Spyware/Adware Infection Precaution Advisory

• ndmmxiaomayi

  8 Nov 06, 18:20

  Originally posted by Y_Shun:

  where to get it?

  SmitfraudFix is in any one the replies here.
  
  HijackThis
  
  The guide to extracting HijackThis is the same for SmitfraudFix.
• Y_Shun

  10 Nov 06, 14:55

  Aiya nevermind liao, since the thing never pop up, I don't care liao
• HyuugaNeji

  17 Nov 06, 23:29

  hi how to erase my123virus ar? i already downloaded my123killer2.rar and i have winrar on win xp system.
• meltz

  17 Nov 06, 23:54

  is this link posted ??
  
  Trend Micro AntiSpyware -- Evaluation Copy
  
  It help to clean up spyware though it is evaluation copy
  
  http://www.trendmicro.com/en/products/desktop/as/evaluate/overview.htm
• ndmmxiaomayi

  18 Nov 06, 23:20

  It's not posted up...
  
  But it's part of the Update thread... which I have not been updating.
• davidche

  29 Nov 06, 17:14

  Originally posted by launtpc:
  Mods please edit as you wish. Thanks!
  
  [b]List of MUST GET softwares
  
  Anti Rootkit
  
  

  [*]F-Secure Blacklight
  [*]Sophos Anti-Rootkit

  
  Note: You have to re-download them each time you do a scan to make sure that the anti rootkit is up to date.
  
  Internet Browsers *
  [*]Opera 9.0
  [*]FireFox 1.5.0.3
  [*]Netscape 8.1
  [*]Avant 10.2 Build 52
  [*]Maxthon v1.5.6 build 42
  
  * No need to exactly use these five -- refer to FAQ
  
  List of Do Not Use software:
  

  
  [*]Internet Explorer
  [*]ZoneAlarm 6
  [*]P2P Software
  

  
  
  Be careful when downloading via P2P!
  
  List of Do Not Go sites:
  

  
  [*]Software crack sites/keygen sites
  [*]Pirated MP3/video/software sites
  [*]Game cheat/hack web sites
  [*]Pornography web sites (haha )
  

  
  
  When visiting untrusted sites,
  

  
  [*]Disable Java, Javascript, all plug-ins and all external content. Opera 8 users will find this easier to do -- simply hit F12 and uncheck the five checkboxes. Opera 9.0 TP2 users hit F12 and select Block Content.
  [*]Make sure you have real-time spyware protection, like the Windows Antispyware.
  [*]Set your firewall level to High.
  [*]Make sure you patch Windows with latest updates from here. Beware of fake "Windows Update" sites! The exact one is http://update.microsoft.com/
  

  
  
  When you have an infection,
  

  
  [*]Scan using all antispyware (update definitions first)
  [*]Block spyware from accessing Internet using firewall. Best is avoid Internet connections unless necessary. If possible, restart your computer in Safe Mode and scan. In Safe Mode, all unneccessary services are not loaded, so you can be sure that the spywares is not sending out anything while you are scanning. If you need to connect to the Internet, select Safe Mode with Networking option.
  [*]Do Not click on any popups that claims to help you clean out spywares/adwares or improve your computer's performance. All these are spywares/adwares. If you are unsure whether the anti-spyware is genuine, please ask. We will try to help you find out more.
  [*]If cannot be removed, download Process Explorer and HijackThis just in case. Unzip the ZIP files onto your desktop.
  [*]Post the following:
  [*]Name of spyware (if available)
  [*]What it does (add toolbars? popups?)
  [*]Screenshot of its damage
  [*]Screenshot of Task Manager's "Processes" list (For Windows 2000 users and above)
  [*]Run HijackThis, do a system scan with log and post the generated log file here.
  

  
  
  FAQ
  

  
  [*]Why ZoneAlarm 6 is in the "Do Not Use" list?
  ZoneAlarm 6 spies on the user's movement and sends the information back to Zone Labs -- just like spyware. It's not critical to switch to ZA5.5.
  [*]Why avoid Internet connections?
  Some spywares will download updated versions which are harder to remove. Also, they will contact their "mothership" for instructions (like to wreck your computer, steal sensitive data, keylog your PC) or sometimes download other trojans and viruses!
  [*]Why use Firefox/Opera only?
  You need not use the above two recommended; use any browser your trust. If you are unsure, use the ones we recommend/provide.
  [*]Sorry I don't have a legit Windows... how to patch?!
  You can enable Automatic Updates. Microsoft provides critical updates to all users regardless of fake/legit versions. To enable Automatic Updates right-click My Computer, select Properties, select Automatic Updates tab, and click Automatic. Alternatively you can go to WinDiz Update which provide another means to patching, but releases patches much slower than Microsoft.
  Another way is to buy legitimate Windows software.
  [*]At any one time, only have ONE antivirus and firewall should be installed.
  [*]More than one anti-spywares can be installed.
  

  [/b]

  Why delete the anti-spyware part??
• ndmmxiaomayi

  29 Nov 06, 17:47

  Originally posted by davidche:

  Why delete the anti-spyware part??

  It's being linked to another site. Too many things to list liao.
  
  The link is titled "List of MUST GET softwares"
• ndmmxiaomayi

  12 Dec 06, 11:52

  Updated. SmitfraudFix is no longer available as a zipped file. It's now available as an executable.
• ndmmxiaomayi

  12 Dec 06, 11:56

  For Windows 95, 98 and Windows ME users, please DO NOT use SmitfraudFix. It is only compatible with Windows 2000 and Windows XP.
  
  Windows 95, 98 and Windows ME users please use SmitRem instead.
• ndmmxiaomayi

  29 Dec 06, 18:14

  This only seems to be affecting WoW users.
  
  I wonder if Singaporeans are affected.
  
  The latest patch downloads a spyware instead.
  
  When the spyware is installed, it can produce popups and instead of using the usual search engines that you use, it will re-direct you to other search engines.
  
  The WoW thread
  
  Self help thread
  
  If you don't understand any of the instructions in the self help thread, please start a new thread.
• ndmmxiaomayi

  29 Dec 06, 20:33

  iSearch/iDownload technical writeup
  
  The removal can also be found in the technical writeup. If you still face problems, please create a new thread.
  
  Edit: See KyeU's website for a more detailed writeup.
• ndmmxiaomayi

  29 Dec 06, 22:08

  The latest version of Messenger Plus! obviously wreak havoc on my PC while testing.
  
  Anyway, somebody has blogged about it liao...
  
  December 18 entry
  
  December 17 entry
  
  December 15 entry
  
  December 12 entry
  
  November 12 entry
  
  June 30 entry
  
  June 26 entry
  
  June 25 entry
  
  April 7 entry
• ndmmxiaomayi

  1 Jan 07, 22:32

  http://tinybox.bravehost.com/winantiviruspro2007.html
  
  New fake anti-spyware program. Please do not try anything like what the author did, no guarantee what will happen.
• rx7Savanna

  2 Jan 07, 13:17

  this is my log..anything wrong wif my com??
  
  Logfile of HijackThis v1.99.1
  Scan saved at 13:13:40, on 02/01/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\system32\mqsvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
  C:\WINDOWS\ehome\ehtray.exe
  C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\QuickPlay\QPService.exe
  C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
  C:\WINDOWS\system32\mqtgsvc.exe
  C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
  C:\WINDOWS\eHome\ehmsas.exe
  c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
  R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: (no name) - 8@��38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
  O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - ¸?��497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  O2 - BHO: (no name) - ��0D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
  O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
  O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
  O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
  O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
  O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166241805515
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166241759546
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  
  
• ndmmxiaomayi

  2 Jan 07, 13:42

  I saw signs of Purity.
  
  Download Combofix by sUBs.
  
  Double click combofix.exe and follow the prompts.
  
  When finished, it shall produce a log for you. Post that log in your next reply
  
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall (hang).
  
  When it's done, it will produce a log called combofix.txt. Post that log and a new HijackThis log.
• rx7Savanna

  2 Jan 07, 19:07

  ok here goes..
  
  ComboFix log:
  
  SadxKiax - 07-01-02 19:03:53.93 Service Pack 2
  ComboFix 06.11.27 - Running from: "C:\"
  
  ((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))
  
  2007-01-02 19:03 381,390 --a------ C:\combofix.exe
  2007-01-02 12:54 218,112 --a------ C:\HijackThis.exe
  2007-01-02 12:47 d-------- C:\3gptemp
  2007-01-02 12:46 d-------- C:\Program Files\MIKSOFT
  2007-01-02 11:49 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
  2007-01-02 11:48 d-------- C:\Program Files\AviSynth 2.5
  2007-01-01 16:49 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
  2007-01-01 15:39 d-------- C:\Documents and Settings\SadxKiax\Application Data\AdobeUM
  2006-12-30 11:37 d-------- C:\Program Files\Microsoft Games
  2006-12-25 22:08 0 -rahs---- C:\MSDOS.SYS
  2006-12-25 22:08 0 -rahs---- C:\IO.SYS
  2006-12-25 21:58 d-------- C:\Program Files\Davilex
  2006-12-25 21:52 162,304 --a------ C:\UNWISE.EXE
  2006-12-25 16:18 d-------- C:\Program Files\QuickTime
  2006-12-25 16:17 d-------- C:\Program Files\Xilisoft
  2006-12-23 13:51 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll
  2006-12-23 09:44 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
  2006-12-23 09:44 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
  2006-12-20 12:34 d-------- C:\Program Files\AsiaSoft
  2006-12-18 14:29 d-------- C:\Documents and Settings\SadxKiax\Application Data\Lavasoft
  2006-12-18 14:28 d-------- C:\Program Files\Lavasoft
  2006-12-18 14:07 d-------- C:\Documents and Settings\SadxKiax\Application Data\muvee Technologies
  2006-12-18 14:07 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
  2006-12-18 12:51 d-------- C:\Program Files\WinRAR
  2006-12-18 00:42 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
  2006-12-18 00:20 d-------- C:\Program Files\WIZET
  2006-12-17 23:46 d-------- C:\Documents and Settings\SadxKiax\Application Data\Yahoo!
  2006-12-17 23:46 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
  2006-12-17 23:45 d-------- C:\Program Files\Yahoo!
  2006-12-17 10:39 d-------- C:\WINDOWS\Sun
  2006-12-17 10:39 d-------- C:\Documents and Settings\SadxKiax\Application Data\Sun
  2006-12-17 10:09 d-------- C:\Documents and Settings\SadxKiax\Application Data\Creative
  2006-12-17 09:57 d-------- C:\WINDOWS\system32\LogFiles
  2006-12-17 09:57 d-------- C:\WINDOWS\system32\drivers\UMDF
  2006-12-17 09:44 41,984 --------- C:\WINDOWS\Ctregrun.exe
  2006-12-17 09:40 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
  2006-12-17 09:40 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
  2006-12-17 09:40 d--h----- C:\Program Files\Creative Installation Information
  2006-12-17 09:40 d-------- C:\Program Files\Common Files\Creative
  2006-12-17 09:38 d-------- C:\Documents and Settings\All Users\Application Data\Creative
  2006-12-17 09:37 d-------- C:\Program Files\Creative
  2006-12-17 09:31 d-------- C:\Program Files\Sony Ericsson
  2006-12-17 09:31 d-------- C:\Program Files\Common Files\Teleca Shared
  2006-12-17 09:31 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
  2006-12-17 09:29 d-------- C:\WINDOWS\Downloaded Installations
  2006-12-17 09:14 d-------- C:\Documents and Settings\SadxKiax\Application Data\Adobe
  2006-12-17 08:56 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
  2006-12-16 13:01 d-------- C:\Documents and Settings\SadxKiax\Application Data\CyberLink
  2006-12-16 12:57 d-------- C:\Documents and Settings\SadxKiax\Application Data\HP
  2006-12-16 12:33 d--h-c--- C:\WINDOWS\ie7
  2006-12-16 12:33 d-------- C:\WINDOWS\WBEM
  2006-12-16 12:33 d-------- C:\WINDOWS\system32\en-US
  2006-12-16 12:32 d-------- C:\1348a9c03c18b84085fc9ebf
  2006-12-16 12:31 121,856 --------- C:\WINDOWS\system32\xmllite.dll
  2006-12-16 12:31 d-------- C:\WINDOWS\network diagnostic
  2006-12-16 12:29 721,920 --a------ C:\WINDOWS\system32\lsasrv.dll
  2006-12-16 12:29 132,096 --a------ C:\WINDOWS\system32\wkssvc.dll
  2006-12-16 12:29 d-------- C:\Program Files\MSXML 4.0
  2006-12-16 12:29 d-------- C:\aa851a3ac480bc3e735199
  2006-12-16 12:28 225,664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
  2006-12-16 12:27 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
  2006-12-16 12:23 37,888 --a------ C:\WINDOWS\system32\olecnv32.dll
  2006-12-16 12:22 1,839,488 --a------ C:\WINDOWS\system32\win32k.sys
  2006-12-16 12:17 dr-h----- C:\Documents and Settings\SadxKiax\Recent
  2006-12-16 12:16 23,040 --------- C:\WINDOWS\kb913800.exe
  2006-12-16 12:12 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
  2006-12-16 12:12 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
  2006-12-16 12:11 d-------- C:\WINDOWS\system32\PreInstall
  2006-12-16 12:04 18,200 --a------ C:\WINDOWS\system32\wups2.dll
  2006-12-16 12:04 d-------- C:\WINDOWS\system32\SoftwareDistribution
  2006-12-16 11:53 d-------- C:\Documents and Settings\SadxKiax\Contacts
  2006-12-16 11:52 d--hs---- C:\Documents and Settings\SadxKiax\UserData
  2006-12-16 11:51 d----c--- C:\WINDOWS\system32\DRVSTORE
  2006-12-16 11:51 d-------- C:\Program Files\MSN Messenger
  2006-12-16 11:47 d--h----- C:\WINDOWS\PIF
  2006-12-16 11:40 d--hs---- C:\RECYCLER
  2006-12-16 11:17 d--hs---- C:\Documents and Settings\SadxKiax\Temporary Internet Files
  2006-12-16 11:17 d--hs---- C:\Documents and Settings\SadxKiax\History
  2006-12-16 11:15 dr-h----- C:\Documents and Settings\SadxKiax\SendTo
  2006-12-16 11:15 dr-h----- C:\Documents and Settings\SadxKiax\Application Data\.
  2006-12-16 11:15 dr-h----- C:\Documents and Settings\SadxKiax\Application Data
  2006-12-16 11:15 dr------- C:\Documents and Settings\SadxKiax\Start Menu
  2006-12-16 11:15 dr------- C:\Documents and Settings\SadxKiax\My Documents
  2006-12-16 11:15 dr------- C:\Documents and Settings\SadxKiax\Favorites
  2006-12-16 11:15 d--hs---- C:\Documents and Settings\SadxKiax\Cookies
  2006-12-16 11:15 d--h----- C:\Documents and Settings\SadxKiax\Templates
  2006-12-16 11:15 d--h----- C:\Documents and Settings\SadxKiax\PrintHood
  2006-12-16 11:15 d--h----- C:\Documents and Settings\SadxKiax\NetHood
  2006-12-16 11:15 d--h----- C:\Documents and Settings\SadxKiax\Local Settings
  2006-12-16 11:15 d---s---- C:\Documents and Settings\SadxKiax\Application Data\Microsoft
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\Desktop
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\Application Data\Symantec
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\Application Data\Macromedia
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\Application Data\Identities
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\Application Data\..
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\..
  2006-12-16 11:15 d-------- C:\Documents and Settings\SadxKiax\.
  2006-12-16 11:13 d-------- C:\WINDOWS\Prefetch
  2006-12-16 11:11 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
  2006-12-16 11:11 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
  2006-12-16 11:11 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
  2006-12-16 11:11 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
  2006-12-16 11:11 76,288 --a------ C:\WINDOWS\system32\uniime.dll
  2006-12-16 11:11 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
  2006-12-16 11:11 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
  2006-12-16 11:11 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
  2006-12-16 11:11 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
  2006-12-16 11:11 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
  2006-12-16 11:11 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
  2006-12-16 11:11 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
  2006-12-16 11:11 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
  2006-12-16 11:11 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
  2006-12-16 11:11 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
  2006-12-16 11:11 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
  2006-12-16 11:11 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
  2006-12-16 11:11 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
  2006-12-16 11:11 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
  2006-12-16 11:11 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
  2006-12-16 11:11 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
  2006-12-16 11:11 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
  2006-12-16 11:10 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
  2006-12-16 11:10 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
  2006-12-16 11:10 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
  2006-12-16 11:10 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
  2006-12-16 11:10 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
  2006-12-16 11:10 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
  2006-12-16 11:10 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
  2006-12-16 11:10 d--hs---- C:\System Volume Information
  2006-12-05 10:30 d-------- C:\WINDOWS\CREATOR
  2006-12-05 10:12 dr-hs---- C:\WINDOWS\system32\dllcache
  2006-12-05 10:12 dr-h----- C:\Documents and Settings\All Users\Application Data\.
  2006-12-05 10:12 dr-h----- C:\Documents and Settings\All Users\Application Data
  2006-12-05 10:12 dr--s---- C:\WINDOWS\Fonts
  2006-12-05 10:12 dr--s---- C:\WINDOWS\assembly
  2006-12-05 10:12 dr------- C:\WINDOWS\Web
  2006-12-05 10:12 dr------- C:\WINDOWS\Offline Web Pages
  2006-12-05 10:12 dr------- C:\Program Files\Common Files\..
  2006-12-05 10:12 dr------- C:\Program Files\.
  2006-12-05 10:12 dr------- C:\Program Files
  2006-12-05 10:12 dr------- C:\Documents and Settings\All Users\Start Menu
  2006-12-05 10:12 dr------- C:\Documents and Settings\All Users\Documents
  2006-12-05 10:12 d-ahs---- C:\WINDOWS\..
  2006-12-05 10:12 d-ahs---- C:\Program Files\..
  2006-12-05 10:12 d--hs---- C:\WINDOWS\Installer
  2006-12-05 10:12 d--hs---- C:\Documents and Settings\All Users\DRM
  2006-12-05 10:12 d--h----- C:\WINDOWS\inf
  2006-12-05 10:12 d--h----- C:\WINDOWS\$hf_mig$
  2006-12-05 10:12 d--h----- C:\Program Files\WindowsUpdate
  2006-12-05 10:12 d--h----- C:\Program Files\Uninstall Information
  2006-12-05 10:12 d--h----- C:\Program Files\InstallShield Installation Information
  2006-12-05 10:12 d--h----- C:\Documents and Settings\All Users\Templates
  2006-12-05 10:12 d---s---- C:\WINDOWS\Tasks
  2006-12-05 10:12 d---s---- C:\WINDOWS\system32\Microsoft
  2006-12-05 10:12 d---s---- C:\WINDOWS\Downloaded Program Files
  2006-12-05 10:12 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
  2006-12-05 10:12 d-------- C:\WINDOWS\WinSxS
  2006-12-05 10:12 d-------- C:\WINDOWS\twain_32
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\xircom
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\wins
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\wbem
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\usmt
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\URTTemp
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\spool
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\ShellExt
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\Setup
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\Restore
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\ras
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\oobe
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\npp
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\mui
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\MsDtc
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\Macromed
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\inetsrv
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\IME
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\icsxml
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\ias
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\export
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\drivers\etc
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\drivers\disdn
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\drivers\..
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\drivers\.
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\drivers
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\DirectX
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\dhcp
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\config
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\Com
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\CatRoot2
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\CatRoot
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\3com_dmi
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\3076
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\2052
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1054
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1042
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1041
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1037
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1033
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1031
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1028
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\1025
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\..
  2006-12-05 10:12 d-------- C:\WINDOWS\system32\.
  2006-12-05 10:12 d-------- C:\WINDOWS\system32
  2006-12-05 10:12 d-------- C:\WINDOWS\system\..
  2006-12-05 10:12 d-------- C:\WINDOWS\system\.
  2006-12-05 10:12 d-------- C:\WINDOWS\system
  2006-12-05 10:12 d-------- C:\WINDOWS\srchasst
  2006-12-05 10:12 d-------- C:\WINDOWS\SoftwareDistribution
  2006-12-05 10:12 d-------- C:\WINDOWS\security
  2006-12-05 10:12 d-------- C:\WINDOWS\Resources
  2006-12-05 10:12 d-------- C:\WINDOWS\repair
  2006-12-05 10:12 d-------- C:\WINDOWS\Registration
  2006-12-05 10:12 d-------- C:\WINDOWS\RegisteredPackages
  2006-12-05 10:12 d-------- C:\WINDOWS\Provisioning
  2006-12-05 10:12 d-------- C:\WINDOWS\PeerNet
  2006-12-05 10:12 d-------- C:\WINDOWS\pchealth
  2006-12-05 10:12 d-------- C:\WINDOWS\mui
  2006-12-05 10:12 d-------- C:\WINDOWS\msapps
  2006-12-05 10:12 d-------- C:\WINDOWS\msagent
  2006-12-05 10:12 d-------- C:\WINDOWS\Microsoft.NET
  2006-12-05 10:12 d-------- C:\WINDOWS\Media
  2006-12-05 10:12 d-------- C:\WINDOWS\java
  2006-12-05 10:12 d-------- C:\WINDOWS\ime
  2006-12-05 10:12 d-------- C:\WINDOWS\Help
  2006-12-05 10:12 d-------- C:\WINDOWS\ehome
  2006-12-05 10:12 d-------- C:\WINDOWS\Driver Cache
  2006-12-05 10:12 d-------- C:\WINDOWS\Debug
  2006-12-05 10:12 d-------- C:\WINDOWS\Cursors
  2006-12-05 10:12 d-------- C:\WINDOWS\Connection Wizard
  2006-12-05 10:12 d-------- C:\WINDOWS\Config
  2006-12-05 10:12 d-------- C:\WINDOWS\AppPatch
  2006-12-05 10:12 d-------- C:\WINDOWS\addins
  2006-12-05 10:12 d-------- C:\WINDOWS\.
  2006-12-05 10:12 d-------- C:\WINDOWS
  2006-12-05 10:12 d-------- C:\Program Files\xerox
  2006-12-05 10:12 d-------- C:\Program Files\Windows Plus
  2006-12-05 10:12 d-------- C:\Program Files\Windows NT
  2006-12-05 10:12 d-------- C:\Program Files\Windows Media Player
  2006-12-05 10:12 d-------- C:\Program Files\Sonic
  2006-12-05 10:12 d-------- C:\Program Files\Outlook Express
  2006-12-05 10:12 d-------- C:\Program Files\Online Services
  2006-12-05 10:12 d-------- C:\Program Files\NetMeeting
  2006-12-05 10:12 d-------- C:\Program Files\MSN Gaming Zone
  2006-12-05 10:12 d-------- C:\Program Files\MSN
  2006-12-05 10:12 d-------- C:\Program Files\Movie Maker
  2006-12-05 10:12 d-------- C:\Program Files\microsoft frontpage
  2006-12-05 10:12 d-------- C:\Program Files\Messenger
  2006-12-05 10:12 d-------- C:\Program Files\Java
  2006-12-05 10:12 d-------- C:\Program Files\Internet Explorer
  2006-12-05 10:12 d-------- C:\Program Files\HPQ
  2006-12-05 10:12 d-------- C:\Program Files\HP
  2006-12-05 10:12 d-------- C:\Program Files\Hewlett-Packard
  2006-12-05 10:12 d-------- C:\Program Files\ComPlus Applications
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\TiVo Shared
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\System
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\SureThing Shared
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\SpeechEngines
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\Sonic Shared
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\Services
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\ODBC
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\MSSoap
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\Microsoft Shared
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\Java
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\InstallShield
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\HP
  2006-12-05 10:12 d-------- C:\Program Files\Common Files\.
  2006-12-05 10:12 d-------- C:\Program Files\Common Files
  2006-12-05 10:12 d-------- C:\I386
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\Favorites
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\Desktop
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\Application Data\SBSI
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\Application Data\..
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\..
  2006-12-05 10:12 d-------- C:\Documents and Settings\All Users\.
  2006-12-05 10:12 d-------- C:\Documents and Settings
  2006-12-04 19:26 d-------- C:\WINDOWS\Temp
  2006-12-04 19:22 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
  2006-12-04 19:14 266,240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll
  2006-12-04 19:14 237,568 --a------ C:\WINDOWS\system32\ShellvRTF.dll
  2006-12-04 19:14 d-------- C:\WINDOWS\SMINST
  2006-12-04 19:14 d-------- C:\Program Files\Common Files\LightScribe
  2006-12-04 19:13 999,424 --a------ C:\WINDOWS\system32\BttnCmns.dll
  2006-12-04 19:13 987,136 --a------ C:\WINDOWS\system32\BttnCmn.dll
  2006-12-04 19:13 9,344 --a------ C:\WINDOWS\system32\drivers\CPQBttn.sys
  2006-12-04 19:13 7,808 --a------ C:\WINDOWS\system32\drivers\eabfiltr.sys
  2006-12-04 19:13 5,760 --a------ C:\WINDOWS\system32\drivers\EabUsb.sys
  2006-12-04 19:13 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
  2006-12-04 19:00 d-------- C:\Program Files\Oberon Media
  2006-12-04 18:57 d-------- C:\Program Files\Windows Media Connect 2
  2006-12-04 18:56 d-------- C:\Program Files\muvee Technologies
  2006-12-04 18:56 d-------- C:\Program Files\DivX
  2006-12-04 18:56 d-------- C:\Program Files\Common Files\muvee Technologies
  2006-12-04 18:54 d-------- C:\Program Files\Google
  2006-12-04 18:51 d-------- C:\Program Files\Common Files\Adobe
  2006-12-04 18:51 d-------- C:\hp
  2006-12-04 18:50 d-------- C:\Program Files\Adobe
  2006-12-04 18:49 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
  2006-12-04 18:49 d-------- C:\Documents and Settings\All Users\Application Data\HP
  2006-12-04 18:49 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
  2006-12-04 18:48 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll
  2006-12-04 18:48 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll
  2006-12-04 18:48 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
  2006-12-04 18:48 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll
  2006-12-04 18:48 193,120 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
  2006-12-04 18:48 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
  2006-12-04 18:48 d-------- C:\Program Files\Synaptics
  2006-12-04 18:46 d-------- C:\Program Files\Microsoft Office
  2006-12-04 18:45 d-------- C:\Program Files\Microsoft Works
  2006-12-04 18:45 d-------- C:\Program Files\Microsoft Money 2005
  2006-12-04 18:44 d-------- C:\Program Files\RGB
  2006-12-04 18:44 d-------- C:\Program Files\NetWaiting
  2006-12-04 18:37 d-------- C:\WINDOWS\system32\ReinstallBackups
  2006-12-04 18:36 32,356 --a------ C:\WINDOWS\system32\pusbfd1.sys
  2006-12-04 18:26 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
  2006-12-04 18:26 d-------- C:\Program Files\Norton Internet Security
  2006-12-04 18:25 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
  2006-12-04 18:25 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2006-12-04 18:25 d-------- C:\Program Files\Symantec
  2006-12-04 18:25 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
  2006-12-04 18:24 983,552 --------- C:\WINDOWS\system32\_000006_.tmp.dll
  2006-12-04 18:24 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
  2006-12-04 18:24 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
  2006-12-04 18:24 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
  2006-12-04 18:24 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
  2006-12-04 18:24 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
  2006-12-04 18:24 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
  2006-12-04 18:24 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
  2006-12-04 18:24 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
  2006-12-04 18:24 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
  2006-12-04 18:24 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
  2006-12-04 18:24 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
  2006-12-04 18:24 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
  2006-12-04 18:24 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
  2006-12-04 18:24 d-------- C:\Program Files\CONEXANT
  2006-12-04 18:24 d-------- C:\Program Files\Common Files\Symantec Shared
  2006-12-04 18:19 d-------- C:\WINDOWS\system32\msmq
  2006-12-04 18:19 d-------- C:\Program Files\Intel
  
  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
  
  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
  
  *Note* empty entries are not shown
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
  "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
  "ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
  "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
  "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
  "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
  "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
  "MsmqIntCert"="regsvr32 /s mqrt.dll"
  "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
  "ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
  "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
  "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
  "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
  "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
  "QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
  "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
  "QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
  74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
  68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
  61,72,74,00
  "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
  "RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
  "Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
  "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
  "IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
  "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
  "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
  "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
  
  [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
  "DeskHtmlVersion"=dword:00000110
  "DeskHtmlMinorVersion"=dword:00000005
  "Settings"=dword:00000001
  "GeneralFlags"=dword:00000001
  
  [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
  "Source"="About:Home"
  "SubscribedURL"="About:Home"
  "FriendlyName"="My Current Home Page"
  "Flags"=dword:00000002
  "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
  "CurrentState"=hex:04,00,00,40
  "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
  "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
  "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
  "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091
  
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "dontdisplaylastusername"=dword:00000000
  "legalnoticecaption"=""
  "legalnoticetext"=""
  "shutdownwithoutlogon"=dword:00000001
  "undockwithoutlogon"=dword:00000001
  "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
  63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
  6d,73,73,74,79,6c,65,73,00
  "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
  73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
  
  [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091
  
  [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
  "NoDriveTypeAutoRun"=dword:00000091
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
  "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
  "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
  "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
  "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
  "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
  "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
  
  Contents of the 'Scheduled Tasks' folder
  C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - SadxKiax.job
  
  Completion time: 07-01-02 19:04:43.59
  C:\ComboFix.txt ... 07-01-02 19:04
  
  HijackThis Log:
  Logfile of HijackThis v1.99.1
  Scan saved at 19:07:03, on 02/01/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\system32\mqsvc.exe
  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
  C:\WINDOWS\system32\mqtgsvc.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\ehome\ehtray.exe
  C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\eHome\ehmsas.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\QuickPlay\QPService.exe
  C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
  C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
  R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: (no name) - 8@��38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
  O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - ¸?��497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  O2 - BHO: (no name) - ��0D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
  O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
  O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
  O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
  O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
  O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166241805515
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166241759546
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  
  slowly read ba..
• ndmmxiaomayi

  2 Jan 07, 19:36

  Yeah... you've got lots of things...
  
  Open HijackThis and put a tick against these entries:
  
  O2 - BHO: (no name) - 8@��38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
  O2 - BHO: (no name) - ¸?��497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  O2 - BHO: (no name) - ��0D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
  
  Click Fix checked.
  
  Download F-Secure Blacklight
  
  Click on I Accept and select the Download Blacklight Beta graphical user interface version option. Save it to somewhere convenient.
  
  Once done, double click to run it. Do not fix anything when found. Exit it. Blacklight will create a log named fsbl-.log.
  
  Post the Blacklight log and a new HijackThis log.
• rx7Savanna

  2 Jan 07, 21:19

  F-secure log:
  01/02/07 20:42:23 [Info]: BlackLight Engine 1.0.55 initialized
  01/02/07 20:42:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
  01/02/07 20:42:24 [Note]: 7019 4
  01/02/07 20:42:24 [Note]: 7005 0
  01/02/07 20:42:34 [Note]: 7006 0
  01/02/07 20:42:34 [Note]: 7011 3564
  01/02/07 20:42:34 [Note]: 7026 0
  01/02/07 20:42:34 [Note]: 7026 0
  01/02/07 20:42:58 [Note]: FSRAW library version 1.7.1021
  01/02/07 20:50:16 [Note]: 2000 1012
  01/02/07 21:03:31 [Note]: 7007 0
  
  HijackThis Log:
  Logfile of HijackThis v1.99.1
  Scan saved at 21:17:49, on 02/01/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\WINDOWS\system32\mqsvc.exe
  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
  C:\WINDOWS\system32\mqtgsvc.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\ehome\ehtray.exe
  C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\eHome\ehmsas.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\QuickPlay\QPService.exe
  C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
  C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
  R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
  O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
  O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
  O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
  O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
  O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166241805515
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166241759546
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  
  so..wads e results of these tests?????my system clean anot?
• ndmmxiaomayi

  3 Jan 07, 07:33

  Good! Clean now! Are you experiencing any problems?
• ndmmxiaomayi

  22 Jan 07, 14:36

  Updated Process Explorer and HijackThis links.
• ndmmxiaomayi

  6 Feb 07, 20:35

  Please download HostsXpert if you are having problems downloading the tools provided here.
  
  Extract it as per the instructions on page 4.
  
  Double click on HostsXpert.exe to run it.
  
  On your right hand side, you should see a section called Backup and Restore.
  
  Click on the Restore Microsoft's Hosts File button.
  
  Here's a screenshot (look at the brown box)
  
  
  
  Then try downloading the tools again.
• ndmmxiaomayi

  7 Feb 07, 08:17

  Those who can't download HostsXpert, please let me know.
• ceecookie

  10 Feb 07, 12:01

  Should i go for PC Tools Spyware Doctor or AVG Anti-spyware?
  
  preferrly the one that dont consume so much resources
• ndmmxiaomayi

  10 Feb 07, 12:03

  I prefer AVG. PC Tools don't remove anything found if I'm not wrong.
  
  You can set both not to start up when Windows start.
  
  For AVG, right click its icon near the time and untick Start with Windows.
• ceecookie

  13 Feb 07, 21:08

  Here's a proof for those who wanna source for crack code.