mgg.exe virus

Computing.Net > Forums > Security and Virus > mgg.exe virus

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Original Message

Name: cedrix2001
Date: November 8, 2007 at 10:48:14 Pacific
Subject: mgg.exe virus
OS: win xp proffesional
CPU/Ram: amd 64 6000+, 2 gb
Manufacturer/Model: clone

Comment:

mgg.exe is a virus very defficult to get rid off, this replicate on avpo.exe, help.exe and other filenames, I have norton antivirus,spyboot AND NVIDIA Firewall, this software warned me of the virus's presence and asked to allowed or denied access, I alway denied it but how can I delete it from the system? I used "regedit" to delete all the registry related to this virus, but it always back.
I haven't tried the safe mode deletion process yet, but I would like to know about another way to delete this bad virus. any suggestion?
4321

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: November 8, 2007 at 11:41:30 Pacific

Reply:

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report Offensive Follow Up For Removal

Response Number 2

Name: cedrix2001
Date: November 12, 2007 at 09:42:43 Pacific

Reply:

Hi, here is the info:
SmitFraudFix v2.252
Scan done at 9:17:39.87, Mon 11/12/2007
Run from C:\Software\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jacruz

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jacruz\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jacruz\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
Description: 2Wire 802.11g USB Wireless LAN Card #2 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{547BB6B3-CC6C-4103-B8B8-DB8962E6DE79}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{70D064F9-514A-40DA-B611-4C834F12FF5E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{547BB6B3-CC6C-4103-B8B8-DB8962E6DE79}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{70D064F9-514A-40DA-B611-4C834F12FF5E}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
AND HERE IS THE HIJACKTHIS REPORT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:35 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://es.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = JORGE'S INTERNET
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] C:\PROGRA~1\Symantec\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9862 bytes
THANKS ON ADVANCE.
4321

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: November 22, 2007 at 18:11:24 Pacific

Reply:

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 4

Name: cedrix2001
Date: November 23, 2007 at 12:29:59 Pacific

Reply:

Thanks for your response, here is the report:
ComboFix 07-11-19.3 - jacruz 2007-11-23 10:19:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1528 [GMT -8:00]
Running from: C:\Documents and Settings\jacruz\Local Settings\Temporary Internet Files\Content.IE5\174JMWSC\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jacruz\Application Data\inst.exe
C:\WINDOWS\system32\wnsintcc.exe
C:\WINDOWS\system32\ymbols~1
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
2007-11-21 21:53 25,439 --a------ C:\maep10.dat
2007-11-21 21:51 <DIR> d-------- C:\Program Files\Magic Audio Editor Pro
2007-11-20 09:41 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-11-19 20:49 <DIR> d-------- C:\Program Files\ACW
2007-11-15 21:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-15 20:58 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-15 20:58 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-13 17:48 95,834 -r-hs---- C:\ntde1ect.com
2007-11-12 09:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-12 09:16 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-12 09:16 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-12 09:16 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 09:22 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-11-11 09:22 139,776 -ra------ C:\WINDOWS\system32\drivers\adidts.sys
2007-11-11 09:17 <DIR> d-------- C:\Program Files\Analog Devices
2007-11-11 09:17 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-11-11 09:17 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2007-11-03 10:05 <DIR> d-------- C:\Program Files\detest5
2007-11-03 10:05 114 --a------ C:\WINDOWS\de04ch5.dat
2007-11-03 10:04 920,567 --a------ C:\desetup.exe
2007-11-03 10:03 502,272 --a------ C:\10key.exe
2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 20:22 <DIR> d-------- C:\Documents and Settings\jacruz\Application Data\DivX
2007-10-29 20:18 249 --a------ C:\WINDOWS\system32\spupdwxp.log
2007-10-29 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-10-29 20:12 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-10-29 20:12 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-10-29 20:12 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-10-29 20:12 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2007-10-29 20:12 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-10-29 20:12 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-10-29 20:12 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-10-29 20:12 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-10-29 20:12 32,866 --------- C:\WINDOWS\slrundll.exe
2007-10-29 20:12 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-10-29 20:12 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-10-29 20:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2007-10-29 20:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-10-29 20:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-10-28 08:36 <DIR> d-------- C:\Documents and Settings\jacruz\Shared
2007-10-28 08:35 <DIR> d-------- C:\WINDOWS\Sun
2007-10-28 08:35 <DIR> d-------- C:\Documents and Settings\jacruz\Incomplete
2007-10-28 08:34 <DIR> d-------- C:\Program Files\Java
2007-10-28 08:34 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-10-28 08:34 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-10-28 08:32 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-28 08:29 <DIR> d-------- C:\Program Files\LimeWire Turbo
2007-10-28 08:29 <DIR> d-------- C:\Documents and Settings\jacruz\Application Data\LimeWireTurbo
2007-10-24 19:35 <DIR> d-------- C:\SWSetup
2007-10-23 16:52 <DIR> d-------- C:\CloneDVDTemp
2007-10-23 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-23 01:35 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-10-23 01:17 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-10-23 01:17 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-10-23 01:17 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-10-23 01:17 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-10-23 01:17 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-10-23 01:17 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-10-23 01:17 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-10-23 01:16 <DIR> d-------- C:\Program Files\InterVideo
2007-10-23 01:16 <DIR> d-------- C:\Documents and Settings\jacruz\Application Data\InterVideo
2007-10-23 01:16 26,694 --a------ C:\WINDOWS\HWS.exe
2007-10-23 01:16 26,694 --a------ C:\WINDOWS\HMD.exe
2007-10-23 01:16 21,060 --a------ C:\WINDOWS\system32\iviaspi.sys
2007-10-23 01:10 <DIR> d-------- C:\Program Files\DivX
2007-10-23 01:10 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-23 01:10 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-23 01:10 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-23 00:59 <DIR> d-------- C:\WINDOWS\nview
2007-10-23 00:59 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-23 00:59 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-23 00:59 327,680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-10-23 00:59 16,958 --a------ C:\WINDOWS\system32\evga.ico
2007-10-23 00:58 <DIR> d-------- C:\WINDOWS\system32\EVGA
2007-10-23 00:58 6,738,432 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-23 00:58 6,738,432 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-23 00:58 5,421,312 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-23 00:58 5,421,312 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-10-23 00:58 3,284,992 --a------ C:\WINDOWS\system32\nvgames.dll
2007-10-23 00:52 28,160 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-10-23 00:44 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2007-10-23 00:44 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-23 00:41 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-23 00:40 <DIR> d-------- C:\Program Files\DIFX
2007-10-23 00:40 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-23 00:38 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-10-23 00:31 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-10-23 00:19 <DIR> d-------- C:\WINDOWS\NV6201328.TMP
2007-10-23 00:19 1,075,328 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-10-23 00:19 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-10-23 00:19 261,120 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-10-23 00:19 109,568 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 18:09 97,320 --sh--r C:\WINDOWS\system32\avpo.exe
2007-11-23 18:09 32,456 --sh--r C:\WINDOWS\system32\avpo0.dll
2007-11-22 20:26 --------- d-----w C:\Program Files\Yahoo!
2007-11-22 20:26 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Yahoo!
2007-11-22 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-22 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-22 19:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-12 17:17 3,098 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-10 05:46 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-23 09:17 65 ----a-w C:\Program Files\Common Files\appop.log
2007-10-23 08:36 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Vso
2007-10-22 21:25 --------- d-----w C:\Program Files\2Wire 802.11g Wireless
2007-10-22 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism
2007-10-22 20:02 --------- d-----w C:\Program Files\Futuremark
2007-10-22 20:02 --------- d-----w C:\Program Files\ASUS
2007-10-22 00:54 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Ahead
2007-10-21 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-20 22:35 --------- d-----w C:\Program Files\Softland
2007-10-20 22:35 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Softland
2007-10-15 00:34 --------- d-----w C:\Program Files\Symantec
2007-10-13 04:38 --------- d-----w C:\Program Files\R-Studio
2007-10-13 02:28 --------- d-----w C:\Program Files\Active Data Recovery Services
2007-10-10 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-09 04:48 --------- d-----w C:\Program Files\DVD Shrink
2007-10-09 04:48 --------- d-----w C:\Documents and Settings\jacruz\Application Data\RipIt4Me
2007-10-09 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-08 17:35 --------- d-----w C:\Documents and Settings\jacruz\Application Data\AdobeUM
2007-10-08 17:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-07 05:25 127,488 --sh--w C:\WINDOWS\java\4D1B90FDDF6B.dll
2007-10-06 23:32 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-06 23:32 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-06 23:32 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-06 23:32 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-05 00:56 --------- d-----w C:\Program Files\DVDFab Platinum 3
2007-10-05 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2007-10-04 07:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-10-02 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 06:50 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-30 06:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-30 06:50 --------- d-----w C:\Program Files\Common Files\L&H
2007-09-30 06:49 --------- d-----w C:\Program Files\Microsoft Works
2007-09-30 06:28 --------- d-----w C:\Program Files\iTunes
2007-09-30 06:28 --------- d-----w C:\Program Files\iPod
2007-09-30 06:04 --------- d-----w C:\Program Files\Tansee iPod Transfer
2007-09-30 05:30 --------- d-----w C:\Program Files\Common Files\eSellerate
2007-09-29 21:41 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Apple Computer
2007-09-29 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-29 04:45 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-29 04:42 --------- d-----w C:\Program Files\Nero
2007-09-29 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-28 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-27 07:09 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-27 07:09 47,360 ------w C:\Documents and Settings\jacruz\Application Data\pcouffin.sys
2007-09-27 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-09-27 06:05 --------- d-----w C:\Program Files\Elaborate Bytes
2007-09-27 06:01 --------- d-----w C:\Documents and Settings\jacruz\Application Data\SlySoft
2007-09-27 05:52 --------- d-----w C:\Program Files\SlySoft
2007-09-27 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-09-27 04:33 --------- d-----w C:\Program Files\DVD Decrypter
2007-09-26 02:27 --------- d-----w C:\Program Files\QuickTime
2007-09-26 02:27 --------- d-----w C:\Program Files\Apple Software Update
2007-09-26 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-26 02:26 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-26 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 05:37 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Systweak
2007-09-25 05:36 --------- d-----w C:\Program Files\advsystoptm220_ForumCrazE.com
2007-09-25 04:05 --------- d-----w C:\Documents and Settings\jacruz\Application Data\Hewlett-Packard
2007-09-25 04:04 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-25 03:53 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-09-25 01:28 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-06 07:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-08-29 00:44 108,406 --sh--w C:\WINDOWS\java\4D1B90FDDF6B.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:07]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-13 23:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00 C:\WINDOWS\mixer.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 17:07 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-05-11 05:03 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 17:07 C:\WINDOWS\system32\rundll32.exe]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe" [2006-11-13 22:25]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 18:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 20:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe [2007-10-22 13:22:38]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayContextMenu"= 0 (0x0)
"DisAllowRun"= 1 (0x1)
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36EAFED6-FE52-42E5-8FEC-703424BAA9CF}"= C:\WINDOWS\jAva\4D1B90FDDF6B.dll [2007-10-06 21:25 127488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-09-15 14:23 1465280 --------- C:\Software\AnyD\AnyDVD 6.1.7.4 Final\crack\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]
2007-11-23 10:09 97320 -r-hs---- C:\WINDOWS\system32\avpo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIRECTCD]
2005-10-24 23:49 299008 --a------ C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]
C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
2005-01-21 01:47 270336 --a------ C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys
R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 20:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-25 04:38:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1190695075.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-11-20 04:19:07 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - jacruz.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 10:20:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 10:20:55
.
--- E O F ---
4321

Report Offensive Follow Up For Removal

Response Number 5

Name: cedrix2001
Date: November 23, 2007 at 12:41:22 Pacific

Reply:

the report shows in the "Find3M Report":
2007-11-23 18:09 97,320 --sh--r C:\WINDOWS\system32\avpo.exe
2007-11-23 18:09 32,456 --sh--r C:\WINDOWS\system32\avpo0.dll
avpo.exe and avpo0.dll are the files that are messing with my computer, but I still can't find them in system32 (show hidden files and folder setting), please let me know..

4321

Report Offensive Follow Up For Removal