Option 3: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\PROGRA~1\MESSEN~1\BAK C:\PROGRA~1\BITTOR~1\BAK "C:\hp\KBD\bak "C:\Program Files\AIM6\bak "C:\Program Files\QuickTime\bak "C:\Program Files\SymNetDrv\bak "C:\WINDOWS\SMINST\bak "C:\WINDOWS\system\bak "C:\WINDOWS\system32\bak "C:\Program Files\Common Files\Symantec Shared\bak "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak "C:\Program Files\Common Files\Real\Update_OB\bak "C:\Program Files\Common Files\Symantec Shared\Security Center\bak "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak "C:\Program Files\Java\j2re1.4.2_03\bin\bak "C:\Program Files\Qwest\QuickCare\bin\bak Next, close and click Yes to save the changes. Once folders.txt is saved, FindAWF does the following: -It deletes the contents of the bak folders -Removes the bak folders When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Next Option 4. Option 4: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 4 then Enter to reset domain zones This removes all entries from the domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT Next, Launch Notepad, and copy/paste all the blue instructions below to it. Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] Then, disconnect from the Internet! Next, Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information. Optional if the following programs are in your computer. Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed. Delete the fixme.reg file just created.

0

okay, here's what it says now. bak folders found ~~~~~~~~~~~ Directory of C:\HP\KBD\BAK 02/11/2003 09:02 PM 61,440 KBD.exe 1 File(s) 61,440 bytes Directory of C:\PROGRA~1\AIM6\BAK 04/27/2007 03:17 PM 50,736 aim6.exe 1 File(s) 50,736 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 08/11/2004 10:08 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\PROGRA~1\SYMNET~1\BAK 01/22/2007 05:28 PM 100,056 SNDMon.exe 1 File(s) 100,056 bytes Directory of C:\WINDOWS\SMINST\BAK 04/14/2004 09:43 PM 233,472 RECGUARD.exe 1 File(s) 233,472 bytes Directory of C:\WINDOWS\SYSTEM\BAK 05/07/1998 05:04 PM 52,736 hpsysdrv.exe 1 File(s) 52,736 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/04/2004 07:00 AM 15,360 ctfmon.exe 08/20/2004 05:51 PM 118,784 hkcmd.exe 06/07/2004 07:42 PM 659,456 hphmon06.exe 08/20/2004 05:55 PM 155,648 igfxtray.exe 10/16/2002 05:57 PM 81,920 ps2.exe 5 File(s) 1,031,168 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK 12/21/2005 02:54 PM 71,328 ccApp.exe 1 File(s) 71,328 bytes Directory of C:\PROGRA~1\HP\{AAC4F~1\BAK 06/07/2004 07:53 PM 49,152 hphupd06.exe 1 File(s) 49,152 bytes Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK 08/11/2004 09:52 PM 180,269 realsched.exe 1 File(s) 180,269 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK 11/02/2004 06:59 PM 218,240 UsrPrmpt.exe 1 File(s) 218,240 bytes Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK 02/03/2007 06:58 PM 171,448 GoogleToolbarNotifier.exe 1 File(s) 171,448 bytes Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK 08/11/2004 08:36 PM 32,881 jusched.exe 1 File(s) 32,881 bytes Directory of C:\PROGRA~1\QWEST\QUICKC~2\BIN\BAK 05/09/2007 06:15 PM 198,800 sprtcmd.exe 1 File(s) 198,800 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 61440 Feb 11 2003 "C:\hp\KBD\KBD.exe" 61440 Feb 11 2003 "C:\hp\KBD\bak\KBD.exe" 50736 Apr 27 2007 "C:\Program Files\AIM6\aim6.exe" 50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 100056 Jan 22 2007 "C:\Program Files\SymNetDrv\bak\SNDMon.exe" 233472 Apr 14 2004 "C:\WINDOWS\SMINST\RECGUARD.exe" 233472 Apr 14 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.exe" 52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe" 52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 118784 Aug 20 2004 "C:\WINDOWS\system32\hkcmd.exe" 118784 Aug 3 2004 "C:\hp\drivers\video_Intel\hkcmd.exe" 118784 Aug 20 2004 "C:\WINDOWS\system32\bak\hkcmd.exe" 118784 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe" 659456 Jun 7 2004 "C:\WINDOWS\system32\hphmon06.exe" 659456 Jun 7 2004 "C:\WINDOWS\system32\bak\hphmon06.exe" 27660 Oct 6 2007 "C:\WINDOWS\system32\igfxtray.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe" 81920 Oct 16 2002 "C:\WINDOWS\system32\ps2.exe" 81920 Oct 16 2002 "C:\hp\drivers\keyboard\PS2.exe" 81920 Oct 16 2002 "C:\WINDOWS\system32\bak\ps2.exe" 71328 Dec 21 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 71328 Dec 21 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" 49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" 49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe" 180269 Aug 11 2004 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 180269 Aug 11 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" 218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" 218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe" 52272 Feb 3 2007 "C:\Program Files\Google\googletoolbar3user.exe" 68856 Oct 20 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 138168 Feb 3 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 171448 Feb 3 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" 132760 Sep 30 2007 "C:\Program Files\Azureus\jre\bin\jusched.exe" 32881 Sep 28 2004 "C:\Program Files\DeductionPro 2006\JRE\bin\jusched.exe" 32881 Aug 11 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" 32881 Sep 1 2005 "C:\Program Files\WILLPower\jre\bin\jusched.exe" 32881 Aug 11 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe" 198800 May 9 2007 "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" 198800 May 9 2007 "C:\Program Files\Qwest\QuickCare\bin\bak\sprtcmd.exe" end of report

0

Lets try once mor, an error on my part. Option 3: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\PROGRA~1\MESSEN~1\BAK C:\PROGRA~1\BITTOR~1\BAK C:\hp\KBD\bak C:\Program Files\AIM6\bak C:\Program Files\QuickTime\bak C:\Program Files\SymNetDrv\bak C:\WINDOWS\SMINST\bak C:\WINDOWS\system\bak C:\WINDOWS\system32\bak C:\Program Files\Common Files\Symantec Shared\bak C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak C:\Program Files\Common Files\Real\Update_OB\bak C:\Program Files\Common Files\Symantec Shared\Security Center\bak C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak C:\Program Files\Qwest\QuickCare\bin\bak Next, close and click Yes to save the changes. Once folders.txt is saved, FindAWF does the following: -It deletes the contents of the bak folders -Removes the bak folders When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Next Option 4. Option 4: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 4 then Enter to reset domain zones This removes all entries from the domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT Next, Launch Notepad, and copy/paste all the blue instructions below to it. Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] Then, disconnect from the Internet! Next, Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information. Optional if the following programs are in your computer. Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed. Delete the fixme.reg file just created.

0

It's surprisingly short this time. Is that good or bad? Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Mon 10/22/2007 The current time is: 16:31:02.54 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\QUICKT~1\BAK 08/11/2004 10:08 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/20/2004 05:55 PM 155,648 igfxtray.exe 1 File(s) 155,648 bytes Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK 08/11/2004 08:36 PM 32,881 jusched.exe 1 File(s) 32,881 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 98304 Aug 11 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 27660 Oct 6 2007 "C:\WINDOWS\system32\igfxtray.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe" 132760 Sep 30 2007 "C:\Program Files\Azureus\jre\bin\jusched.exe" 32881 Sep 28 2004 "C:\Program Files\DeductionPro 2006\JRE\bin\jusched.exe" 32881 Aug 11 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" 32881 Sep 1 2005 "C:\Program Files\WILLPower\jre\bin\jusched.exe" 32881 Aug 11 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe" end of report

0

Looking Better. Your java is out of date and is being exploited. Download the latest version of http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed . Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version. Option 3: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\PROGRA~1\QUICKT~1\BAK C:\WINDOWS\SYSTEM32\BAK C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK Next, close and click Yes to save the changes. Once folders.txt is saved, FindAWF does the following: -It deletes the contents of the bak folders -Removes the bak folders When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Next Option 4. Option 4: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 4 then Enter to reset domain zones This removes all entries from the domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT Next, Launch Notepad, and copy/paste all the blue instructions below to it. Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] Then, disconnect from the Internet! Next, Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information. Optional if the following programs are in your computer. Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed. Delete the fixme.reg file just created.

0

It keeps getting shorter, does that mean we're almost done? bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\QUICKT~1\BAK 08/11/2004 10:08 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/20/2004 05:55 PM 155,648 igfxtray.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 98304 Aug 11 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 27660 Oct 6 2007 "C:\WINDOWS\system32\igfxtray.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe" end of report

0

Hpoefully this will remove it. Option 3: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\Program Files\QuickTime\bak\ C:\WINDOWS\system32\bak\ Next, close and click Yes to save the changes. Once folders.txt is saved, FindAWF does the following: -It deletes the contents of the bak folders -Removes the bak folders When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Next Option 4. Option 4: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 4 then Enter to reset domain zones This removes all entries from the domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT

0

bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\QUICKT~1\BAK 08/11/2004 10:08 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/20/2004 05:55 PM 155,648 igfxtray.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 98304 Aug 11 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 27660 Oct 6 2007 "C:\WINDOWS\system32\igfxtray.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe" end of report

0

Option 3: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\Program Files\QuickTime\bak C:\WINDOWS\system32\bak Next, close and click Yes to save the changes. Once folders.txt is saved, FindAWF does the following: -It deletes the contents of the bak folders -Removes the bak folders When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Next Option 4. Option 4: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 4 then Enter to reset domain zones This removes all entries from the domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT Please download ComboFix to the desktop from this link: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces and post a new Hiajck This log.

0

Dang, I was hoping that last one would do it...Well, let's see what this does: Here's AWF's report, Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Tue 10/23/2007 The current time is: 17:25:40.32 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\QUICKT~1\BAK 08/11/2004 10:08 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/20/2004 05:55 PM 155,648 igfxtray.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 98304 Aug 11 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 27660 Oct 6 2007 "C:\WINDOWS\system32\igfxtray.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe" end of report And here's combofix's ComboFix 07-10-23.1 - HP_Owner 2007-10-23 17:30:09.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.60 [GMT -6:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Owner\Application Data\install.dat C:\Documents and Settings\HP_Owner\Application Data\privprotect.exe C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe C:\Program Files\WinBudget C:\Program Files\WinBudget\bin\crap.1192417995.old C:\Program Files\WinBudget\bin\matrix.dat C:\Program Files\WinBudget\bin\matrix.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 17:28 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-22 23:24 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-20 07:13 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-18 01:03 <DIR> d--h----- C:\WINDOWS\PIF 2007-10-11 14:48 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData 2007-10-06 22:30 <DIR> d-------- C:\WINDOWS\system32\bak 2007-10-05 08:50 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Media Player Classic 2007-10-05 08:44 <DIR> d-------- C:\Program Files\Combined Community Codec Pack 2007-09-30 03:26 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\DivX 2007-09-30 03:24 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-09-30 03:24 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-09-30 03:24 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-09-30 03:24 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-09-30 03:24 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-09-30 03:23 <DIR> d-------- C:\Program Files\DivX 2007-09-30 02:17 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus 2007-09-30 02:11 <DIR> d-------- C:\Program Files\Azureus . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 10:36 --------- d-----w C:\Program Files\Viewpoint 2007-10-23 10:36 --------- d-----w C:\Program Files\AIM6 2007-10-23 05:25 --------- d-----w C:\Program Files\Java 2007-10-22 22:31 --------- d-----w C:\Program Files\SymNetDrv 2007-10-22 22:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-21 22:16 --------- d-----w C:\Program Files\BitTorrent 2007-10-20 15:19 --------- d-----w C:\Program Files\Symantec 2007-10-20 13:00 --------- d-----w C:\Program Files\QuickTime 2007-10-12 05:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-16 12:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint 2007-09-12 23:38 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\acccore 2007-09-12 22:20 --------- d-----w C:\Program Files\Common Files\AOL . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 98,304 2004-08-12 04:08:01 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 98,304 2004-08-12 04:08:01 C:\Program Files\QuickTime\qttask.exe ----a-w 155,648 2004-08-20 23:55:14 C:\WINDOWS\system32\bak\igfxtray.exe ----a-w 27,660 2007-10-07 04:40:54 C:\WINDOWS\system32\igfxtray.exe

0

Perhaps we need to kill the rogue file again. Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 2 then Enter to restore files from bak folders A text file opens called: files.txt Click below the line and paste the following list of files to be restored: "C:\Program Files\QuickTime\bak\qttask.exe" "C:\WINDOWS\system32\bak\igfxtray.exe" Next, close and click Yes to save the changes. Once files.txt is saved, FindAWF does the following: -It attempts to terminate the process represented by each filename on the list, if running -Deletes the rogue file from the parent folder, if present -Copies the original file to the parent folder When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Option 3: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\Program Files\QuickTime\bak C:\WINDOWS\system32\bak Next, close and click Yes to save the changes. Once folders.txt is saved, FindAWF does the following: -It deletes the contents of the bak folders -Removes the bak folders When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Next Option 4. Option 4: Double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 4 then Enter to reset domain zones This removes all entries from the domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT Next, Launch Notepad, and copy/paste all the blue instructions below to it. Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges] Then, disconnect from the Internet! Next, Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information. Optional if the following programs are in your computer. Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed. Delete the fixme.reg file just created.

0

Option 2's report: Find AWF report by noahdfear ©2006 Version 1.40 Option 2 run successfully The current date is: Tue 10/23/2007 The current time is: 20:53:48.53 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\QUICKT~1\BAK 08/11/2004 10:08 PM 98,304 qttask.exe 1 File(s) 98,304 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/20/2004 05:55 PM 155,648 igfxtray.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 98304 Aug 11 2004 "C:\Program Files\QuickTime\qttask.exe" 98304 Aug 11 2004 "C:\Program Files\QuickTime\bak\qttask.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\igfxtray.exe" 155648 Aug 3 2004 "C:\hp\drivers\video_Intel\igfxtray.exe" 155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Aug 3 2004 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe" end of report Option 3's report bak folders found ~~~~~~~~~~~ Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ end of report

0

Looks much better. The log is clean. Is the computer operating better?

0

It seems to be. IE and AIM are working again. Do you think it's fixed?

0

Yes, I would like to see a Hijack This log. Please download and install the latest version of HijackThis v2.0.2: Download the HijackThis Installer from this link: HijackThis 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

0

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:38 AM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/A... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5954 bytes So, how's it look?

0

Run hijack This, close all windows and browsers except Hiajck This, place a check tot he left of the following items and press "fix checked": O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime Exit Hijack This and post a new Hijack This log please.

0

okay, done. here's the new scan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:42:49 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/A... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5790 bytes

0

Much Better, your Hijack This log is clean. Is the computer operating better now?

0

yeah, there's absolutely nothing discrepant at all.

0

Glad we could help.

0