Hi, I'll cut the formalities and get straight to the point, my computer is currently infected with what is known as win32.worm.warezov and probably a few other infections I cannot locate. Hang on, let me get back to the formalities, cause it'd be rude if I didn't at least introduce myself, right?
Hi TSF! My name is Kant Wu, and I've been a computer addict for a while now. Mostly gaming and web browsing though, but anyhow, I registered on this forum months ago and decided to finally step out of the box and ask for help! =P Usually I would just system recover my computer, but I really dont want to have to do that because it deletes everything I've ever installed. For some strange unknown reason, I can't system restore, probably due to the fact that I don't have a set restore point. (Don't exactly know how to create one either!!! :sigh
The two major infections are: (As told by Ad-Aware '08)
Win32.Worm.Warezov
Win32.Worm.Agent
I was downloading files off a forum without proper protection, and as I was running the files, I noticed my computer lagging horribly. (Those files aren't illegal, just regular game cheats and hacks. At least I don't think they're illegal.) Afterwards, task manager and regedit were supposedly disabled by the administrator. (That would be me.)
Overall I would say that my computer is running fine, but due to the fact that my parents are completely oblivious to the dangers different types of wares and viruses can do to a computer, I do not have antivirus. With an infected computer, I don't want to risk leaking any information nor do I want it to get even heavilier infected, so I do want this resolved ASAP. (This isn't a signal to rush the staff.)
I do have Ad-Aware and avast! free versions though, but in a case like this, they aren't much help. (Usually I have avast! disabled because somehow I feel it's slowing my web browsing down.) I've done safe mode and tweaked around with regedit before, so following directions shouldn't pose a problem.
DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 3:22:20.37 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1444 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winenmd.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winrbgwja.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winasokp.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winfmnra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\sccmx.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Explorer] "c:\docume~1\hp_adm~1\locals~1\temp\explorer\InternetExplorer.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
============= SERVICES / DRIVERS ===============
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\elmmpp.sys --> c:\windows\system32\drivers\elmmpp.sys [?]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-9 33752]
=============== Created Last 30 ================
2009-01-10 03:18 70 a---h--- C:\aaw7boot.cmd
2009-01-10 03:00 <DIR> --d----- c:\program files\SpyZooka
2009-01-10 02:36 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\True Sword
2009-01-10 01:12 <DIR> --d----- C:\EmergencyUtils
2009-01-09 16:44 <DIR> --d----- c:\program files\Sony Setup
2009-01-09 03:44 17,876 a---h--- c:\windows\system32\wcdrtc32.dl_
2009-01-09 03:44 25,600 -------- c:\windows\system32\wcdrtc32.dll
2009-01-09 01:48 <DIR> --d----- c:\program files\Sony
2009-01-09 01:36 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-09 01:23 <DIR> --d----- c:\windows\system32\URTTemp
2009-01-09 00:24 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-08 23:45 <DIR> --d----- c:\program files\VSTplugins
2009-01-08 23:31 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-08 22:27 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-08 03:32 <DIR> --d----- C:\Fraps
2009-01-05 21:07 <DIR> --d----- c:\program files\common files\xing shared
2008-12-30 10:26 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-30 10:09 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-30 08:16 4,682 a------- c:\windows\system32\npptNT2.sys
2008-12-30 08:16 5,174 a------- c:\windows\system32\nppt9x.vxd
2008-12-30 06:51 <DIR> --d----- c:\program files\Lavasoft
2008-12-30 06:41 157,152 a------- c:\windows\system32\PubPlugin.dll
2008-12-30 06:41 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2008-12-30 06:41 710,064 a------- c:\windows\system32\ijjiSetup.exe
2008-12-30 06:31 66,082 a------- c:\windows\system32\dllcache\c_10021.nls
2008-12-30 06:31 66,082 a------- c:\windows\system32\c_10021.nls
2008-12-30 06:31 6,144 a------- c:\windows\system32\ftlx041e.dll
2008-12-30 06:31 6,144 a------- c:\windows\system32\dllcache\ftlx041e.dll
2008-12-30 06:04 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-30 06:04 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-30 05:13 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-30 05:13 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-30 05:10 <DIR> --dshr-- C:\cmdcons
2008-12-30 05:10 <DIR> --d----- c:\windows\setupupd
2008-12-30 05:08 1,901 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX276AA-ABA a1540n_YC_0Pavi_QCNH625_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M1983_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#060810_N_Z14F12F20_G10DE0241.MRK
2008-12-30 05:04 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2008-12-30 05:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Symantec
2008-12-30 05:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2008-12-30 05:04 <DIR> --d----- c:\documents and settings\HP_Administrator
2008-12-30 04:54 <DIR> --dshr-- c:\windows\system32\dllcache
2008-12-20 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2008-12-20 20:12 <DIR> --d----- c:\program files\Pando Networks
2008-12-19 03:01 <DIR> --d----- c:\windows\ie8updates
==================== Find3M ====================
2008-10-26 05:24 4,844 a------- c:\windows\mozver.dat
2008-10-20 22:05 41,984 a------- c:\documents and settings\hp_administrator\~.exe
2008-10-15 14:25 1,726 a------- c:\windows\ndinst.exe
2008-05-10 01:01 577,536 a------- c:\documents and settings\hp_administrator\GoToAssist_phone__317_en.exe
============= FINISH: 3:22:27.40 ===============
PS - After my computer is fixed, I have my dad's and sister's computers to try and fix, because they're getting over 400 infections each with various types of spyware scanners.
Hi TSF! My name is Kant Wu, and I've been a computer addict for a while now. Mostly gaming and web browsing though, but anyhow, I registered on this forum months ago and decided to finally step out of the box and ask for help! =P Usually I would just system recover my computer, but I really dont want to have to do that because it deletes everything I've ever installed. For some strange unknown reason, I can't system restore, probably due to the fact that I don't have a set restore point. (Don't exactly know how to create one either!!! :sigh
The two major infections are: (As told by Ad-Aware '08)
Win32.Worm.Warezov
Win32.Worm.Agent
I was downloading files off a forum without proper protection, and as I was running the files, I noticed my computer lagging horribly. (Those files aren't illegal, just regular game cheats and hacks. At least I don't think they're illegal.) Afterwards, task manager and regedit were supposedly disabled by the administrator. (That would be me.)
Overall I would say that my computer is running fine, but due to the fact that my parents are completely oblivious to the dangers different types of wares and viruses can do to a computer, I do not have antivirus. With an infected computer, I don't want to risk leaking any information nor do I want it to get even heavilier infected, so I do want this resolved ASAP. (This isn't a signal to rush the staff.)
I do have Ad-Aware and avast! free versions though, but in a case like this, they aren't much help. (Usually I have avast! disabled because somehow I feel it's slowing my web browsing down.) I've done safe mode and tweaked around with regedit before, so following directions shouldn't pose a problem.
DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 3:22:20.37 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1444 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winenmd.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winrbgwja.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winasokp.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winfmnra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\sccmx.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Explorer] "c:\docume~1\hp_adm~1\locals~1\temp\explorer\InternetExplorer.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
============= SERVICES / DRIVERS ===============
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\elmmpp.sys --> c:\windows\system32\drivers\elmmpp.sys [?]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-9 33752]
=============== Created Last 30 ================
2009-01-10 03:18 70 a---h--- C:\aaw7boot.cmd
2009-01-10 03:00 <DIR> --d----- c:\program files\SpyZooka
2009-01-10 02:36 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\True Sword
2009-01-10 01:12 <DIR> --d----- C:\EmergencyUtils
2009-01-09 16:44 <DIR> --d----- c:\program files\Sony Setup
2009-01-09 03:44 17,876 a---h--- c:\windows\system32\wcdrtc32.dl_
2009-01-09 03:44 25,600 -------- c:\windows\system32\wcdrtc32.dll
2009-01-09 01:48 <DIR> --d----- c:\program files\Sony
2009-01-09 01:36 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-09 01:23 <DIR> --d----- c:\windows\system32\URTTemp
2009-01-09 00:24 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-08 23:45 <DIR> --d----- c:\program files\VSTplugins
2009-01-08 23:31 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-08 22:27 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-08 03:32 <DIR> --d----- C:\Fraps
2009-01-05 21:07 <DIR> --d----- c:\program files\common files\xing shared
2008-12-30 10:26 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-30 10:09 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-30 08:16 4,682 a------- c:\windows\system32\npptNT2.sys
2008-12-30 08:16 5,174 a------- c:\windows\system32\nppt9x.vxd
2008-12-30 06:51 <DIR> --d----- c:\program files\Lavasoft
2008-12-30 06:41 157,152 a------- c:\windows\system32\PubPlugin.dll
2008-12-30 06:41 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2008-12-30 06:41 710,064 a------- c:\windows\system32\ijjiSetup.exe
2008-12-30 06:31 66,082 a------- c:\windows\system32\dllcache\c_10021.nls
2008-12-30 06:31 66,082 a------- c:\windows\system32\c_10021.nls
2008-12-30 06:31 6,144 a------- c:\windows\system32\ftlx041e.dll
2008-12-30 06:31 6,144 a------- c:\windows\system32\dllcache\ftlx041e.dll
2008-12-30 06:04 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-30 06:04 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-30 05:13 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-30 05:13 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-30 05:10 <DIR> --dshr-- C:\cmdcons
2008-12-30 05:10 <DIR> --d----- c:\windows\setupupd
2008-12-30 05:08 1,901 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX276AA-ABA a1540n_YC_0Pavi_QCNH625_E63NAemMPA2_48_INODUSM_SASUSTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M1983_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#060810_N_Z14F12F20_G10DE0241.MRK
2008-12-30 05:04 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2008-12-30 05:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Symantec
2008-12-30 05:04 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2008-12-30 05:04 <DIR> --d----- c:\documents and settings\HP_Administrator
2008-12-30 04:54 <DIR> --dshr-- c:\windows\system32\dllcache
2008-12-20 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2008-12-20 20:12 <DIR> --d----- c:\program files\Pando Networks
2008-12-19 03:01 <DIR> --d----- c:\windows\ie8updates
==================== Find3M ====================
2008-10-26 05:24 4,844 a------- c:\windows\mozver.dat
2008-10-20 22:05 41,984 a------- c:\documents and settings\hp_administrator\~.exe
2008-10-15 14:25 1,726 a------- c:\windows\ndinst.exe
2008-05-10 01:01 577,536 a------- c:\documents and settings\hp_administrator\GoToAssist_phone__317_en.exe
============= FINISH: 3:22:27.40 ===============
PS - After my computer is fixed, I have my dad's and sister's computers to try and fix, because they're getting over 400 infections each with various types of spyware scanners.
