Another person with the AxFreePorn dialer problem

Hello,
I ran a search here and I see a few other people are having this problem. Appears the solution is given on a individual basis.

Sporadically this thing will disconnect me from my internet server and then a desktop with the AxFreePorn name an logo appears and its starts trying to dial that server. I delete the desktop and the dialer but it reappears eventually.

I have run Adaware, Spybot and spywareinfo.com/xscan (recommended by my internet provider). None of them get rid of it or even seem to pick it up.

I'm sort of a computer novice. One of my friends who is big on computers said I will probably have to back up my programs and reformat my hard drive. Is there a more simple solution to his problem? Any help would be great. Thanks!

 

Hi BlueRoom
Welcome to windowsbbs

Please hang on before you reformat.

We are working on it.
In the mean time would you post a HJT log here.

Thanks
Geri

 

Hi
I should have given this before, sorry.

• 
  * Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Scan button.
    You will notice the [Scan] button will turn into a [Save Log] button. [/b] It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  
  
  Geri

 

• 
  
  I did exactly this but instead of opening a notepad so I can copy it, it opens one of my audio programs??

 

Hi

Never had it do that before??

Try running it from your programs list. see if it's the same.

What audio program opens it?


Geri

 

Hi Geri,

Tried it both ways again tonight off the desktop again and from the program list. It still opens MAGIX audio cleaning lab instead of notepad.

 

Hi BlueRoom
OK Try this.
press Ctrl> ALT>Delete to bring up task manager. Click on the process tab.
Click on MAGIX audio to highlight it.
Click on end process.

Now try to run HJT again (Do not reboot between the two, MAGIX will start up again at a reboot)

Geri

 

Still pulls up the MAGIX instead of the notepad.

 

Hi
OK Lets do it this way.

Open HJT click on "Scan Only" after it scans click on "Save Log" at the bottom Save it in "My Documents "

It will try to open again in MAGIX, just close out of it.

Go to My Documents, right click on the Hijackthis log, click on "Open with" find Word Pad click on it to highlight it and click open.

See if that works, copy and paste the log here.

Geri

 

Success!

Logfile of HijackThis v1.99.1
Scan saved at 10:25:02 PM, on 3/13/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {487BEC95-89FF-B4B9-EE19-CF3344F20AD7} - C:\WINDOWS\syytupvq.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Mercury Network Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8C2E4620-FFB9-3F53-6848-07C7762660C4} - C:\WINDOWS\syytupvq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O3 - Toolbar: Search - {8F4D0BD6-AF72-747E-3904-08FCB4B8EAD6} - C:\WINDOWS\syytupvq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Mike Blue "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://a1440.g.akamaitech.net/7/144...content.com/02000089/cccabs/CleverContent.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/048be75f0208809ba523/netzip/RdxIE601.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.teslatheband.com/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5681FE07-4E1D-4479-AAEA-5ADF23007A92}: NameServer = 64.7.161.12 64.7.161.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

Hi
Good.

Now let me say that this is a new virus and there are people working on it that are smarter then I am.

So please give them a chance and if they ask you for anything please do your best to help them out.

Thanks
Geri

 

Hi BlueRoom & welcome

Hiya Geri ~waves~

Geri asked me to have a peek in this thread. I'm interested in this AxPornDialer you are speaking of.

Next time that thing shows up on your desktop (I presume it is a shortcut?)
Right click the shortcut> click properties.
In the general tab should show path to the actual file.
What is this path please?

Next find the file and upload it here for me please:

http://www.bleepingcomputer.com/submit-malware.php?channel=20

Please include there the link to this thread so I know whos it is.

Thanks!

Your logs not showing me enough...

Looks like you have Agent.AWF infection. This replaces a bunch of your program files with infected versions. Likely is disrupting the way some of your programs are working.

Lets get that cleaned up.

Sorry for the formatting of the below AVG instructions. Forums are different here than where I usually post. (I have not figured out img tags here yet)
If you click the scanAVG link you will see the screenshot of settings I'm after.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.



Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

Post the results of your Ewido log here please.

If it is too big to post you can upload it here:

http://www.bleepingcomputer.com/submit-malware.php?channel=19

Include link to your thread here so I know whos scan this is.

Next:

Download this file, save it and run it.

http://noahdfear.geekstogo.com/FindAWF.exe

Post the log it creates.

Finally...:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Files Created Within group click 30 days
  • In the Files Modified Within group select 30 days
  • In the File String Search group select Non-Microsoft
• Now click the Run Scan button on the toolbar. Scan takes a while so please be patient.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

It may take a few posts to get all logs in.

Thanks!

 

Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.


Ok, I have done everything up to here. I must be right clicking on the wrong spot because I dont get these options or anything like it. Where is the tray icon at?

 

Hi,

So you have installed it, updated it, and set the updater & shields to Inactive. Yes?

Will the program start?

If it starts OK then right click it by the clock, uncheck "start with windows" then go ahead and run the scan as described above.

Thanks

Tammy

 

Hi Blender,
I figured out what I was doing wrong on the AVG software last night but as I was going to respond and let you know the Axfreeporn virus activated and knocked me off.

Here is the path of the desktop that shows up.

"C:\Documents and Settings\Mike Blue\Local Settings\Temp\1173843282O8lCa.exe "

I will forward the file to your link indicated. I'm getting this to you first, then I will continue with the AVG part of your post.

Thanks

 

Here is the result of the Ewido log (I think, if I did this correctly)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:15:31 PM 3/14/2007

+ Scan result:



C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Adware.Pacer : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike Blue\Local Settings\Temp\1173843282O8lCa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike Blue\Cookies\mike blue@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mike Blue\Cookies\mike blue@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mike Blue\Cookies\mike blue@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mike Blue\Cookies\mike blue@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mike Blue\Cookies\mike blue@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mike Blue\Cookies\mike blue@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Mike Blue\Cookies\mike blue@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\SYSTEM32\wnsintsv.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

 

Ok, here are the results of the next link you told me to download.

Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 01:00 AM 90,112 UpdReg.EXE
1 File(s) 90,112 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

07/09/2001 10:50 AM 155,648 NeroCheck.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/13/2005 05:25 PM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\PROGRA~1\WASHER\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\INTERN~2\BAK

07/12/2004 02:08 PM 1,263,616 heraser.exe
1 File(s) 1,263,616 bytes

Directory of C:\PROGRA~1\DVD43\BAK

05/22/2006 01:26 PM 694,272 dvd43_tray.exe
1 File(s) 694,272 bytes

Directory of C:\PROGRA~1\MERCUR~1\BAK

02/22/2005 08:40 AM 28,672 trayctl.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

06/17/2001 02:01 AM 26,112 realplay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

09/24/2005 12:08 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\CREATIVE\SBDRIV~1\BAK

12/03/2002 06:06 PM 45,056 SBDrvDet.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK

11/02/2004 06:59 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

11/10/2005 09:44 AM 94,208 NMBgMonitor.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\SURROU~1\BAK

07/02/2003 10:03 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\DVDAUDIO\BAK

06/18/2003 01:00 AM 45,056 CTDVDDET.EXE
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\REMOTE~1\BAK

11/21/2003 02:08 PM 143,360 RCMan.EXE
1 File(s) 143,360 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE "
155648 Jul 9 2001 "C:\WINDOWS\SYSTEM32\NeroCheck.exe "
155648 Jul 9 2001 "C:\WINDOWS\SYSTEM32\bak\NeroCheck.exe "
77824 Sep 13 2005 "C:\Program Files\QuickTime\bak\qttask.exe "
1263616 Jul 12 2004 "C:\Program Files\Internet History Eraser\bak\heraser.exe "
38924 Jan 16 2007 "C:\Program Files\dvd43\dvd43_tray.exe "
694272 May 22 2006 "C:\Program Files\dvd43\bak\dvd43_tray.exe "
28672 Feb 22 2005 "C:\Program Files\Mercury Network Accelerator\bak\trayctl.exe "
26112 Jun 17 2001 "C:\Program Files\Real\RealPlayer\bak\realplay.exe "
38924 Jan 16 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
49152 Sep 24 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe "
45056 Dec 3 2002 "C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe "
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe "
94208 Nov 10 2005 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
94208 Nov 10 2005 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe "
57344 Jul 2 2003 "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe "
45056 Jun 18 2003 "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE "
143360 Nov 21 2003 "C:\Program Files\Creative\MediaSource\RemoteControl\bak\RCMan.EXE "


end of report

 

Ok, here is the last report you asked me to do.

WinPFind3 logfile created on: 3/14/2007 7:37:56 PM
WinPFind3U by OldTimer - Version 1.0.23 Folder = C:\Documents and Settings\Mike Blue\Desktop\WinPFind3u\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2600.0000)

261424 Kb Total Physical Memory | 50696 Kb Available Physical Memory | 19.39% Memory free
633648 Kb Paging File | 357180 Kb Available in Paging File | 56.37% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117189600 Kb Total Space | 56992544 Kb Free Space | 48.63% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/1/2006 11:33:40 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 9:59:52 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ]
ghosts~2.exe -> %ProgramFiles%\Symantec\Norton Ghost 2003\GhostStartService.exe -> Symantec Corporation [Ver = 2003.775 | Size = 200704 bytes | Modified Date = 8/14/2002 3:21:16 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 60.0.155.000 | Size = 282624 bytes | Modified Date = 9/24/2005 12:28:44 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [Ver = | Size = 38924 bytes | Modified Date = 1/16/2007 11:04:16 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:28 AM | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 1, 6 | Size = 94208 bytes | Modified Date = 11/10/2005 9:44:22 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.23.0 | Size = 313344 bytes | Modified Date = 3/11/2007 10:34:40 AM | Attr = ]
ypager.exe -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> Yahoo! Inc. [Ver = 6,0,0,1750 | Size = 2502656 bytes | Modified Date = 8/6/2004 3:33:46 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ]
(GhostStartService) GhostStartService [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Norton Ghost 2003\GhostStartService.exe -> Symantec Corporation [Ver = 2003.775 | Size = 200704 bytes | Modified Date = 8/14/2002 3:21:16 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/27/2007 12:21:44 AM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 9/5/2006 8:22:26 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 1/10/2007 7:23:50 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/1/2006 11:33:40 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 9:59:52 PM | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
dvd43 -> %ProgramFiles%\dvd43\dvd43_tray.exe -> [Ver = | Size = 38924 bytes | Modified Date = 1/16/2007 11:04:16 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [Ver = | Size = 38924 bytes | Modified Date = 1/16/2007 11:04:16 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 9/5/2006 8:22:28 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:28 AM | Attr = ]
< RunServicesOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
washindex -> %ProgramFiles%\Washer\washidx.exe -> [Ver = | Size = 64512 bytes | Modified Date = 4/2/2001 6:32:16 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 1, 6 | Size = 94208 bytes | Modified Date = 11/10/2005 9:44:22 AM | Attr = ]
PhotoShow Deluxe Media Manager -> %SystemDrive%\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> Yahoo! Inc. [Ver = 6,0,0,1750 | Size = 2502656 bytes | Modified Date = 8/6/2004 3:33:46 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 60.0.155.000 | Size = 282624 bytes | Modified Date = 9/24/2005 12:28:44 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
-> -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM\blank.htm ->
HKLM: Search Bar -> http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{487BEC95-89FF-B4B9-EE19-CF3344F20AD7} [HKLM] -> %SystemRoot%\syytupvq.dll [Reg Data - Value does not exist] -> File not found
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\COMPANION\Installs\cpn1\YCOMP5_3_12_0.DLL [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2004, 1, 7, 1 | Size = 272983 bytes | Modified Date = 1/7/2004 8:32:12 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{656EC4B7-072B-4698-B504-2A414C1F0037} [HKLM] -> %ProgramFiles%\Mercury Network Accelerator\prpl_IePopupBlocker.dll [IE_PopupBlocker Class] -> Propel Software Corporation [Ver = 5.0.0.1053 | Size = 49152 bytes | Modified Date = 2/22/2005 8:32:20 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr = ]
{8C2E4620-FFB9-3F53-6848-07C7762660C4} [HKLM] -> %SystemRoot%\syytupvq.dll [Reg Data - Value does not exist] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\MESSENGER\YHEXBMES0411.DLL [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 6/14/2003 5:47:36 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\MESSENGER\YHEXBMES0411.DLL [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 6/14/2003 5:47:36 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 843804 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ]
{8F4D0BD6-AF72-747E-3904-08FCB4B8EAD6} [HKLM] -> %SystemRoot%\syytupvq.dll [Search] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\COMPANION\Installs\cpn1\YCOMP5_3_12_0.DLL [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 1, 7, 1 | Size = 272983 bytes | Modified Date = 1/7/2004 8:32:12 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\COMPANION\Installs\cpn1\YCOMP5_3_12_0.DLL [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 1, 7, 1 | Size = 272983 bytes | Modified Date = 1/7/2004 8:32:12 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2940619F-D209-47CE-A40C-CCB4B6C157F6} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 843804 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
text/html -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0000000A-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab ->
{00000161-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab ->
{0122955E-1FB0-11D2-A238-006097FAEE8B} -> CscClnt Class - CodeBase = http://a1440.g.akamaitech.net/7/144...content.com/02000089/cccabs/CleverContent.cab ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab ->
{31564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmvax.cab ->
{3334504D-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab ->
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} -> - CodeBase = http://207.188.7.150/048be75f0208809ba523/netzip/RdxIE601.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://www.teslatheband.com/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\SYSTEM\dajava.cab ->
Internet Explorer Classes for Java -> - CodeBase = file://C:\WINDOWS\SYSTEM\iejava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 3/11/2007 7:08:04 PM | Attr = ]
FOUND.024 -> %SystemDrive%\FOUND.024 -> [Folder | Created Date = 3/13/2007 10:34:00 PM | Attr = HS]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 3/13/2007 9:11:31 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 3/13/2007 9:10:37 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 3/13/2007 9:10:37 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 3/13/2007 9:10:37 PM | Attr = ]
jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49265 bytes | Created Date = 3/13/2007 9:10:37 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 3/13/2007 9:25:48 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/14/2007 12:01:41 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
presets.ini -> %SystemDrive%\presets.ini -> [Ver = | Size = 21 bytes | Modified Date = 3/1/2007 6:09:14 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 3/11/2007 7:08:06 PM | Attr = ]
FOUND.024 -> %SystemDrive%\FOUND.024 -> [Folder | Modified Date = 3/13/2007 10:34:00 PM | Attr = HS]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 200 bytes | Modified Date = 3/10/2007 8:06:16 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267767808 bytes | Modified Date = 3/14/2007 6:56:46 PM | Attr = HS]
CLEANINGLAB.INI -> %SystemRoot%\CLEANINGLAB.INI -> [Ver = | Size = 555 bytes | Modified Date = 3/13/2007 10:25:12 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/14/2007 6:56:48 PM | Attr = S]
MUSICEDITOR.INI -> %SystemRoot%\MUSICEDITOR.INI -> [Ver = | Size = 154 bytes | Modified Date = 3/13/2007 6:51:56 PM | Attr = ]
{00000002-00000000-0000000B-00001102-00000004-20021102}.CDF -> %SystemRoot%\{00000002-00000000-0000000B-00001102-00000004-20021102}.CDF -> [Ver = | Size = 4932286 bytes | Modified Date = 3/14/2007 6:54:52 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 3/14/2007 12:36:34 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/9/2007 12:32:18 AM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 3/13/2007 9:11:32 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 666 bytes | Modified Date = 3/10/2007 8:06:16 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 2136 bytes | Modified Date = 3/13/2007 7:04:54 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/14/2007 6:57:00 PM | Attr = H ]
Norton AntiVirus - Run Full System Scan - Mike Blue.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Mike Blue.job -> [Ver = | Size = 538 bytes | Modified Date = 3/9/2007 9:23:12 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2240 bytes | Modified Date = 3/8/2007 5:51:46 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 37760 bytes | Modified Date = 3/12/2007 10:10:36 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 305318 bytes | Modified Date = 3/12/2007 10:10:36 PM | Attr = ]
BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> %System32%\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31440 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 347268 bytes | Modified Date = 3/12/2007 10:10:36 PM | Attr = ]
BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31440 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31812 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31812 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat -> %System32%\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat -> %System32%\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 3/14/2007 6:55:42 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 3/13/2007 9:16:00 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , -> %SystemDrive%\VIRTPART.DAT -> [Ver = | Size = 27262976 bytes | Modified Date = 6/18/2006 1:55:36 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ]
PEC2 , -> %System32%\Dwapilib.tlb -> [Ver = | Size = 197171 bytes | Modified Date = 2/14/1997 10:24:14 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 10:00:00 AM | Attr = ]

< End of report >

 

Hi,

Can you upload me these files please?:

C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

Same place you uploaded the others.

http://www.bleepingcomputer.com/submit-malware.php?channel=20

Since AVG has the disconnections stopped?

Looking over your reports now & looking to see what that file you uploaded from temp does.

Thanks

 

Hi,

Grab me an uninstall list too will ya please?

Open Hijackthis
click "open misc tools options "
Open "uninstall manager "
Click "save list... "
Save the list & post it here.

Thanks