Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Nov 2007
    Posts
    5
    Points
    0

    Default clicking noise - hijackthis log

    I recently (three or four days ago) started noticing a clicking noise that is usually associated with hitting a refresh page in iexplore.exe

    It happens regardless of what i am doing, intermittently.


    when I first started noticing this clicking noise, I spotted a second instance of explorer.exe and killed it since I never saw that happen before, but this didn't fix anything, and I have not noticed the second instance appearing again
    I did all the scans mentioned in http://www.help2go.com/Tutorials/Pro...Hijackers.html

    here's the hijack this log as prepared per instructions in the above page:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:37:13 PM, on 11/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\1.0.91.0\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\KVIrc\kvirc.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Boris\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] "C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe"
    O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
    O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Boris\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
    O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175915440875
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,wbsys.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GCALDaemon - Unknown owner - C:\Program Files\GCALDaemon\bin\wrapper.exe
    O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.0.91.0\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 12039 bytes


    --
    Thank you guys in advance for helping me out.

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    I'm not seeing anything bad in your log ...

    Please run these :-

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    5
    Points
    0

    Default

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/25/2007 at 03:12 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3349
    Trace Rules Database Version: 1349

    Scan type : Complete Scan
    Total Scan Time : 02:23:27

    Memory items scanned : 607
    Memory threats detected : 0
    Registry items scanned : 8253
    Registry threats detected : 0
    File items scanned : 83508
    File threats detected : 27

    Adware.Tracking Cookie
    C:\Documents and Settings\Boris\Cookies\boris@adinterax[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@atwola[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@doubleclick[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@track.asus[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@2o7[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@pandasoftware.112.2o7[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@track.bestbuy[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@revsci[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@ar.atwola[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@adlegend[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@adbrite[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@stat.onestat[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@microsoftoffice.112.2o7[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@imrworldwide[3].txt
    C:\Documents and Settings\Boris\Cookies\boris@ads.dailystar.com[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@clicksor[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@ads.adbrite[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@atdmt[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@adinterax[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@adopt.euroclick[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@centralmediaserver[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@cf-db02.clickfacts[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@divx.adbureau[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@ehg-newegg.hitbox[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@imrworldwide[2].txt
    C:\Documents and Settings\Boris\Cookies\boris@microsoftwlspacesmkt.112.2o7[1].txt
    C:\Documents and Settings\Boris\Cookies\boris@statse.webtrendslive[2].txt


    ComboFix 07-11-19.3 - Boris 2007-11-25 11:32:11.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1099 [GMT -5:00]
    Running from: C:\Documents and Settings\Boris\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
    .

    2007-11-25 00:15 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-25 00:15 d-------- C:\Documents and Settings\Boris\Application Data\SUPERAntiSpyware.com
    2007-11-25 00:15 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-22 23:32 d-------- C:\Program Files\Windows Defender
    2007-11-22 23:23 d-------- C:\Documents and Settings\Boris\.housecall6.6
    2007-11-22 22:42 0 --a------ C:\WINDOWS\system32\asfiles.txt
    2007-11-22 22:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-11-22 17:03 d-------- C:\Program Files\FileZilla Client
    2007-11-22 17:03 d-------- C:\Documents and Settings\Boris\Application Data\FileZilla
    2007-11-22 11:34 d-------- C:\Program Files\Google Video
    2007-11-20 16:22 d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
    2007-11-18 13:06 d-------- C:\Documents and Settings\Boris\download
    2007-11-18 13:06 d-------- C:\Documents and Settings\Boris\Application Data\KVIrc
    2007-11-18 13:05 d-------- C:\Program Files\KVIrc
    2007-11-18 12:48 d-------- C:\Program Files\Pidgin
    2007-11-18 11:47 d-------- C:\Documents and Settings\Boris\Application Data\foobar2000
    2007-11-14 12:55 d-------- C:\Program Files\Audacity 1.3 Beta
    2007-11-07 10:49 d-------- C:\madmumblings
    2007-11-06 23:44 d-------- C:\Program Files\Tablet
    2007-11-06 23:44 d-------- C:\Documents and Settings\Boris\Application Data\WTablet
    2007-11-06 23:44 1,373,480 --a------ C:\WINDOWS\system32\Pen_Tablet.exe
    2007-11-06 23:44 181,544 --a------ C:\WINDOWS\system32\Wintab32.dll
    2007-11-06 23:44 128,296 --a------ C:\WINDOWS\system32\Pen_Tablet.dll
    2007-11-06 23:44 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
    2007-11-06 23:44 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
    2007-11-06 23:44 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
    2007-11-04 17:52 d-------- C:\Program Files\MediaCoder
    2007-10-30 19:55 d-------- C:\Documents and Settings\All Users\Application Data\AOL
    2007-10-30 16:15 d-------- C:\Program Files\TechSmith
    2007-10-30 16:15 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
    2007-10-28 22:44 d-------- C:\Documents and Settings\Boris\Application Data\ImgBurn
    2007-10-28 13:27 d-------- C:\Documents and Settings\Boris\Application Data\DVD Flick
    2007-10-28 13:26 d-------- C:\Program Files\DVD Flick
    2007-10-28 13:26 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
    2007-10-28 13:21 d-------- C:\Program Files\DVD Shrink
    2007-10-28 13:21 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-10-28 12:56 d-------- C:\Program Files\InfraRecorder
    2007-10-28 12:56 d-------- C:\Documents and Settings\Boris\Application Data\InfraRecorder
    2007-10-27 21:02 d-------- C:\Program Files\Shareaza
    2007-10-27 21:02 d-------- C:\Documents and Settings\Boris\Application Data\Shareaza
    2007-10-25 10:53 232,448 --a------ C:\WINDOWS\system32\mp3fhg.acm

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-25 16:34 --------- d-----w C:\Documents and Settings\Boris\Application Data\Launchy
    2007-11-25 16:31 --------- d-----w C:\Documents and Settings\Boris\Application Data\uTorrent
    2007-11-25 05:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-24 11:32 --------- d-----w C:\Program Files\Symantec AntiVirus
    2007-11-23 17:55 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-11-23 04:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-11-23 04:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-11-22 19:42 --------- d-----w C:\Program Files\Google
    2007-11-22 18:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-22 18:42 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-22 18:08 --------- d-----w C:\Documents and Settings\Boris\Application Data\.purple
    2007-11-22 18:03 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-11-22 17:54 --------- d-----w C:\Program Files\MagicISO
    2007-11-22 17:54 --------- d-----w C:\Program Files\iTunes
    2007-11-22 17:52 --------- d-----w C:\Program Files\Gran Paradiso
    2007-11-22 17:52 --------- d-----w C:\Program Files\Folding@Home
    2007-11-22 17:52 --------- d-----w C:\Program Files\DivX
    2007-11-21 04:50 --------- d-s---w C:\Program Files\Xfire
    2007-11-19 23:45 --------- d-----w C:\Documents and Settings\Boris\Application Data\Xfire
    2007-11-19 23:14 --------- d-----w C:\Documents and Settings\Boris\Application Data\TeraCopy
    2007-11-18 17:49 --------- d-----w C:\Documents and Settings\Boris\Application Data\gtk-2.0
    2007-11-18 17:48 --------- d-----w C:\Program Files\Common Files\GTK
    2007-11-18 17:42 --------- d-----w C:\Program Files\xchat
    2007-11-18 17:33 --------- d-----w C:\Program Files\mIRC
    2007-11-18 16:47 --------- d-----w C:\Program Files\foobar2000
    2007-11-16 21:15 --------- d-----w C:\Program Files\Steam
    2007-11-14 18:30 --------- d-----w C:\Documents and Settings\Boris\Application Data\Audacity
    2007-11-13 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-11 04:01 --------- d-----w C:\Documents and Settings\Boris\Application Data\dvdcss
    2007-11-06 19:49 --------- d-----w C:\Documents and Settings\Boris\Application Data\SecondLife
    2007-11-04 22:37 --------- d-----w C:\Program Files\AIM
    2007-11-04 22:37 --------- d-----w C:\Documents and Settings\Boris\Application Data\Aim
    2007-11-04 22:34 --------- d-----w C:\Program Files\Opera 9.5 alpha
    2007-11-04 00:36 --------- d-----w C:\Documents and Settings\Boris\Application Data\nView_Wallpaper
    2007-10-31 00:55 --------- d-----w C:\Program Files\AIM6
    2007-10-28 18:43 --------- d-----w C:\Program Files\SecondLife
    2007-10-28 01:36 --------- d-----w C:\Documents and Settings\Boris\Application Data\aMule
    2007-10-22 18:39 --------- d-----w C:\Program Files\uTorrent
    2007-10-19 16:32 --------- d-----w C:\Documents and Settings\Boris\Application Data\Thunderbird
    2007-10-19 02:24 --------- d-----w C:\Program Files\Opera
    2007-10-17 15:50 --------- d-----w C:\Program Files\Virtual Earth 3D
    2007-10-08 22:49 --------- d-----w C:\Program Files\Image-Line
    2007-10-08 22:48 --------- d-----w C:\Program Files\Steinberg
    2007-10-07 14:43 --------- d-----w C:\Program Files\Java
    2007-10-07 04:26 --------- d-----w C:\Documents and Settings\Boris\Application Data\Canon
    2007-10-06 02:24 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-10-05 20:52 --------- d-----w C:\Program Files\BOINC
    2007-10-03 17:51 --------- d-----w C:\Program Files\Picasa2
    2007-10-02 18:11 --------- d-----w C:\Documents and Settings\Boris\Application Data\SystemRequirementsLab
    2007-10-02 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-10-01 21:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
    2007-09-28 22:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 22:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 22:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
    2007-09-27 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-17 06:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
    2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-09-17 05:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-09-17 05:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-09-17 05:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-09-17 05:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-09-17 05:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-09-17 05:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-09-17 05:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-09-17 05:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-09-17 05:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-09-17 05:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-09-17 05:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-09-17 05:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-09-17 05:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-09-17 05:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-09-17 05:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
    2007-09-17 05:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
    2007-09-17 05:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
    2007-09-17 05:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-09-17 05:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-09-17 05:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-09-17 05:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-09-17 05:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
    2007-09-17 05:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-09-17 05:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
    2007-09-17 05:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    2007-09-04 22:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
    2007-08-30 18:55 164 ----a-w C:\install.dat
    2007-02-09 05:01 3,656 ----a-w C:\Program Files\Read_Me.txt
    2007-01-21 03:22 1,782 ----a-w C:\Program Files\illusion.reg
    2001-07-26 20:58 47 ----a-w C:\Program Files\ACMonitor_X73.ini
    2001-07-05 16:46 8,116 ----a-w C:\Program Files\OSLO3071b2.USB
    2001-05-11 15:39 53,248 ----a-w C:\Program Files\ACMonitor_X73.exe
    2001-05-08 20:36 114,688 ----a-w C:\Program Files\lxarscan.dll
    2001-04-23 18:22 1,437 ----a-w C:\Program Files\gtx73.ini
    2001-02-22 13:54 768 ----a-w C:\Program Files\x73_lut.dat
    2006-04-25 01:54 108 --sha-r C:\WINDOWS\neoqaz2.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-22_22.18.59.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
    + 2007-11-25 05:15:23 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-11-25 05:15:23 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-11-25 05:15:23 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2007-03-29 14:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
    + 2006-10-05 21:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
    + 2005-06-03 19:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
    + 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
    + 2005-05-20 18:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
    + 2006-02-16 23:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
    + 2005-10-25 23:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
    + 2004-05-04 20:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
    + 2006-07-14 18:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
    + 2006-04-10 15:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
    + 2006-02-14 18:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
    + 2006-02-16 23:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
    + 2006-10-05 21:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
    + 2006-06-30 19:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
    + 2004-02-04 19:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
    + 2006-08-01 18:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
    + 2006-08-23 18:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
    + 2006-08-17 16:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
    + 2006-09-04 16:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
    + 2006-08-18 13:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
    + 2007-03-26 19:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
    + 2006-08-09 15:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
    + 2006-07-19 15:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
    + 2006-01-20 21:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
    + 2006-05-17 14:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
    + 2006-08-16 15:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
    + 2006-06-30 19:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
    + 2006-08-17 19:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
    + 2006-08-08 18:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
    + 2006-08-18 13:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
    + 2006-08-18 13:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
    + 2007-04-18 22:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
    + 2007-01-22 19:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
    + 1997-09-18 11:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
    + 2006-02-28 22:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
    + 2006-08-02 17:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
    - 2007-04-24 15:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
    + 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
    + 2003-03-25 23:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
    "Aim6"="" []
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-10-24 18:33]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 13:25]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17]

    C:\Documents and Settings\Svetlana\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

    C:\Documents and Settings\Boris\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-07-03 11:37:49]
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
    OneNote Table Of Contents.onetoc2 [2007-07-02 13:42:15]
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-11-14 20:00:40]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 21:30:47]
    Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-08-10 18:26:16]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    C:\WINDOWS\system32\NavLogon.dll 2006-10-24 18:33 43712 C:\WINDOWS\system32\NavLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-07-16 21:48 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
    backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Boris^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
    path=C:\Documents and Settings\Boris\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Boris^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
    path=C:\Documents and Settings\Boris\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
    backup=C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^Boris^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=C:\DOCUME~1\Boris\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-26 23:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-09 17:53 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    2007-09-27 20:17 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    c:\program files\steam\steam.exe -silent

    R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    S2 GCALDaemon;GCALDaemon;"C:\Program Files\GCALDaemon\bin\wrapper.exe" -s "C:\Program Files\GCALDaemon\conf\nt-service.cfg"
    S2 gupdate;Google Update Service;"C:\Program Files\Google\Update\1.0.91.0\GoogleUpdate.exe" /svc
    S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{060ee6d4-e4e6-11db-8c93-806d6172696f}]
    \Shell\AutoRun\command - D:\Install.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2cd97a-ebbb-11db-80ed-0018f3f0949d}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - SASDIFSV
    *Newly Created Service* - SASENUM
    *Newly Created Service* - SASKUTIL

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-24 22:05:30 C:\WINDOWS\Tasks\GoogleUpdateTask.job"
    - C:\Program Files\Google\Update\1.0.91.0\GoogleUpdate.exe
    "2007-11-25 06:38:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-25 11:37:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-25 11:38:33
    C:\ComboFix2.txt ... 2007-11-22 22:20
    .
    --- E O F ---


    clicking sound still persists

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    1. Please download silentrunners from here :-

    http://www.silentrunners.org/Silent%20Runners.zip

    2. unzip to your desktop

    3. double click on the VBS file (If your AntiVirus alerts, allow the script to run.)

    4. Once finished, the script will save a Notepad document to your Desktop.

    5. IMPORTANT - You will need to attach the file to your next post you cannot copy & paste it into your thread as if any infected or suspect files are found, the symbols used in the log will conflict with the HTML of the forum, & your log will be distorted, if it posts at all.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Nov 2007
    Posts
    5
    Points
    0

    Default

    here it is

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    That's clean as well .. as are all the logs you have posted ...

    Let's try this :-

    Please Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Nov 2007
    Posts
    5
    Points
    0

    Default

    still clicking


    =/

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Let's see what these scanners find :-

    Go here to run an online scan from ESET.

    http://www.eset.eu/online-scanner

    Note: You will need to use Internet explorer for this scan

    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the activex control to install
    4. Click Start
    5. Make sure that the option Remove found threats and the option Scan unwanted applications is checkmarked.
    6. Click Scan
    7. Wait for the scan to finish
    8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    9. Copy and paste the log into your next reply

    THEN...

    Please run a Kaspersky Online Scan

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    Click Accept

    You will be promted to install an ActiveX component from Kaspersky,
    Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      [list:aa6aaa9b76]
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives Scan Mail Bases
    [*]Click OK [*]Now under select a target to scan:
    • Select My Computer
    [*]The program will start and scan your system. [*]The scan will take a while so be patient and let it run. [*]Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
    [*]Once finished, save the log to your Desktop as filename KAV.txt[/list:u:aa6aaa9b76]

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Nov 2007
    Posts
    5
    Points
    0

    Default

    here

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    This is the relevant part of your KASPERSKY ONLINE SCANNER REPORT

    Scan Statistics:
    Total number of scanned objects: 299609
    Number of viruses found: 4
    Number of infected objects: 10
    Number of suspicious objects: 0
    Duration of the scan process: 04:21:33

    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP297\A0042212.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP301\A0043015.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP301\A0043015.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP301\A0043015.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP301\A0043015.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP301\A0043015.exe NSIS: infected - 4 skipped
    C:\System Volume Information\_restore{9FC9C364-2735-4767-A5B0-474CF35C7B2C}\RP315\A0045092.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped

    C:\TORR\Nero 7.8.5.0 Ultra Incl Keygen\Nero 7.8.5.0 Ultra\Nero 7.8.5.0 Ultra.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\TORR\Nero 7.8.5.0 Ultra Incl Keygen\Nero 7.8.5.0 Ultra\Nero 7.8.5.0 Ultra.exe RAR: infected - 1

    -
    You can forget this :-

    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

    I don't know why KASPERSKY would tag it as malware ...

    mIRC is an Internet Relay Chat client for Windows that can be used to communicate, share, play or work with others on IRC networks...

    http://www.processlibrary.com/directory/files/mirc

    The rest are in system restore points ...

    This will clear all your infected restore points...

    Turn off (Disable) System Restore in XP :-

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    Then...

    Turn on (enable) System Restore :-

    Follow the same procedure, but this time uncheck Turn off System Restore

    if you have any problem with this... here's a link to instructions :-


    Disabling or enabling Windows XP System Restore >

    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam


    The ESET scan was clean - it found nothing ...

    still clicking ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -