View Full Version : Zlob.VideoActiveXAccess removal-Vista
Hello and thanks for your time. 2 days ago my dad downloaded this ActiveX plugin and caught this virus that keeps crashing Windows explorer by overloading on IE tabs. It tries to do this any time a different web page is loaded through AOL or IE, but doesn't react when using Firefox.
I have run S&D and it found 96 inital items, most of which were cookies, but found 7 Zlob entries and several references to Virtumonde entries. It removed all but 1 Zlob entry, but I am still having as much trouble now as before so nothing solved there yet. I ran S&D again and it found, but was unable to remove the 1 Zlob entry again, but that was the only thing it found. I then ran both the CA and Trend Micro scans and both came up with nothing.
Here are the generated reports.
--- Report generated: 2007-07-31 20:21 ---
SpyLocked.FakeAlert: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
VirusProtectPro: Link (File, fixed)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusProtectPro\Uninstall VirusProtectPro 3.5.lnk
VirusProtectPro: Link (File, fixed)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusProtectPro\VirusProtectPro 3.5.lnk
Zlob.VideoActiveXAccess: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-2922032724-3356562638-220989508-1000\Software\Security Tools\Path=...C:\Program Files\Video ActiveX Access...
Zlob.VideoActiveXAccess: Program directory (Directory, fixing failed)
C:\Program Files\Video ActiveX Access\
Zlob.VideoActiveXAccess: Data (File, fixed)
C:\Program Files\Video ActiveX Access\ts.ico
Virtumonde: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2922032724-3356562638-220989508-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
Zlob.VideoActiveXAccess: IE toolbar (Registry value, fixed)
HKEY_USERS\S-1-5-21-2922032724-3356562638-220989508-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
Zlob.VideoActiveXAccess: IE toolbar (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
Zlob.VideoActiveXAccess: Library (File, fixed)
C:\Program Files\Video ActiveX Access\iesplg.dll
Zlob.VideoActiveXAccess: Library (File, fixed)
C:\Program Files\Video ActiveX Access\iesbpl.dll
Zlob.VideoActiveXObject: Executable (File, fixed)
C:\Program Files\Video ActiveX Access\iesmin.exe
AdRevolver: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Bluemountain: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
DirectTrack: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Clickbank: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
BlueStreak: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
CasaleMedia: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Virtumonde: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
AdRevolver: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Win32.Small.ddx: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexList: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
TagASaurus: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
DirectTrack: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
WebTrends live: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Advertising.com: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
DirectTrack: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Statcounter: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
ReliableStats: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
ErrorSafe: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
ErrorSafe: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
SexTracker: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)
Virtumonde: Tracking cookie (Firefox: default) (Cookie, fixed)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, fixed)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, fixed)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexList: Tracking cookie (Firefox: default) (Cookie, fixed)
SexTracker: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
SexTracker: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-31 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-25 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-25 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-25 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-07-25 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-07-25 Includes\Malware.sbi (*)
2007-07-25 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-25 Includes\PUPSC.sbi (*)
2007-07-25 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-25 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-25 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-25 Includes\Trojans.sbi (*)
2007-07-25 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
-----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:06 AM, on 8/2/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\Windows\system32\__c0022D3F.dat
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\__c00C54E9.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9074 bytes
Hi Sliph24
Please post new spybot report and HijackThis log taken in normal mode :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:27 AM, on 8/4/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\ezSP_Px.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1173461808\ee\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\hp\kbd\kbd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\Windows\system32\__c0022D3F.dat
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\__c00C54E9.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10334 bytes
--- Search result list ---
Zlob.VideoActiveXAccess: Program directory (Directory, fixing failed)
C:\Program Files\Video ActiveX Access\
HitsLink: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
Advertising.com: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Sliph24) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-31 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-25 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-25 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-25 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-07-25 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-07-25 Includes\Malware.sbi (*)
2007-07-25 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-25 Includes\PUPSC.sbi (*)
2007-07-25 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-25 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-25 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-25 Includes\Trojans.sbi (*)
2007-07-25 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.0 (Build: 6000)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, ccApp
command: "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: c:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25be770865658cb79100117112819a7c
Located: HK_LM:Run, dvd43
command: C:\Program Files\dvd43\dvd43_tray.exe
file: C:\Program Files\dvd43\dvd43_tray.exe
size: 694272
MD5: 42a441ae3f5fc5ea8d9b8543eeaeadc1
Located: HK_LM:Run, ezShieldProtector for Px
command: C:\Windows\system32\ezSP_Px.exe
file: C:\Windows\system32\ezSP_Px.exe
size: 45056
MD5: fd76c35789d0263be9103527647a8086
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
size: 50736
MD5: c482c535cbfefe722ec1eb7f11f680a3
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821f73b833c4daebc33c1a9a4b16bb5a
Located: HK_LM:Run, hpsysdrv
command: c:\hp\support\hpsysdrv.exe
file: c:\hp\support\hpsysdrv.exe
size: 65536
MD5: 85b8925f1a477df7aec93cabbeb04f1f
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KbdStub.EXE
file: C:\HP\KBD\KbdStub.EXE
size: 65536
MD5: 7088b136bb58a5f95cf0de8386ca6c0f
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a
Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a
Located: HK_LM:Run, osCheck
command: "c:\Program Files\Norton Internet Security\osCheck.exe"
file: c:\Program Files\Norton Internet Security\osCheck.exe
size: 22696
MD5: 9f9169ba9b0e44b6c86a5247cec2cdee
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4227072
MD5: e7c7f22b74263833bae836ab87210821
Located: HK_LM:Run, StartCCC
command: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 90112
MD5: 033ff248550305ed52ed2d2844a8a11b
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200
Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 517768
MD5: c837d17de0b349539aa527ee750ebe2a
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file:
Located: HK_LM:RunOnce, Launcher
command: %WINDIR%\SMINST\launcher.exe
file: C:\Windows\SMINST\launcher.exe
size: 44136
MD5: dbeb9ee2a13d9aa0d5f180757b5a2c26
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539
Located: HK_CU:Run, AOL Fast Start
command: "C:\Program Files\AOL 9.0\AOL.EXE" -b
file: C:\Program Files\AOL 9.0\AOL.EXE
size: 50736
MD5: e217cef5a755f61438253302556a39c6
Located: HK_CU:Run, ehTray.exe
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2e0953919779a44bf9dfb7b07c58535a
Located: HK_CU:Run, HPAdvisor
command: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
file: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1480296
MD5: 5a5254f84a01fecc2c92138d5fbb8468
Located: HK_CU:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
size: 221184
MD5: a379b75a6ffe4dfd3184f35f0141ce91
Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: c4281ad865739e71fd1e4dac19a68d60
Located: HK_CU:Run, Sidebar
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file:
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: HK_CU:Run, WMPNSCFG
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20ef9002cff89c4c1077e4415ec7297b
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (common), HP Connections.lnk
command: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
file: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
size: 34520
MD5: 3754f4c688bfd04bc886112bd6566a9b
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 59854a2b833afdd0a4de7464b5de7fcb
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 1/13/2007 12:11:28 PM
Date (last access): 1/13/2007 12:11:28 PM
Date (last write): 9/27/2006 4:42:50 PM
Filesize: 441408
Attributes: archive
MD5: 2F56D8F57D4CCCD8970F59A40989545F
CRC32: 74FB5695
Version: 2006.9.27.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/18/2006 5:16:42 AM
Date (last access): 3/9/2007 1:46:10 PM
Date (last write): 12/18/2006 5:16:42 AM
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 7.0.9.50
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
BHO name:
CLSID name:
Path: c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\
Long name: NppBHO.dll
Short name:
Date (created): 10/23/2006 2:34:20 PM
Date (last access): 1/13/2007 12:14:28 PM
Date (last write): 10/23/2006 2:34:20 PM
Filesize: 96984
Attributes: readonly archive
MD5: 57E8CF524AFF1D945AABD65B9AAA8075
CRC32: EA607DA7
Version: 2007.1.3.6
{34E6F97C-34E0-4CE5-B92B-F83634BEDC01} ()
BHO name:
CLSID name:
Path: C:\Program Files\Video ActiveX Access\
Long name: iesplg.dll
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/31/2007 7:34:12 PM
Date (last access): 7/31/2007 7:34:12 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: ssv.dll
Short name:
Date (created): 8/2/2007 2:00:16 AM
Date (last access): 7/12/2007 2:22:38 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 6.0.20.6
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
BHO name:
CLSID name:
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
BHO name:
CLSID name: FDMIECookiesBHO Class
Path: C:\Program Files\Free Download Manager\
Long name: iefdmcks.dll
Short name:
Date (created): 4/23/2007 5:18:00 AM
Date (last access): 4/23/2007 5:18:00 AM
Date (last write): 8/20/2006 7:55:00 PM
Filesize: 81920
Attributes: archive
MD5: B48BDBA896C133A4980ADF0036AA07BC
CRC32: 451A7D30
Version: 493.0.0.0
{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
BHO name:
CLSID name:
Path: C:\Windows\system32\
Long name: __c0022D3F.dat
Short name: __C002~1.DAT
Date (created): 7/31/2007 9:49:14 AM
Date (last access): 7/31/2007 9:49:14 AM
Date (last write): 7/31/2007 9:49:16 AM
Filesize: 64991
Attributes: archive
MD5: 5DCEB8B64771AFCA47E42DFACAB5C6AC
CRC32: A82E77D3
--- ActiveX list ---
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\Windows\Downloaded Program Files\webscan.inf
Codebase: http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 11/20/2006 12:02:34 PM
Date (last access): 11/20/2006 12:02:34 PM
Date (last write): 11/20/2006 12:02:34 PM
Filesize: 180282
Attributes: archive
MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48
CRC32: AECD0E4D
Version: 1.1.0.1049
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 7/12/2007 2:22:38 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 7/12/2007 2:22:38 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 7/12/2007 2:22:38 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 2:46:28 PM
Date (last access): 11/9/2006 2:46:28 PM
Date (last write): 11/9/2006 2:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
--- Process list ---
PID: 408 ( 4) \SystemRoot\System32\smss.exe
PID: 536 ( 524) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 584 ( 576) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 592 ( 524) C:\Windows\system32\wininit.exe
size: 95744
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E
PID: 628 ( 592) C:\Windows\system32\services.exe
size: 279552
MD5: 329CF3C97CE4C19375C8ABCABAE258B0
PID: 640 ( 592) C:\Windows\system32\lsass.exe
size: 7680
MD5: 6A0E382E74280E4CC0DF17FE2661D003
PID: 652 ( 592) C:\Windows\system32\lsm.exe
size: 210944
MD5: 77F52395637906269B91264FFE576B51
PID: 876 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 932 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 964 ( 628) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1052 ( 628) C:\Windows\system32\Ati2evxx.exe
size: 606208
MD5: 8067374F7432BE34C7E850E6E0C45184
PID: 1072 ( 628) C:\Windows\system32\Ati2evxx.exe
size: 606208
MD5: 8067374F7432BE34C7E850E6E0C45184
PID: 1096 ( 628) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1132 ( 628) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1148 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1248 ( 628) C:\Windows\system32\SLsvc.exe
size: 2605568
MD5: A1DCD30534835CB67733AD00175125A6
PID: 1280 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1432 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1568 ( 628) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 108648
MD5: FE69C498B922CE835E2E2123FBD0A272
PID: 1820 ( 628) c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
size: 46736
MD5: 2FE779B1A07747FED8074C433C3C4604
PID: 2040 ( 628) C:\Windows\System32\spoolsv.exe
size: 124928
MD5: DA612EF2556776DF2630B68BF2D48935
PID: 352 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2380 ( 628) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 2416 ( 628) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 554616
MD5: C0E25BB0E6A159D332048AFAA2ED24CE
PID: 2484 ( 628) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 61440
MD5: 6E5DAC168D1FF9843E84A59D51D31107
PID: 2568 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2632 ( 628) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2680 ( 628) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2736 ( 628) C:\Windows\system32\SearchIndexer.exe
size: 287744
MD5: 5DE40982E3AE45DC00586A93637B351B
PID: 2844 ( 628) C:\Windows\system32\DRIVERS\xaudio.exe
size: 386560
MD5: 15A317674A08DF26BE65164D959E9203
PID: 2948 (1132) C:\Windows\system32\WUDFHost.exe
size: 143360
MD5: 8D5DE07842A2B50D8B20EA1CD44AC97F
PID: 3048 (1148) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3572 ( 628) C:\Program Files\Windows Media Player\wmpnetwk.exe
size: 895488
MD5: ACB2E63D50157E3EA7140F29D9E76A48
PID: 4892 ( 628) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174152
MD5: 2698CD77F4D73EA7988F0BC63DE8E3D6
PID: 5240 ( 628) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
size: 36864
MD5: 7EF57375636991F794BF40B522A8E7EF
PID: 4444 ( 628) C:\Windows\system32\vssvc.exe
size: 924160
MD5: E0E29D9EF2524ABD11749C7C2FD7F607
PID: 5872 ( 628) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 5768 (4748) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 5232 (4748) C:\Windows\system32\winlogon.exe
size: 308224
MD5: 9F75392B9128A91ABAFB044EA350BAAD
PID: 5760 (1072) C:\Windows\system32\Ati2evxx.exe
size: 606208
MD5: 8067374F7432BE34C7E850E6E0C45184
PID: 4276 (1148) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 5644 (1132) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 5664 (2796) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 5404 (2796) C:\hp\support\hpsysdrv.exe
size: 65536
MD5: 85B8925F1A477DF7AEC93CABBEB04F1F
PID: 508 (2796) C:\Windows\RtHDVCpl.exe
size: 4227072
MD5: E7C7F22B74263833BAE836AB87210821
PID: 4192 (2796) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 5588 (2796) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 1120 (2796) C:\Windows\System32\ezSP_Px.exe
size: 45056
MD5: FD76C35789D0263BE9103527647A8086
PID: 268 (2796) C:\Program Files\dvd43\DVD43_Tray.exe
size: 694272
MD5: 42A441AE3F5FC5EA8D9B8543EEAEADC1
PID: 3332 (4240) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
size: 49152
MD5: 36B9FC05B2091A5782D4A0189FE1735C
PID: 4296 (2796) C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896E712A34D654A337C8CBB9DEB07200
PID: 2820 (2796) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1196032
MD5: 43632977504B323F8A41BF7A9965C453
PID: 4252 (2796) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1480296
MD5: 5A5254F84A01FECC2C92138D5FBB8468
PID: 4544 (2796) C:\Windows\ehome\ehtray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
PID: 4804 (2796) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 1420 (2796) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 5972 (2796) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
size: 34520
MD5: 3754F4C688BFD04BC886112BD6566A9B
PID: 2404 ( 644) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 504 ( 876) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 693E4C15CEE5D6487D7913A2701B5E40
PID: 2928 (5148) C:\Program Files\Common Files\AOL\1173461808\ee\aolsoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3
PID: 5744 ( 876) C:\Windows\system32\wbem\unsecapp.exe
size: 37376
MD5: E19C7BCE081B85F86F03AE9D82FFA77B
PID: 5908 ( 876) C:\Windows\system32\wbem\wmiprvse.exe
size: 245248
MD5: CD8A7F4847DD181903E6B2F1924E723E
PID: 3448 (3332) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
size: 49152
MD5: 0FC4CA031C46CE1BBDD8A7E91ED2251B
PID: 4828 ( 876) C:\Windows\system32\wbem\wmiprvse.exe
size: 245248
MD5: CD8A7F4847DD181903E6B2F1924E723E
PID: 3904 ( 876) C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
size: 505520
MD5: 42BB5676661C1A9D301C0E3E473F1000
PID: 5780 (4416) C:\hp\kbd\kbd.exe
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
PID: 4468 (1796) C:\Program Files\AOL 9.0\waol.exe
size: 38960
MD5: D2CB10AC469351AF781957E5EA535229
PID: 3184 (4468) C:\Program Files\AOL 9.0\shellmon.exe
size: 54832
MD5: E2D790DBB55C04414656CE1A0D3FDDD5
PID: 4032 (5748) C:\Program Files\Internet Explorer\ieuser.exe
size: 294912
MD5: 0F1C3A2F9B12C5973CB7D4D09119C4E9
PID: 3472 (2796) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 1220 (1096) audiodg.exe
PID: 3088 (5852) C:\Program Files\Internet Explorer\iexplore.exe
size: 625152
MD5: 10BDB55982586A432A3951EB19A26009
PID: 4972 ( 516) C:\Windows\Explorer.EXE
size: 2923520
MD5: FD8C53FB002217F6F888BCF6F5D7084D
PID: 2616 (4972) C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
size: 396288
MD5: C4CA7416A6DF6D95075F81D9E3B41AD1
PID: 6040 (2616) C:\Windows\system32\NOTEPAD.EXE
size: 151040
MD5: FF7F14FDA901090E337488A1900E3660
PID: 3900 (2736) C:\Windows\system32\SearchProtocolHost.exe
size: 204288
MD5: 2A0B63014AD1ED027D47A58C89F4A1AA
PID: 496 (2736) C:\Windows\system32\SearchFilterHost.exe
size: 76288
MD5: 78B5AE488DCD24556CF976BE0BBA82BE
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/4/2007 2:11:40 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.camelotherald.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D896F0C-759B-42EF-876C-87A017EF7123}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D896F0C-759B-42EF-876C-87A017EF7123}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D896F0C-759B-42EF-876C-87A017EF7123}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D896F0C-759B-42EF-876C-87A017EF7123}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
--- Uninstall list ---
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54 07.12.30.54 (12bbe590-c890-11d9-9669-0800200c9a66_is1)
install date: 20070522
install location: C:\Program Files\The Lord of the Rings Online\
uninstall cmd: "C:\Program Files\The Lord of the Rings Online\unins000.exe"
publisher: Midway Home Entertainment Inc
comments: Developed by Turbine, Inc.
help link: http://www.lotro.com/support
(AddressBook)
3.0 (Adobe PhotoDeluxe Home Edition 3.0)
install location: C:\Program Files\PhotoDeluxe HE 3.0
install source: E:\ADOBE\ENGLISH\INSTALL\
uninstall cmd: C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
publisher: Adobe Systems, Inc.
ATI - Software Uninstall Utility 6.14.10.1014 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
AOL Uninstaller (Choose which Products to Remove) (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe
(AOLOCP_N)
ATI Display Driver 8.203.4-051211a-028709C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\Windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Soft Data Fax Modem with SmartCP (CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
(Connection Manager)
Dark Age of Camelot - Catacombs (Dark Age of Camelot - Catacombs_is1)
install location: C:\Mythic\Catacombs\
uninstall cmd: C:\Mythic\Catacombs\unins000.exe
Dark Age of Camelot - Darkness Rising (Dark Age of Camelot - Darkness Rising_is1)
install location: C:\Mythic\Darkness\
uninstall cmd: "C:\Mythic\Darkness\unins000.exe"
Dark Age of Camelot - Labyrinth of the Minotaur (Dark Age of Camelot - Labyrinth of the Minotaur_is1)
install location: C:\Mythic\Labyrinth\
uninstall cmd: "C:\Mythic\Labyrinth\unins000.exe"
(DirectDrawEx)
Dungeon Siege 2 (DungeonSiege2)
install location: C:\Program Files\Microsoft Games\Dungeon Siege 2
uninstall cmd: "C:\Program Files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
publisher: Microsoft
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Games\Dungeon Siege 2\Readme.rtf
DVD43 v3.9.0 (DVD43_is1)
install location: C:\Program Files\dvd43\
uninstall cmd: "C:\Program Files\dvd43\unins000.exe"
DVDneXtCOPY Pro (DVDneXtCOPY Pro)
uninstall cmd: C:\Program Files\DVDneXtCOPY2\uninstall.exe
(DXM_Runtime)
Flame Skin (Flame Skin)
uninstall cmd: C:\Program Files\Common Files\DVDnextCOPY2\Skins\Flame\uninstall.exe
(Fontcore)
Free Download Manager 2.1 (Free Download Manager_is1)
install location: C:\Program Files\Free Download Manager\
uninstall cmd: "C:\Program Files\Free Download Manager\unins000.exe"
publisher: FreeDownloadManager.ORG
help link: http://www.freedownloadmanager.org/
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org
HP PrecisionScan LT Software (HP PrecisionScan LT Software)
uninstall cmd: C:\PROGRAM FILES\SCANJET\PrecisionScanLT\uninstal.exe C:\PROGRAM FILES\SCANJET\PrecisionScanLT\uninstal.cfg
HP Connections (remove only) (HPOOVClient-6811507 Uninstaller)
uninstall cmd: C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
IExplorer Security Plug-in (IExplorer Security Plug-in)
uninstall cmd: "C:\Program Files\Video ActiveX Access\iesunst.exe"
Internet Explorer Secure Bar (Internet Explorer Secure Bar)
uninstall cmd: "C:\Program Files\Video ActiveX Access\iesbunst.exe"
Enhanced Multimedia Keyboard Solution (KBD)
uninstall cmd: C:\HP\KBD\Install.exe /u
publisher: Hewlett-Packard
LiveUpdate 3.2 (Symantec Corporation) 3.2.0.41 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 Hotfix (KB929729) (M929729)
uninstall cmd: "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Messenger Service (Messenger Service)
uninstall cmd: "C:\Program Files\Video ActiveX Access\imsunst.exe"
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(MobileOptionPack)
Mozilla Firefox (2.0.0.4) 2.0.0.4 (en-US) (Mozilla Firefox (2.0.0.4))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
(My HP Game Console)
install location: C:\Program Files\HP Games\My HP Game Console
uninstall cmd: "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
publisher: WildTangent
help link: http://support.wildgames.com
Netscape Browser (remove only) (Netscape Browser)
uninstall cmd: "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\Windows\system32\NVUNINST.EXE UninstallGUI
Hardware Diagnostic Tools 5.00.4262.12 (PC-Doctor 5 for Windows)
install location: C:\Program Files\PC-Doctor 5 for Windows\
uninstall cmd: C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
publisher: PC-Doctor, Inc.
comments: Personal Computer Diagnostics Software
contact: Customer Support Department
PokerStars (PokerStars)
install date: Tue Jun 26 16:13:33 2007
install location: C:\Program Files\PokerStars
install source: C:\Users\Sliph24\Documents\Bege DLs\Game Updates\PokerStarsInstall.exe
uninstall cmd: "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
publisher: PokerStars
(SchedulingAgent)
(Sevinst)
Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Norton Internet Security (Symantec Corporation) 10.1.0.26 (SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B})
install location: C:\Program Files\Norton Internet Security
install source: c:\hp\tmp\src
uninstall cmd: "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
publisher: Symantec Corporation
Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VistaBlack Skin (VistaBlack Skin)
uninstall cmd: C:\Program Files\Common Files\DVDnextCOPY2\Skins\VistaBlack\uninstall.exe
My HP Games HPCMPQ1505 (WildTangent hpdesktop Master Uninstall)
install location: C:\Program Files\HP Games
uninstall cmd: "C:\Program Files\HP Games\Uninstall.exe"
publisher: WildTangent
WT014844 (WT014844)
install location: C:\Program Files\HP Games\The Apprentice
uninstall cmd: "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014845 (WT014845)
install location: C:\Program Files\HP Games\Bejeweled 2 Deluxe
uninstall cmd: "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014847 (WT014847)
install location: C:\Program Files\HP Games\Blackhawk Striker 2
uninstall cmd: "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014848 (WT014848)
install location: C:\Program Files\HP Games\Boggle Supreme
uninstall cmd: "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014849 (WT014849)
install location: C:\Program Files\HP Games\Bookworm Deluxe
uninstall cmd: "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014851 (WT014851)
install location: C:\Program Files\HP Games\Chuzzle Deluxe
uninstall cmd: "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014852 (WT014852)
install location: C:\Program Files\HP Games\Crystal Maze
uninstall cmd: "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014853 (WT014853)
install location: C:\Program Files\HP Games\Family Feud
uninstall cmd: "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014855 (WT014855)
install location: C:\Program Files\HP Games\Final Drive Nitro
uninstall cmd: "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014857 (WT014857)
install location: C:\Program Files\HP Games\Insaniquarium Deluxe
uninstall cmd: "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014858 (WT014858)
install location: C:\Program Files\HP Games\Jewel Quest
uninstall cmd: "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014861 (WT014861)
install location: C:\Program Files\HP Games\Penguins!
uninstall cmd: "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014862 (WT014862)
install location: C:\Program Files\HP Games\Polar Golfer
uninstall cmd: "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014865 (WT014865)
install location: C:\Program Files\HP Games\SCRABBLE
uninstall cmd: "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014867 (WT014867)
install location: C:\Program Files\HP Games\Slingo Deluxe
uninstall cmd: "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014868 (WT014868)
install location: C:\Program Files\HP Games\Super Granny
uninstall cmd: "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014869 (WT014869)
install location: C:\Program Files\HP Games\Tradewinds
uninstall cmd: "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014871 (WT014871)
install location: C:\Program Files\HP Games\Zuma Deluxe
uninstall cmd: "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014888 (WT014888)
install location: C:\Program Files\HP Games\Polar Bowler
uninstall cmd: "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014890 (WT014890)
install location: C:\Program Files\HP Games\Bistro Stars
uninstall cmd: "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014891 (WT014891)
install location: C:\Program Files\HP Games\Blasterball 2 Revolution
uninstall cmd: "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014894 (WT014894)
install location: C:\Program Files\HP Games\Diner Dash
uninstall cmd: "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014895 (WT014895)
install location: C:\Program Files\HP Games\JEOPARDY
uninstall cmd: "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014896 (WT014896)
install location: C:\Program Files\HP Games\LEGO Builder Bots
uninstall cmd: "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014897 (WT014897)
install location: C:\Program Files\HP Games\Mahjong Journey of Enlightenment
uninstall cmd: "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014898 (WT014898)
install location: C:\Program Files\HP Games\Ocean Express
uninstall cmd: "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014899 (WT014899)
install location: C:\Program Files\HP Games\Polar Golfer Pineapple Cup
uninstall cmd: "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014900 (WT014900)
install location: C:\Program Files\HP Games\Tornado Jockey
uninstall cmd: "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT014901 (WT014901)
install location: C:\Program Files\HP Games\Wheel of Fortune
uninstall cmd: "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT015733 (WT015733)
install location: C:\Program Files\HP Games\FATE
uninstall cmd: "C:\Program Files\HP Games\FATE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
WT015797 (WT015797)
install location: C:\Program Files\HP Games\Blasterball 3
uninstall cmd: "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Desktops
Xfire (remove only) (Xfire)
uninstall cmd: "C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar for Internet Explorer (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar (Yahoo! Toolbar)
Microsoft Office 2000 Professional 9.00.2720 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 171235
install date: 20070323
install source: E:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt
Skins 2007.0613.1506.25058 ({016FAA82-CBD7-B010-A203-E4BB000E8CA5})
version (major): 2007
version (minor): 613
estimated size: 3380
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Skins\
publisher: ATI
HP Total Care Advisor 1.0.90 ({0373779B-A362-4B2E-B8E9-7442F19F9394})
version: 16777306
version (major): 1
estimated size: 25054
install date: 20070113
install location: C:\Program Files\Hewlett-Packard\HP Advisor\
install source: C:\Users\ADMINI~1\AppData\Local\Temp\_is2FC6\
uninstall cmd: MsiExec.exe /X{0373779B-A362-4B2E-B8E9-7442F19F9394}
publisher: Hewlett-Packard
Roxio Creator Tools 3.3.0 ({0394CDC8-FABD-4ed8-B104-03393876DFDF})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 353
install date: 20070113
install source: c:\hp\tmp\src\RCP_TOOLS_33\
uninstall cmd: MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
publisher: Roxio
help link: http://support.sonic.com/
Roxio Creator Data 3.3.0 ({0D397393-9B50-4c52-84D5-77E344289F87})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 844
install date: 20070113
install source: c:\hp\tmp\src\RCP_DATA_33\
uninstall cmd: MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
publisher: Roxio
help link: http://support.sonic.com/
Roxio Creator EasyArchive 3.3.0 ({11F93B4B-48F0-4A4E-AE77-DFA96A99664B})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 1542
install date: 20070113
install source: c:\hp\tmp\src\RCP_EASYARCHIVE_33\
uninstall cmd: MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
publisher: Roxio
AutoUpdate 1.0 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX
CCC Help English 2007.0613.1505.25058 ({1BCF8B9C-5ED4-64E8-28B6-BF0921164A3A})
version (major): 2007
version (minor): 613
estimated size: 745
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Help\en-us\
publisher: ATI
The Battle for Middle-earth (tm) II ({2A9F95AB-65A3-432c-8631-B8BC5BF7477A})
uninstall cmd: C:\Program Files\The Battle for Middle-earth (tm) II\EAUninstall.exe
SymNet 7.1.0.27 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 3042
install date: 20070113
install source: c:\hp\tmp\src\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation
Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 136370
install date: 20070802
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt
Norton Internet Security 10.1.0.26 ({3672B097-EA69-4bfe-B92F-29AE6D9D2B34})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 341
install date: 20070113
install source: c:\hp\tmp\src\Support\SymMCEAI\
uninstall cmd: MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
publisher: Symantec Corporation
Catalyst Control Center Graphics Previews Vista 2007.0613.1506.25058 ({36ED5E89-80BC-AE3C-C23E-4B5D976FB57C})
version (major): 2007
version (minor): 613
estimated size: 8554
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Graphics-Previews-Vista\
publisher: ATI
MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 1269
install date: 20070309
install source: c:\04dd996acc37017ac5729404a3\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978
ccCommon 106.1.1.4 ({3CCAD2EF-CFF2-4637-82AA-AABF370282D3})
version: 1778450433
version (major): 106
version (minor): 1
estimated size: 6561
install date: 20070113
install source: c:\hp\tmp\src\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
publisher: Symantec
Star Wars Battlefront II 1.0 ({3D374523-CFDE-461A-827E-2A102E2AB365})
version: 16777216
install date: 20070322
install location: C:\Program Files\LucasArts\Star Wars Battlefront II
install source: E:\GameData\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
publisher: LucasArts
ATI HYDRAVISION 3.25.0006 ({3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Catalyst Control Center Graphics Full Existing 2007.0613.1506.25058 ({3EE6D8DF-B228-0035-DD2F-86AFA06C7F1D})
version (major): 2007
version (minor): 613
estimated size: 16490
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Graphics-Full-Existing\
publisher: ATI
Google Earth 4.1.7087.5048 ({407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B})
version: 67181487
version (major): 4
version (minor): 1
estimated size: 34617
install date: 20070709
install location: C:\Program Files\Google\Google Earth\
install source: C:\Users\Sliph24\AppData\Local\Temp\{9395DA02-A065-48C5-A8B1-21DFF9EB9ACB}\
uninstall cmd: MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
publisher: Google
HP Easy Setup - Frontend 5.00.0000 ({40F7AED3-0C7D-4582-99F6-484A515C73F2})
version: 83886080
install date: 20070113
install location: C:\Program Files\Hewlett-Packard\HP Easy Setup - Frontend
install source: c:\hp\tmp\src\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
publisher: Hewlett-Packard
RTC Client API v1.2 1.2.0000 ({44CDBD1B-89FB-4E02-8319-2A4C550F664A})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 109
install date: 20070309
install source: C:\Windows\Downloaded Installations\{8B8CC108-E0E3-483D-BCEB-A2739AF752B8}\
uninstall cmd: MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
publisher: Microsoft
comments: This program installs RTC API 1.2 libraries. It installs the rtcclnt.msm so that the Side by Side RTC Client API v1.2 DLLs are available for the samples inside RtcApiSDK.msi.
contact: Customer Support Department
help link: http://support.microsoft.com/
help telephone: 1-000-000-0000
ccc-utility 2007.0613.1506.25058 ({45087352-A6D6-B8C2-7D31-E98488E474C3})
version (major): 2007
version (minor): 613
estimated size: 233
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Utility\
publisher: ATI
Norton Internet Security 10.1.0.26 ({48185814-A224-447A-81DA-71BD20580E1B})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 9395
install date: 20070113
install source: c:\hp\tmp\src\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
publisher: Symantec Corporation
Norton Confidential Browser Component 1.1.0.6 ({4843B611-8FCB-4428-8C23-31D0A5EAE164})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 2797
install date: 20070113
install source: c:\hp\tmp\src\Support\NCO\
uninstall cmd: MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
publisher: Symantec Corporation
HP Picasso Media Center Add-In 1.0.0 ({55979C41-7D6A-49CC-B591-64AC1BBE2C8B})
version: 16777216
version (major): 1
estimated size: 12
install date: 20070113
install source: c:\hp\tmp\rc\
uninstall cmd: MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
publisher: HP
contact: HP
Windows Live Messenger 8.1.0178.00 ({571700F0-DB9D-4B3A-B03D-35A14BB5939F})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 30209
install date: 20070319
install source: C:\Users\Sliph24\AppData\Local\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
publisher: Microsoft Corporation
Norton Internet Security 10.1.0.26 ({5AA2CD16-706F-41f3-87C5-2B5A031F2B3B})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 60160
install date: 20070113
install source: c:\hp\tmp\src\Setup\
uninstall cmd: MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
publisher: Symantec Corporation
Roxio Creator Copy 3.3.0 ({619CDD8A-14B6-43a1-AB6C-0F4EE48CE048})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 640
install date: 20070113
install source: c:\hp\tmp\src\RCP_COPY_33\
uninstall cmd: MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
publisher: Roxio
help link: http://support.sonic.com/
Roxio Express Labeler 3 2.1.0 ({6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 16724
install date: 20070113
install source: c:\hp\tmp\src\EXPRESSLABELER_31\
uninstall cmd: MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
publisher: Roxio
Macromedia Flash Player 8 8.0.22.0 ({6815FCDD-401D-481E-BA88-31B4754C2B46})
version: 134217750
version (major): 8
estimated size: 1390
install date: 20070323
install location: C:\Windows\system32\Macromed\Flash\
install source: C:\Program Files\Netscape\Netscape Browser\
uninstall cmd: MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Catalyst Control Center Core Implementation 2007.0613.1506.25058 ({6B1504EB-125A-C0E4-7690-788522F28DB4})
version (major): 2007
version (minor): 613
estimated size: 7269
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Core-Implementation\
publisher: ATI
Microsoft Works 08.05.0818 ({6D52C408-B09A-4520-9B18-475B81D393F1})
version: 134546226
version (major): 8
version (minor): 5
estimated size: 272149
install date: 20070113
install source: c:\hp\tmp\src\MSWORKS\
uninstall cmd: MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: http://go.microsoft.com/fwlink/?LinkId=6831
help telephone:
Catalyst Control Center Graphics Full New 2007.0613.1506.25058 ({7185C3BF-2352-DBF5-3AD1-5D0F62038BEC})
version (major): 2007
version (minor): 613
estimated size: 474
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Graphics-Full-New\
publisher: ATI
Python 2.4.3 2.4.3150 ({75E71ADD-042C-4F30-BFAC-A9EC42351313})
version: 33819726
version (major): 2
version (minor): 4
estimated size: 30049
install date: 20070113
install source: C:\hp\tmp\
uninstall cmd: MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
publisher: Martin v. Löwis
SPBBC 32bit 3.1.1.4 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 50397185
version (major): 3
version (minor): 1
estimated size: 3660
install date: 20070113
install location: C:\Program Files\Norton Internet Security
install source: c:\hp\tmp\src\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Symantec Corporation
Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2392
install date: 20070419
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com
GameShadow 1.91.0000 ({79E147E8-2113-4BE0-9AB4-360B85CC3051})
version: 22740992
version (major): 1
version (minor): 91
estimated size: 19681
install date: 20070311
install location: C:\Program Files\GameShadow\
install source: C:\Windows\Downloaded Installations\{CAF80D4E-5D7D-4E21-90DE-3CE6B423FE0F}\
uninstall cmd: MsiExec.exe /I{79E147E8-2113-4BE0-9AB4-360B85CC3051}
publisher: Aardwork Software Ltd
DivX 5.2.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivXNetworks, Inc.
Norton AntiVirus 14.1.0.27 ({830D8CBD-C668-49e2-A969-C2C2106332E0})
version: 234946560
version (major): 14
version (minor): 1
estimated size: 52817
install date: 20070113
install source: c:\hp\tmp\src\NAV\
uninstall cmd: MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
publisher: Symantec Corporation
Roxio Creator Audio 3.3.0 ({83FFCFC7-88C6-41c6-8752-958A45325C82})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 1170
install date: 20070113
install source: c:\hp\tmp\src\RCP_AUDIO_33\
uninstall cmd: MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
publisher: Roxio
help link: http://support.sonic.com/
3.0.7.009 ({8ADC27DB-E2C8-446C-A576-166C05C2DD24})
version: 50331655
version (major): 3
estimated size: 192
install date: 20070113
install source: c:\hp\drivers\hpsu\
publisher: Hewlett-Packard
HP Update 4.000.005.007 ({8C6027FD-53DC-446D-BB75-CACD7028A134})
version: 67108869
version (major): 4
estimated size: 3646
install date: 20070318
install source: C:\Users\Sliph24\AppData\Local\Temp\pft54E5.tmp\
uninstall cmd: MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
publisher: Hewlett-Packard
contact: http://www.hp.com/support
Catalyst Control Center Graphics Light 2007.0613.1506.25058 ({8F8803A2-B626-045D-0344-A606FE70D795})
version (major): 2007
version (minor): 613
estimated size: 3325
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Graphics-Light\
publisher: ATI
ATI Catalyst Install Manager 3.0.627.0 ({91CE5D1B-45AF-FE93-1DEE-18DAC46CD598})
version: 50332275
version (major): 3
estimated size: 14093
install date: 20070725
install location: C:\Program Files\ATI\CIM\
install source: C:\ATI\SUPPORT\7-7_vista32_dd_49713\Packages\Apps\CIM\Win32\
publisher: ATI Technologies, Inc.
contact: ATI Customer Support
help link: https://support.ati.com
help telephone: 905-882-2600
Norton Protection Center 2007.1.2.11 ({9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8})
version (major): 2007
version (minor): 1
estimated size: 5346
install date: 20070113
install source: c:\hp\tmp\src\Support\uiNPC\
uninstall cmd: MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
publisher: Symantec Corporation
HP Customer Feedback 1.0.0 ({9DBA770F-BF73-4D39-B1DF-6035D95268FC})
version: 16777216
version (major): 1
estimated size: 116
install date: 20070113
install source: C:\hp\tmp\src\
uninstall cmd: MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
publisher: Hewlett-Packard
contact: Hewlett-Packard
Microsoft Visual C++ 2005 Redistributable 8.0.50727.42 ({A49F249F-0C91-497F-86DF-B2585E8E76B7})
version: 134268455
version (major): 8
estimated size: 558
install date: 20070113
install source: C:\Users\ADMINI~1\AppData\Local\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
publisher: Microsoft Corporation
HP Customer Experience Enhancements 1.00.0000 ({AB5E289E-76BF-4251-9F3F-9B763F681AE0})
version: 16777216
install date: 20070113
install location: C:\Program Files\Hewlett-Packard\HP Customer Experience Enhancements
install source: c:\hp\tmp\src\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
publisher: Hewlett-Packard
Adobe Reader 7.0.9 7.0.9 ({AC76BA86-7AD7-1033-7B44-A70900000002})
version: 117440521
version (major): 7
estimated size: 66715
install date: 20070309
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Catalyst Control Center Graphics Previews Common 2007.0613.1506.25058 ({ADFB4238-5146-3240-D069-7764BC84677D})
version (major): 2007
version (minor): 613
estimated size: 2178
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Graphics-Previews-Common\
publisher: ATI
MSRedist 1.0.0.0 ({B7C61755-DB48-4003-948F-3D34DB8EAF69})
version: 16777216
version (major): 1
estimated size: 4507
install date: 20070113
install source: c:\hp\tmp\src\Support\Redist\
uninstall cmd: MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
publisher: Symantec Corporation
muvee autoProducer 5.0 5.00.050 ({B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9})
version: 83886130
install location: C:\Program Files\muvee Technologies\muvee autoProducer 5.0 - HPD
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}\setup.exe" -l0x9
publisher: muvee Technologies
help link: http://store.muvee.com/?f=support&k=&w=01030385&l=1033
Pivot Stickfigure Animator 2.2.5 ({BEAD39CD-901D-4267-8B8B-EAA83CB4B70D})
version: 33685509
version (major): 2
version (minor): 2
estimated size: 1041
install date: 20070319
install source: C:\Users\Sliph24\AppData\Local\Temp\
uninstall cmd: MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
publisher: Peter Bone
contact: peterbone@hotmail.com
help link: http://groups.msn.com/Pivotanimation
help telephone: -
Roxio Creator Basic v9 3.3.0 ({C8B0680B-CDAE-4809-9F91-387B6DE00F7C})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 26922
install date: 20070113
install source: c:\hp\tmp\src\RCP_CORE_33\
uninstall cmd: MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
publisher: Roxio
help link: http://support.sonic.com/
MIS Info Video 2.5.0 2.5.0 ({C9041B58-9992-4C43-BF4E-36ECA264F5EB})
version: 33882112
version (major): 2
version (minor): 5
estimated size: 15675
install date: 20070313
install location: C:\Program Files\McGrath Info Solution\MIS Info Video\
install source: C:\Windows\Downloaded Installations\{971E8063-3BCB-4AE5-AE0E-61C2D0743BCE}\
uninstall cmd: MsiExec.exe /I{C9041B58-9992-4C43-BF4E-36ECA264F5EB}
publisher: McGrath Info Solution
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 67662
install date: 20070711
install source: C:\Users\Sliph24\AppData\Local\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Norton Confidential Web Protection Component 1.1.0.6 ({D353CC51-430D-4C6F-9B7E-52003DA1E05A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 961
install date: 20070113
install source: c:\hp\tmp\src\Support\NCO\
uninstall cmd: MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
publisher: Symantec Corporation
ccc-core-static 2007.0613.1506.25058 ({D642F190-8EC6-E9B7-83F4-5BA53E2C4C0B})
version (major): 2007
version (minor): 613
estimated size: 4445
install date: 20070708
install location: C:\Program Files\ATI Technologies\
install source: C:\ATI\SUPPORT\7-6_vista32_dd_ccc_wdm_enu_48645\Driver\Packages\Apps\CCC\Core-Static\
publisher: ATI
Symantec Real Time Storage Protection Component 10.1.5.4 ({D6E6FA4A-5445-4850-8365-CF216C1CBB7A})
version: 167837701
version (major): 10
version (minor): 1
estimated size: 1591
install date: 20070403
install source: C:\PROGRA~2\Symantec\LIVEUP~1\DOWNLO~1\Updt795\
publisher: Symantec Corporation
LiveUpdate Notice (Symantec Corporation) 1.2.0 ({DBA4DB9D-EE51-4944-A419-98AB1F1249C8})
version: 16908288
version (major): 1
If you would like the Services(registry key), please let me know. It was over half the report and will be about 8 more posts.
version (minor): 2
estimated size: 4607
install date: 20070731
install source: C:\PROGRA~2\Symantec\LIVEUP~1\DOWNLO~1\Updt559\
uninstall cmd: MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
publisher: Symantec Corporation
LightScribe 1.4.124.1 1.4.124.1 ({E1180142-3B31-4DCC-9D27-7AC2D37662BF})
version: 17039484
version (major): 1
version (minor): 4
estimated size: 4118
install date: 20070113
install location: c:\Program Files\Common Files\LightScribe\
install source: c:\hp\DRIVERS\LightScribe\
publisher: http://www.lightscribe.com
comments: LightScribe
contact: LightScribe
help link: http://www.lightscribe.com
help telephone: 1-000-000-0000
Norton Internet Security 10.1.0 ({E3EFA461-EB83-4C3B-9C47-2C1D58A01555})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 1132
install date: 20070113
install source: c:\hp\tmp\src\Support\HelpMSI\
uninstall cmd: MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
publisher: Symantec Corp.
Norton Internet Security 10.1.0.26 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 1002
install date: 20070113
install source: c:\hp\tmp\src\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation
AppCore 1 ({EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B})
version: 16777216
version (major): 1
estimated size: 457
install date: 20070113
install source: c:\hp\tmp\src\Support\AppCore\
uninstall cmd: MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
publisher: Symantec Corporation
Realtek High Definition Audio Driver 6.0.1.5322 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 34799616
install date: 20070113
install location: C:\Program Files\Realtek\InstallShield\
install source: c:\hp\DRIVERS\realtek_HD_AUDIO\
uninstall cmd: RtlUpd.exe -r -m
publisher: Realtek Semiconductor Corp.
Neverwinter Nights 2 1.00.0000 ({F20C1251-1D0A-4944-B2AE-678581B33B19})
version: 16777216
install date: 20070310
install location: C:\Program Files\Neverwinter Nights 2
install source: E:\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
publisher: Obsidian
help link: http://www.atari.com
AV 1 ({F4DB525F-A986-4249-B98B-42A8066251CA})
version: 16777216
version (major): 1
estimated size: 4971
install date: 20070113
install source: c:\hp\tmp\src\Support\AV\
uninstall cmd: MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
publisher: Symantec Corporation
HP Easy Setup - Core 1.00.0000 ({F94234DB-FD06-42C3-B88D-6FC4DC9F988C})
version: 16777216
install date: 20070113
install location: C:\Program Files\Hewlett-Packard\HP Easy Setup - Core
install source: c:\hp\tmp\src\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
publisher: Hewlett-Packard
If you would like the Services (Registry Key) logs also, please let me know as it will be another 8 or so posts and I don't know what all portions you need to help.
Hi
Open HijackThis, click do a system scan only and checkmark these:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\Windows\system32\__c0022D3F.dat
O20 - AppInit_DLLs: C:\Windows\system32\__c00C54E9.dat
Close all windows including browser and press fix checked.
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________
Delete these:
C:\Program Files\Video ActiveX Access
C:\Windows\system32\__c0022D3F.dat
C:\Windows\system32\__c00C54E9.dat
Empty Recycle Bin
______________________________
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.
For Internet Explorer 7
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
For Internet Explorer 4.x - 6.x
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
For Netscape 4.x and Up
Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.
For Opera
Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Unselect Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________
Please post:
AVG Anti-Spyware log
A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
C:\Program Files\Video ActiveX Access -- denied access to everything I tried to do to delete it. Tried to change security rights for the folder and that was denied also.
C:\Windows\system32\_c0022d3f.dat -- Couldn't find file
C:\Windows\system32\_c00c54e9.dat -- Deleted
cleared the windows\temp files
I couldn't find any Documents and settings\__\local settings Folder within Vista? I have never seen this folder in Vista. Searched for Documents, Settings, Local setting, and all turned up dead ends.
IE browser cleared
Mozilla browser cleared
Recycling bin emptied
AVG found Nothing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:05 PM, on 8/4/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\aol\1173461808\ee\aolsoftware.exe
C:\Windows\System32\ezSP_Px.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\__c00C54E9.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10056 bytes
Hi
Open HijackThis, click do a system scan only and checkmark this:
O20 - AppInit_DLLs: C:\Windows\system32\__c00C54E9.dat
Close all windows including browser and press fix checked.
Reboot.
Copy text below to Notepad and save it as delvaa.bat (save it as all files, *.*)
@ECHO OFF
attrib -r -h C:\Program Files\Video ActiveX Access\*.*
del /a /f /q C:\Program Files\Video ActiveX Access\*.*
RD /s /q "C:\Program Files\Video ActiveX Access"
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG
Doubleclick delvaa.bat; black dos windows will flash, that's normal.
(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)
Post a fresh HijackThis log
Is C:\Program Files\Video ActiveX Access now gone?
the appinit dll file was removed, but the .bat file didn't delete the Video ActiveX Access file. I did notice that the security setting has been modified thus: In all other files I've looked at, there is a security setting under the properties for each file. The settings are: User(lowest), Administrator(medium), and System(highest). However, with the file C:\Program Files\VideoActiveXAccess it has a level above system called Creator. I'm working on finding how to nullify or bypass these security settings through windows. If you know anything let me know please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:44 PM, on 8/5/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\aol\1173461808\ee\aolsoftware.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\ezSP_Px.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10152 bytes
Finally gained control over the file and used the delvaa.bat to remove it. Unfortunately I'm not sure what I did this time that made it different from the 20 times I tried it before ;(
So far everything seems in good working order. Here's a new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38 PM, on 8/5/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\aol\1173461808\ee\aolsoftware.exe
C:\Windows\System32\ezSP_Px.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\hp\kbd\kbd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camelotherald.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173461808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9942 bytes
Hi
That's great :)
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Here is the Dr. Web Report.
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;Incurable.Moved.;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;Incurable.Moved.;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStor;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Windows\System3;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\AppData\Local\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\AppData\Local\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualSto;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Windows\System;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Documents and Settings\Sliph24\Local Settings\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Documents and Settings\Sliph24\Local Settings\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStor;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Application Data\VirtualStore\Windows\System3;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\AppData\Local\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\AppData\Local\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Applicatio;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualSto;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Application Data\VirtualStore\Windows\System;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Application Data\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\Application Data\VirtualStore\Windows\System32;Probably BINARYRES;;
laf1.exe;C:\Users\Sliph24\Local Settings\Temp;Probably BINARYRES;;
__c00C54E9.dat;C:\Users\Sliph24\Local Settings\VirtualStore\Windows\System32;Probably BINARYRES;;
Hi
Do a search and delete all instances of laf1.exe and __c00C54E9.dat and empty Recycle Bin
After that, re-scan with cure-it and post back a fresh cureit report.
Dr Web found nothing this time around.
Hi
That's nice to hear :)
Any problems left?
Everything is working just fine. Thanks a ton!!! for your help Shabba! Very awesome what you guys do. :)
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above (same instructions should suit for vista, too).
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.