PLEASE HELP!!! Internet.exe

I

ilikesimpsons

New Member
There is an internet.exe program in the folder C:\Users\*******\Appdata\Roaming\ and it keeps executing a iexplore.exe which uses up 100% of my cpu usage, even when im not running an Internet Explorer. It slows down my computer and Norton Internet Security 2008 doesnt detect it as a virus/trojan/spyware/malware/etc. I need help on how to get rid of it, and or even any info about it. All other websites say that internet.exe is a virus, but only if found in the %system% folder. Please help, and all information is appreciated
 
Last edited:
Hello, please post the following:

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Logfile of HijackThis v1.99.1
Scan saved at 6:11:22 PM, on 4/13/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\1207954497\ee\aolsoftware.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe - This is iexplore.exe #1
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Matthew\Downloads\iTunesSetup.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe - This is iexplore.exe #2
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ExtraTorrent Toolbar - {3DA353C2-FE7F-428C-B494-791DCDAF516E} - C:\PROGRA~1\EXTRAT~1\EXTRAT~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.08\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1207954497\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DeleteHistoryFree] C:\Program Files\DeleteHistoryFree\dhf.exe
O4 - HKCU\..\Run: [{B1FA9878-C5DA-211A-26FB-DEB792A9CFBB}] C:\Users\Matthew\AppData\Roaming\internet.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: PCANotify - C:\Windows\SYSTEM32\PCANotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Note: One of the iexplore.exe is from the internet.exe and uses 100% of my cpu. When I try to close the one that uses all my cpu, it starts, Internet.exe in C:\Users\******\Appdata\Roaming, and then that relaunches the iexplore.exe which in turn will begin to use all my cpu again.
 
Last edited:
g25racer said:
Wow your pc is junked up!
Click to expand...
From the HJT log, it's not a big infection.

I spotted a Trojan, but I want to see a combofix log.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 08-04-13.3 - Matthew 2008-04-14 15:45:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.843 [GMT -4:00]
Running from: C:\Users\Matthew\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Matthew\AppData\Roaming\addon.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PortProxy


((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-14 15:46 . 2008-04-14 15:46 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-04-13 18:11 . 2008-04-13 18:11 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Apple Computer
2008-04-13 18:11 . 2008-04-13 18:11 <DIR> d-------- C:\Program Files\iTunes
2008-04-13 18:11 . 2008-04-13 18:11 <DIR> d-------- C:\Program Files\iPod
2008-04-13 18:10 . 2008-04-13 18:10 <DIR> d-------- C:\Program Files\Bonjour
2008-04-13 18:09 . 2008-04-13 18:11 <DIR> d-------- C:\ProgramData\Apple Computer
2008-04-13 18:09 . 2008-04-13 18:10 <DIR> d-------- C:\Program Files\QuickTime
2008-04-13 18:09 . 2008-04-13 18:09 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-13 18:07 . 2008-04-13 18:07 <DIR> d-------- C:\ProgramData\Apple
2008-04-13 18:07 . 2008-04-13 18:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-13 14:47 . 2008-04-14 15:45 56,709 --a------ C:\Users\Matthew\AppData\Roaming\internet.exe
2008-04-11 18:58 . 2008-04-11 18:58 <DIR> d-------- C:\Windows\Downloaded Installations
2008-04-11 18:58 . 2008-04-11 18:58 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\AOL
2008-04-11 18:57 . 2008-04-11 18:57 <DIR> d-------- C:\ProgramData\Viewpoint
2008-04-11 18:57 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-11 18:57 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-04-11 18:57 . 2008-04-11 17:22 54,832 --a------ C:\Windows\System32\AOLParconLink.exe
2008-04-11 18:55 . 2008-04-11 18:55 <DIR> d-------- C:\ProgramData\AOL OCP
2008-04-11 18:55 . 2006-11-29 18:24 33,588 --a------ C:\Windows\System32\drivers\wanatw4.sys
2008-04-11 18:54 . 2008-04-11 18:54 <DIR> d-------- C:\Windows\aolshare
2008-04-11 18:54 . 2008-04-11 19:01 <DIR> d-------- C:\ProgramData\AOL
2008-04-11 18:54 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-04-11 18:54 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\Common Files\aol
2008-04-11 18:54 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\AOL 9.1
2008-04-11 17:23 . 2008-04-11 17:23 335 --a------ C:\Windows\nsreg.dat
2008-04-11 17:11 . 2008-04-11 17:23 <DIR> d-------- C:\ProgramData\AOL Downloads
2008-04-11 16:21 . 2008-04-11 16:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-11 15:59 . 2008-04-11 15:59 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-04-08 16:51 . 2008-04-08 16:53 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-08 16:50 . 2008-04-08 16:53 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-04-08 16:50 . 2008-04-08 16:53 10,563 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-04-08 16:50 . 2008-04-08 16:53 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-04-07 17:24 . 2008-04-07 17:24 <DIR> d-------- C:\Windows\System32\Futuremark
2008-04-07 15:46 . 2008-04-07 15:46 <DIR> d-------- C:\Program Files\ExtraTorrent Toolbar
2008-04-07 15:35 . 2008-04-07 15:38 <DIR> d-------- C:\Program Files\DeleteHistoryFree
2008-04-06 15:50 . 2008-04-06 15:50 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Creative
2008-04-06 15:40 . 2008-04-06 20:40 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-04-06 15:07 . 2008-04-06 15:07 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-05 21:45 . 2008-04-05 21:45 20,358 --a------ C:\Windows\vgirl.prf
2008-04-05 21:44 . 2008-04-05 21:44 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2008-04-05 21:32 . 2008-04-06 08:06 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\VSO
2008-04-05 21:31 . 2008-04-05 21:31 <DIR> d-------- C:\Program Files\VSO
2008-04-05 20:15 . 2008-04-05 20:15 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-04-05 19:37 . 2008-04-05 19:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-05 19:26 . 2008-04-05 20:25 <DIR> d-------- C:\ProgramData\NVIDIA Corporation
2008-04-05 19:25 . 2006-03-29 08:50 671,744 --a------ C:\Windows\System32\DolbyHph.dll
2008-04-05 19:25 . 2006-03-29 08:51 60,416 --a------ C:\Windows\System32\DSETUP.dll
2008-04-05 19:25 . 2006-03-29 08:49 9,856 --a------ C:\Windows\System32\drivers\pfc.sys
2008-04-05 18:07 . 2008-04-11 16:58 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Symantec
2008-04-05 17:10 . 2008-04-05 20:25 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-04-05 17:09 . 2008-04-05 17:09 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-04-05 16:33 . 2008-04-05 16:33 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-05 16:26 . 2008-04-05 16:29 <DIR> d-------- C:\Program Files\DiskInternals
2008-04-05 08:33 . 2008-04-11 17:08 <DIR> d-------- C:\ProgramData\Symantec
2008-04-05 08:33 . 2008-04-11 17:08 <DIR> d-------- C:\Program Files\Symantec
2008-04-05 08:33 . 2008-04-11 17:08 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 08:08 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-05 08:08 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll
2008-04-05 08:06 . 2008-04-05 08:06 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-05 08:04 . 2008-04-05 08:04 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-05 08:04 . 2008-04-05 08:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-05 08:02 . 2008-04-05 08:02 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-05 08:00 . 2008-04-05 08:09 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-04-05 07:59 . 2008-04-05 07:59 <DIR> dr-h----- C:\MSOCache
2008-04-04 20:15 . 2008-04-04 20:15 <DIR> d-------- C:\Program Files\vbNFSMWTrainer
2008-04-04 20:15 . 2008-04-04 20:15 249,856 --------- C:\Windows\Setup1.exe
2008-04-04 20:15 . 2008-04-04 20:15 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-04-04 20:07 . 2008-04-04 20:07 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-04 20:03 . 2008-04-04 20:03 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-04 20:02 . 2008-04-04 20:02 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\DAEMON Tools
2008-04-04 19:54 . 2008-04-13 18:30 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\LimeWire
2008-04-04 19:50 . 2008-04-08 15:35 <DIR> d-------- C:\Program Files\Java
2008-04-04 19:47 . 2008-04-04 19:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-04 19:46 . 2008-04-04 19:53 <DIR> d-------- C:\Program Files\LimeWire
2008-04-04 19:33 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-04-02 19:02 . 2008-04-02 19:02 <DIR> d-------- C:\PerfLogs
2008-04-02 18:42 . 2008-01-19 03:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-02 18:42 . 2008-01-19 03:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-02 18:40 . 2008-01-19 03:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-02 18:39 . 2008-01-19 03:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-02 18:39 . 2008-01-19 03:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-02 18:39 . 2008-01-19 03:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-02 18:39 . 2008-01-19 03:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-02 18:39 . 2008-01-19 03:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-02 18:39 . 2008-01-19 03:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-02 18:39 . 2008-01-19 03:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-02 18:39 . 2008-01-19 03:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-02 18:39 . 2008-01-19 03:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-02 18:05 . 2008-04-03 19:40 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Program Files\PerformanceTest
2008-04-02 18:05 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-04-02 17:52 . 2008-04-11 17:09 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\uTorrent
2008-04-02 17:52 . 2008-04-02 17:52 <DIR> d-------- C:\Program Files\uTorrent
2008-04-02 16:28 . 2008-04-02 16:28 96,577 --a------ C:\Windows\hpqins16.dat
2008-04-01 21:26 . 2008-04-01 21:26 <DIR> d-------- C:\Windows\Java
2008-04-01 21:26 . 2008-04-02 07:42 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-04-01 21:26 . 2007-09-15 15:11 27,136 --a------ C:\Windows\System32\PCWizard.cpl
2008-04-01 18:10 . 2008-04-01 18:10 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Atari
2008-04-01 17:56 . 2008-04-01 17:56 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-01 17:55 . 2008-04-05 16:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 20:13 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 12:05 --------- d-----w C:\Program Files\MSBuild
2008-04-02 23:09 174 --sha-w C:\Program Files\desktop.ini
2008-04-02 23:03 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-02 23:03 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-02 23:03 --------- d-----w C:\Program Files\Windows Journal
2008-04-02 23:03 --------- d-----w C:\Program Files\Windows Defender
2008-04-02 23:03 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-02 23:03 --------- d-----w C:\Program Files\Windows Calendar
2008-03-30 23:02 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-30 23:02 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 07:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-19 07:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 00:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-08 16:51 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-02 17:52 219952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ]
"DeleteHistoryFree"="C:\Program Files\DeleteHistoryFree\dhf.exe" [ ]
"{B1FA9878-C5DA-211A-26FB-DEB792A9CFBB}"="C:\Users\Matthew\AppData\Roaming\internet.exe" [2008-04-14 15:45 56709]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2008-03-06 06:12 50528]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 15:50 4706304 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-10-11 11:04 1826816 C:\Windows\SkyTel.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23 200704]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"RivaTuner"="C:\Program Files\RivaTuner v2.08\RivaTunerWrapper.exe" [2008-03-10 04:10 24576]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTunerWrapper.exe" [2008-03-10 04:10 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"HostManager"="C:\Program Files\Common Files\AOL\1207954497\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2008-02-09 20:06 152952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2007-04-27 12:10 18744 C:\Windows\System32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{952340AF-A9A2-4D50-94EA-7624221AD867}C:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= UDP:C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"UDP Query User{D8E345DE-E10F-4F02-8C5D-A5F7B58AD33F}C:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= TCP:C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"TCP Query User{97648E8C-A43A-4439-8503-AFDDD537421B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C1692F4C-B171-47FF-B131-34A63A0F22D4}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{70924792-BC3D-470F-82F3-9BA5E0B40989}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{B8B1BE60-BAC1-4FA3-9BF1-91235EEA9F21}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{B35A9A6B-9FB4-4B6B-81B5-F48979C7B83B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AEDF374D-0D21-4140-A741-783B1953B86E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D79F8136-D93F-437F-946D-90AEFD10B4C4}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{75A3EB82-A6F3-4836-81A3-DFC70F09AD82}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{705203BE-735C-47D3-9514-4733DE4EE3F0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3CD5AED6-7108-4020-81C8-0A5A91CBA021}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{191A953A-098D-485B-ACB1-DBB901465A31}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{17E5E495-E152-4E9E-84A4-58288A147B14}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{C51BEA60-2B41-444E-90F5-35BFE7684692}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F8EB3C92-5EEB-4872-9DDE-494927EAA8A7}"= UDP:C:\Program Files\Common Files\aol\1207954497\ee\aolsoftware.exe:AOL Shared Components
"{1F6A0C89-7D04-41BA-B351-425B2F98C3A4}"= TCP:C:\Program Files\Common Files\aol\1207954497\ee\aolsoftware.exe:AOL Shared Components
"{1EA0FC46-1F05-49A9-AACF-13407CE1FB71}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{C4437AE3-7666-49F5-B7D9-508B48C037D2}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{1BE362A4-A1AF-4683-B7B3-4131349FB43A}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C92DA9FD-E2F1-40DF-ACBD-E716E6087C5D}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{08EBD0E8-70AA-46E1-9FE9-BF47E5B165E6}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{89C12B3F-8C92-4557-807A-12125A5AB871}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{5F326941-D2D9-44B0-8BE2-59907596FC4F}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E347CE21-A932-4F7D-8164-B7520E104CCA}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{A4E98EA6-0A5F-4789-A56E-E9A45184D232}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C6057744-1F46-47E8-861D-6549CC30FD40}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{04074621-3FDC-4213-894A-06A9FD9C1BFB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E3524C8F-6DCD-4C45-9B17-C22DD05BC665}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080411.002\IDSvix86.sys [2008-03-20 16:37]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 09:11]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 15:34]
S0 NVStrap;NVStrap;C:\Windows\system32\drivers\NVStrap.sys [2008-03-10 04:10]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 20:12:40 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Matthew.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 15:53:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\Program Files\Common Files\aol\Loader\aolload.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
.
**************************************************************************
.
Completion time: 2008-04-14 15:56:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 19:56:09

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 309,179,678,720 bytes free
.
2008-04-09 20:07:06 --- E O F ---
 
Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\Users\Matthew\AppData\Roaming\internet.exe
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


How is your system running now?
Please post a new Hijackthis log.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 
ilikesimpsons said:
Thanks alot!!! internet.exe is gone and I now have all my cpu back. Thanks again for all your help, and it was appreciated.
Click to expand...


Please post the Avenger script and the new HJT log.
I want to make sure everything is gone.
Thank you.
 
You must log in or register to reply here.
Back
Top