWS\System32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2006-07-16 07:55:11 0 d-------- C:\Program Files\WIZET
2006-07-14 17:29:50 0 d-------- C:\WINDOWS\Sun
2006-07-13 20:13:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\WINDOWS
2006-07-13 19:20:20 0 d--h----- C:\Documents and Settings\Guest\Templates
2006-07-13 19:20:20 0 dr------- C:\Documents and Settings\Guest\Start Menu
2006-07-13 19:20:20 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2006-07-13 19:20:20 0 dr-h----- C:\Documents and Settings\Guest\Recent
2006-07-13 19:20:20 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2006-07-13 19:20:20 0 d--h----- C:\Documents and Settings\Guest\NetHood
2006-07-13 19:20:20 0 dr------- C:\Documents and Settings\Guest\My Documents
2006-07-13 19:20:20 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2006-07-13 19:20:20 0 dr------- C:\Documents and Settings\Guest\Favorites
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Desktop
2006-07-13 19:20:20 0 d---s---- C:\Documents and Settings\Guest\Cookies
2006-07-13 19:20:20 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Sonic
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Application Data\SampleView
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2006-07-13 19:20:20 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2006-07-13 19:20:20 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2006-07-13 19:20:19 1048576 --ah----- C:\Documents and Settings\Guest\ntuser.dat
2006-07-12 23:11:03 0 d-------- C:\Program Files\DivX
2006-07-12 23:03:04 208896 --a------ C:\WINDOWS\System32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2006-07-12 22:56:57 106496 --a------ C:\WINDOWS\System32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2006-07-12 22:56:56 471040 -----n--- C:\WINDOWS\System32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2006-07-12 22:56:56 262144 -----n--- C:\WINDOWS\System32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2006-07-12 22:56:56 1568768 -----n--- C:\WINDOWS\System32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2006-07-12 22:56:55 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2006-07-12 22:56:53 0 d-------- C:\Program Files\Common Files\Ahead
2006-07-12 22:56:53 0 d-------- C:\Program Files\Ahead
2006-07-12 17:15:24 0 d---s---- C:\Documents and Settings\Owner\UserData
2006-07-12 14:35:24 0 d-------- C:\Program Files\BitComet
2006-07-12 12:21:33 1459 --a------ C:\WINDOWS\system\hpsysdrv.dat
2006-07-12 12:11:51 0 dr------- C:\Program Files
2006-07-12 12:11:51 0 dr------- C:\Documents and Settings\Owner\Start Menu
2006-07-12 12:11:51 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2006-07-12 12:11:51 0 dr------- C:\Documents and Settings\Owner\My Documents
2006-07-12 12:11:49 0 dr------- C:\Documents and Settings\Owner\Favorites
2006-07-12 12:11:49 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2006-07-12 12:11:48 0 dr------- C:\Documents and Settings\Default User\Start Menu
2006-07-12 12:11:48 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2006-07-12 12:11:48 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2006-07-12 12:11:48 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2006-07-12 12:11:48 0 dr------- C:\Documents and Settings\All Users\Start Menu
2006-07-12 12:11:47 0 dr------- C:\Documents and Settings\All Users\Documents
2006-07-12 12:11:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2006-07-12 12:11:18 0 dr------- C:\WINDOWS\Offline Web Pages
2006-07-12 12:09:29 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2006-07-12 12:01:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-07-12 12:01:19 0 d-------- C:\Program Files\Lavasoft
2006-07-12 11:39:38 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-07-12 11:39:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-07-12 11:39:20 0 d-------- C:\Program Files\Common Files\Adobe
2006-07-11 23:14:25 0 d-------- C:\Program Files\MSN Apps
2006-07-11 23:00:33 0 d-------- C:\Program Files\MSN Messenger
2006-07-11 22:18:42 65419 --a------ C:\WINDOWS\War3Unin.dat
2006-07-11 22:18:40 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-07-11 22:18:40 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2006-07-11 22:15:47 0 d-------- C:\Program Files\Warcraft III
2006-07-11 22:02:35 0 d-------- C:\Program Files\SymNetDrv
2006-07-11 21:48:07 0 dr-hs---- C:\cmdcons
2006-07-11 21:48:05 0 d-------- C:\WINDOWS\setup.pss
2006-07-11 21:47:39 0 d-------- C:\WINDOWS\setupupd
2006-07-11 21:36:27 0 dr-h----- C:\Documents and Settings\Owner\Recent
2006-07-11 21:34:14 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2006-07-11 21:31:26 10368 --a------ C:\WINDOWS\System32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2006-07-11 21:31:21 1630208 --a------ C:\WINDOWS\System32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2006-07-11 21:31:21 1150976 --a------ C:\WINDOWS\System32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2006-07-11 21:31:21 1581056 --a------ C:\WINDOWS\System32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2006-07-11 21:31:21 1675264 --a------ C:\WINDOWS\System32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2006-07-11 21:31:21 81920 --a------ C:\WINDOWS\System32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2006-07-11 21:31:21 69632 --a------ C:\WINDOWS\System32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2006-07-11 21:31:21 69632 --a------ C:\WINDOWS\System32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2006-07-11 21:31:21 81920 --a------ C:\WINDOWS\System32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2006-07-11 21:31:21 49152 --a------ C:\WINDOWS\System32\cpuinf32.dll <Not Verified; Intel Corporation; Intel CPUInfo>
2006-07-11 21:30:36 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2006-07-11 21:30:34 0 d-------- C:\Program Files\ArcSoft
2006-07-11 21:28:10 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2006-07-11 21:28:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2006-07-11 21:28:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2006-07-11 21:28:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Sonic
2006-07-11 21:28:10 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2006-07-11 21:28:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2006-07-11 21:26:51 0 d--hs---- C:\System Volume Information
2006-07-11 21:26:48 0 d-------- C:\WINDOWS\Prefetch
2006-05-25 01:22:06 53248 --a------ C:\WINDOWS\bdoscandel.exe
2005-05-05 18:38:13 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2005-05-03 21:36:31 0 d-------- C:\WINDOWS\BDOSCAN8


-- Find3M Report ---------------------------------------------------------------

2007-05-03 19:45:43 233472 --ahs---- C:\WINDOWS\System32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2007-05-03 19:45:43 61440 --ahs---- C:\WINDOWS\System32\wanpacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2007-05-03 19:45:43 81920 --ahs---- C:\WINDOWS\System32\packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-05-03 19:31:22 0 d-------- C:\Program Files\PC-Doctor for Windows
2007-05-03 19:30:51 0 d-------- C:\Program Files\Microsoft Works
2007-05-03 19:29:56 0 d-------- C:\Program Files\Easy Internet signup
2007-03-31 13:45:07 0 d-------- C:\Program Files\WildTangent
2007-03-30 22:56:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-13 18:39:36 0 d-------- C:\Program Files\Java
2007-03-08 16:51:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-12-30 00:37:39 0 d-------- C:\Program Files\Common Files\Real
2006-10-20 19:53:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-16 17:18:39 0 d-------- C:\Program Files\Hewlett-Packard
2006-08-03 19:45:58 0 d--h----- C:\Program Files\WindowsUpdate
2006-07-30 18:43:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2006-07-16 07:54:55 0 d-------- C:\Program Files\Common Files\InstallShield
2006-07-12 12:17:45 0 d-------- C:\Program Files\Windows NT
2006-07-12 12:17:42 0 d-------- C:\Program Files\Movie Maker
2006-07-12 12:17:42 0 d-------- C:\Program Files\Messenger
2006-07-11 22:10:24 0 d-------- C:\Program Files\Symantec
2005-05-05 11:55:41 0 d-------- C:\Program Files\Presario PC Help
2005-05-03 21:45:34 0 d-------- C:\Program Files\RecordNow!
2005-05-03 21:23:19 0 d-------- C:\Program Files\Norton AntiVirus


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"HPAIO_PrintFolderMgr"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\hpoopm07.exe"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Acme.PCHButton"="C:\\PROGRA~1\\PRESAR~1\\Presario\\XPHWWRP4\\plugin\\bin\\pchbutton.exe"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



-- End of Deckard's System Scanner: finished at 2005-05-08 at 22:17:50 ---------

Heres the contents for extra.txt:

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 247.48 MiB / 86.85 MiB
Pagefile Memory (total/avail): 606.74 MiB / 373.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.36 GiB total, 33.63 GiB free.
D: is Fixed (FAT32) - 4.95 GiB total, 0.69 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is not configured.
AUState says computer is in an unknown state.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
???? --> C:\Program Files\T-TIME\????\uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Canon CanoCraft CS-P 3.7 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\CanoCraft CS-P 3.7\Uninst.isu" -c"C:\Program Files\Canon\CanoCraft CS-P 3.7\scuninst.dll"
Canon ScanGear Toolbox CS --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
CASIO FA-124 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB47E710-6249-4EFA-BE36-E922B0612AF4}\setup.exe" -l0x9
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EPSON PhotoQuicker3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ES C43 Problem Solver --> C:\WINDOWS\uninst.exe -f"C:\Program Files\EPSON\PSOLVER\ES C43\E\DeIsL1.isu"
GhostOnline --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{681A8EDE-895C-4586-B79A-62270476A459}\setup.exe" -l0x9
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
hp officejet v series --> "C:\Program Files\Hewlett-Packard\hp officejet v series\Uninstall\hpourn07.exe" /Path="C:\Program Files\Hewlett-Packard\hp officejet v series" /Uninstall="hp officejet v series"
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Internet Explorer Q828750 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q828750.inf
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KongKong Online (English) --> C:\Program Files\AsiaSoft\Uninstall.exe uninstall null null
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E1A2759-42C4-4629-B535-11BDA56C190D}\setup.exe" -l0x9 -removeonly
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Encarta Encyclopedia Standard - WE 2004 --> MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money --> MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\mtbs.exe c
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SopCast 1.1.1 --> C:\Program Files\SopCast\uninst.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Ultra soft --> C:\Documents and Settings\Owner\Application Data\ultra\uninstall.bat
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WC3Banlist --> "C:\Program Files\WC3Banlist\unins000.exe"
WD2 --> C:\Program Files\T-TIME\WD2\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinPcap 3.1 beta4 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


-- End of Deckard's System Scanner: finished at 2005-05-08 at 22:17:50 ---------

Heres the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:31:37 PM, on 5/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\naruto\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\zh-sg\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse...bugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users