PDA

View Full Version : Clickspring



tmeany91
2007-08-12, 03:13
Hi there!

Recently I have been getting many unwanted pop-ups. I have run a few Anti-spyware/Adware programs and I keep getting the smae program. Clickspring. Many times I have tried deleting this. But it seems to keep coming back up. Any help would be greatly appreciated.

Here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:08:02 PM, on 8/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hphmon06.exe
C:\Windows\system\hpsysdrv.exe
C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
C:\Windows\System32\ps2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\HP_Administrator\Documents\??crosoft\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PKWARE\PKZIPR~1\ZIPREA~1.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\HP_Administrator\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {111F10D5-8E6B-F8BD-1F66-838DCA208FCB} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {404C1081-893B-FDEA-1866-838DCA21D3CC} - C:\Windows\system32\mlt.dll (file missing)
O2 - BHO: (no name) - {41184284-D93D-AAED-1866-838DCA20D5CF} - (no file)
O2 - BHO: (no name) - {6EF7F5E1-3D04-198F-2C05-35B6794CF1C8} - C:\Windows\system32\vmka.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mmur] C:\Program Files\Common Files\mmur\mmurm.exe
O4 - HKCU\..\Run: [Ieuu] "C:\Users\HP_ADM~1\DOCUME~1\CROSOF~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PlayLinc] "C:/Program Files/PlayLinc/PlayLincV.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [Iutm] C:\Users\HP_Administrator\AppData\Roaming\??sks\nopdb.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Thanks for the help

Shaba
2007-08-12, 12:17
Hi tmeany91

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

tmeany91
2007-08-12, 17:56
Last night I have been working alot to try and get rid of the pop-ups, Seems like I have reduced them greatly. See anything suspicious?




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:24 AM, on 8/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hphmon06.exe
C:\Windows\system\hpsysdrv.exe
C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
C:\Windows\System32\ps2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {111F10D5-8E6B-F8BD-1F66-838DCA208FCB} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {404C1081-893B-FDEA-1866-838DCA21D3CC} - C:\Windows\system32\mlt.dll (file missing)
O2 - BHO: (no name) - {41184284-D93D-AAED-1866-838DCA20D5CF} - (no file)
O2 - BHO: (no name) - {6EF7F5E1-3D04-198F-2C05-35B6794CF1C8} - C:\Windows\system32\vmka.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mmur] C:\Program Files\Common Files\mmur\mmurm.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PlayLinc] "C:/Program Files/PlayLinc/PlayLincV.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8454 bytes

Shaba
2007-08-12, 17:58
Hi

Yes, I do.

First install one antivirus from below:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

After that:

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

tmeany91
2007-08-12, 18:28
Deckard's System Scanner v20070809.63
Run by HP_Administrator on 2007-08-12 at 11:16:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
27: 2007-08-12 15:11:36 UTC - RP264 - Installed AVG 7.5
26: 2007-08-12 00:41:28 UTC - RP263 - Windows Defender Checkpoint
25: 2007-08-11 23:23:33 UTC - RP261 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
24: 2007-08-11 06:14:55 UTC - RP260 - Windows Defender Checkpoint
23: 2007-08-11 04:00:09 UTC - RP258 - Scheduled Checkpoint


-- First Restore Point --
1: 2007-07-20 17:47:47 UTC - RP226 - Installed PlayLinc


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1023 MiB (1024 MiB recommended).


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:24 AM, on 8/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hphmon06.exe
C:\Windows\system\hpsysdrv.exe
C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
C:\Windows\System32\ps2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {111F10D5-8E6B-F8BD-1F66-838DCA208FCB} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {404C1081-893B-FDEA-1866-838DCA21D3CC} - C:\Windows\system32\mlt.dll (file missing)
O2 - BHO: (no name) - {41184284-D93D-AAED-1866-838DCA20D5CF} - (no file)
O2 - BHO: (no name) - {6EF7F5E1-3D04-198F-2C05-35B6794CF1C8} - C:\Windows\system32\vmka.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mmur] C:\Program Files\Common Files\mmur\mmurm.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PlayLinc] "C:/Program Files/PlayLinc/PlayLincV.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8454 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 szkg - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS (R) WindowsXP Display Manager>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: ROOT\NET\0001
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC #2
PNP Device ID: ROOT\NET\0001
Service: rtl8139


-- Scheduled Tasks -------------------------------------------------------------

2007-08-12 11:20:12 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{02CA507D-7E87-4F90-981E-B2E99EDC7BA2}.job


-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 11:12:23 0 d-------- C:\Users\All Users\Grisoft
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\avg7
2007-08-12 10:53:02 0 d-------- C:\Program Files\Trend Micro
2007-08-11 19:24:35 0 d-------- C:\Program Files\STOPzilla!
2007-08-11 19:24:34 0 d-------- C:\Program Files\Common Files\iS3
2007-08-11 19:24:33 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-09 18:26:58 225280 -ra------ C:\Windows\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-08-09 18:20:32 28928 -ra------ C:\Windows\system32\drivers\SZKG.sys <Not Verified; iS3 Inc.; Stopzilla>
2007-08-07 13:30:58 126976 -ra------ C:\Windows\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:30:50 294912 -ra------ C:\Windows\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:30:00 372736 -ra------ C:\Windows\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:44 69632 -ra------ C:\Windows\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:24 23040 -ra------ C:\Windows\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:06 184320 -ra------ C:\Windows\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:46 94208 -ra------ C:\Windows\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:32 90112 -ra------ C:\Windows\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:06 688128 -ra------ C:\Windows\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-06 11:51:12 0 d-------- C:\Windows\Roaming
2007-08-04 23:04:08 0 d-------- C:\Windows\??crosoft.NET
2007-08-03 12:34:06 0 d-------- C:\Program Files\s?curity
2007-08-03 09:27:06 0 d-------- C:\Program Files\Disney
2007-07-23 21:30:37 0 d-------- C:\Windows\system32\?ppPatch
2007-07-23 15:13:20 0 d-------- C:\Program Files\SpeedItUpFree
2007-07-20 13:49:15 0 d-------- C:\Users\HP_Administrator\{fdd8db00-7b91-4f7a-b21d-6f81fb91fe54}
2007-07-20 13:35:48 0 d-------- C:\Program Files\Xfire Plus
2007-07-18 09:06:38 0 d-------- C:\Windows\system32\W?nSxS
2007-07-12 14:06:16 0 d-------- C:\Program Files\Flash Slideshow Generator
2007-07-12 10:49:31 0 d--h----- C:\Windows\PIF
2007-07-12 10:29:50 0 d-------- C:\Users\All Users\FLEXnet
2007-07-12 10:26:01 0 d-------- C:\Program Files\Bonjour
2007-07-12 10:13:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2007-08-12 11:14:24 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\AVG7
2007-08-11 20:37:51 2 --a------ C:\Windows\system32\wnstsicomsv.exe
2007-08-11 20:37:49 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??sks
2007-08-11 20:37:05 0 d-------- C:\Program Files\WildTangent
2007-08-11 19:24:34 0 d-------- C:\Program Files\Common Files
2007-08-11 17:04:40 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-11 15:27:27 0 d-------- C:\Program Files\StepMania <STEPMA~1>
2007-08-07 22:01:30 0 d-------- C:\Program Files\PlayLinc
2007-08-07 16:10:02 0 d-------- C:\Program Files\World of Warcraft
2007-08-06 13:11:29 0 d-------- C:\Program Files\verizon
2007-08-03 20:04:23 0 d-------- C:\Program Files\YouTube Downloader
2007-08-03 12:34:06 0 d-------- C:\Program Files\s?curity
2007-08-02 21:00:50 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\BitTorrent
2007-07-23 15:13:11 724992 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-22 11:13:42 0 d-------- C:\Program Files\W?nSxS
2007-07-22 11:09:55 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\teamspeak2
2007-07-20 17:12:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Simple Star
2007-07-20 13:36:41 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Xfire Plus
2007-07-12 20:26:29 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Adobe
2007-07-12 10:25:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-12 07:53:22 0 d-------- C:\Program Files\Windows Mail
2007-07-10 12:48:29 0 d-------- C:\Program Files\Replay Media Catcher
2007-07-08 11:49:43 0 d-------- C:\Program Files\?dobe
2007-07-04 12:48:47 0 d-------- C:\Program Files\PKWARE
2007-07-04 12:48:47 0 d-------- C:\Program Files\Common Files\PKWARE
2007-07-04 12:38:55 0 d-------- C:\Program Files\WinZip Self-Extractor
2007-07-04 10:27:53 0 d-------- C:\Program Files\??mantec
2007-07-03 11:59:38 0 d-------- C:\Program Files\BadgeHelp
2007-07-02 07:06:00 0 d-------- C:\Program Files\Common Files\M?crosoft
2007-07-01 20:15:03 0 d-------- C:\Program Files\AIM6
2007-07-01 20:13:52 0 d-------- C:\Program Files\Common Files\AOL
2007-06-25 12:59:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 19:50:01 0 d-------- C:\Program Files\IncrediMail
2007-06-22 08:07:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Move Networks
2007-06-18 20:48:10 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??crosoft.NET
2007-06-18 06:50:17 0 d-------- C:\Program Files\iTunes
2007-06-18 06:50:12 0 d-------- C:\Program Files\iPod
2007-06-18 06:43:57 0 d-------- C:\Program Files\QuickTime
2007-06-16 17:44:26 0 d-------- C:\Program Files\Common Files\?racle
2007-06-15 17:06:59 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??curity
2007-06-15 07:17:51 0 d-------- C:\Program Files\InetGet2
2007-06-15 07:14:50 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\WinAntiSpyware 2007
2007-06-15 07:13:56 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-06-15 07:13:41 0 d-------- C:\Program Files\HP
2007-06-15 07:13:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-06-03 09:43:32 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-05-31 16:48:20 1570 --a------ C:\Users\HP_Administrator\AppData\Roaming\wklnhst.dat

tmeany91
2007-08-12, 18:32
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{111F10D5-8E6B-F8BD-1F66-838DCA208FCB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{404C1081-893B-FDEA-1866-838DCA21D3CC}]
C:\Windows\system32\mlt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41184284-D93D-AAED-1866-838DCA20D5CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EF7F5E1-3D04-198F-2C05-35B6794CF1C8}]
C:\Windows\system32\vmka.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 03:01 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 10:42 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 10:53 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/21/2004 02:55 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/15/2004 01:54 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 08:57 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/15/2004 12:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/05/2004 06:30 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/05/2004 08:14 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/09/2006 09:55 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/09/2006 09:55 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/09/2006 09:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 04:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/12/2007 11:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"mmur"="C:\Program Files\Common Files\mmur\mmurm.exe" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [05/29/2007 09:34 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [03/01/2007 07:11 PM]
"PlayLinc"="C:/Program Files/PlayLinc/PlayLincV.exe" [12/22/2006 06:01 PM C:\Program Files\PlayLinc\PlayLincV.exe]
"SpeedItUpEX"="C:\Program Files\SpeedItUpFree\SpeedItUp.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 9:31:38 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [12/10/2004 12:02:55 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [11/5/2004 9:25:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGMFX86

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

tmeany91
2007-08-12, 18:34
Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 1022.75 MiB / 327.92 MiB
Pagefile Memory (total/avail): 2524.98 MiB / 1504.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.64 MiB

C: is Fixed (NTFS) - 226.99 GiB total, 57.67 GiB free.
D: is Fixed (FAT32) - 6.74 GiB total, 0.68 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\HP_Administrator\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-9EFCB93C24
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\HP_Administrator
LOCALAPPDATA=C:\Users\HP_Administrator\AppData\Local
LOGONSERVER=\\YOUR-9EFCB93C24
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\HP_ADM~1\AppData\Local\Temp
TMP=C:\Users\HP_ADM~1\AppData\Local\Temp
USERDOMAIN=YOUR-9EFCB93C24
USERNAME=HP_Administrator
USERPROFILE=C:\Users\HP_Administrator
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Renee.YOUR-9EFCB93C24 (admin)
Alyssa.YOUR-9EFCB93C24.000
Tim (admin)
Administrator (new local)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
1CLICK DVD Movie 3.0.0.5 --> "C:\Program Files\LG Software Innovations\1CLICK DVD Movie\unins000.exe"
AC-3 ACM Codec --> C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AC3ACM.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> C:\Program Files\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup --> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Pro --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitTorrent 5.0.7 --> "C:\Program Files\BitTorrent\uninstall.exe"
CloneDVD 4.0 --> "C:\Program Files\CloneDVD\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Gold 2.9.6.2 --> "C:\Program Files\DVDFab Gold\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ffdshow [beta 1] [2006-12-11] --> "C:\Program Files\ffdshow\unins000.exe"
Flash Slideshow Generator 2.1.4 --> "C:\Program Files\Flash Slideshow Generator\unins000.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Guild Wars --> "C:\Guild Wars\Gw.exe" -uninstall
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Image Zone Plus 4.2.3 --> C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Tunes --> MsiExec.exe /X{C9DC1E02-D0D4-4642-BCF5-20B0E487B6CC}
HPIZ423 --> MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTube 2.1 --> "C:\Program Files\iTube\unins000.exe"
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Outlook Connector --> MsiExec.exe /I{95FC84C0-9F15-4831-8605-396FDC42071D}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Users\HP_Administrator\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
muvee autoProducer 3.5 magicMoments - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
muvee autoProducer unPlugged - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero PhotoShow Deluxe 5 --> "C:\Program Files\Nero\PhotoShow 5\data\Xtras\Uninstall.exe"
Norton Personal Firewall --> MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PlayLinc --> MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Replay Media Catcher --> "C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
STOPzilla --> MsiExec.exe /X{5CDBF375-E545-4043-BF4B-9BDC6A1366EE}
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54 --> "C:\Program Files\Turbine\The Lord of the Rings Online\unins000.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Video to Audio Converter 3 --> C:\Program Files\Xilisoft\Video to Audio Converter 3\Uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
ZIP Reader 8.00.0018 --> MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}


-- Application Event Log -------------------------------------------------------

Event ID #6898: Success
Event Submitted/Written: 08/11/2007 11:32:36 PM
Event Source: WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully

Event ID #6897: Success
Event Submitted/Written: 08/11/2007 11:32:35 PM
Event Source: WinMgmt
Event Description:
Windows Management Instrumentation Service started sucessfully

Event ID #6892: Success
Event Submitted/Written: 08/11/2007 11:32:23 PM
Event Source: Software Licensing Service
Event Description:
The Software Licensing service has started.

Event ID #6884: Success
Event Submitted/Written: 08/11/2007 11:28:56 PM
Event Source: WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully

Event ID #6883: Success
Event Submitted/Written: 08/11/2007 11:28:55 PM
Event Source: WinMgmt
Event Description:
Windows Management Instrumentation Service started sucessfully

tmeany91
2007-08-12, 18:35
-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #36042: Warning
Event Submitted/Written: 08/12/2007 11:21:47 AM
Event Source: WinDefend
Event Description:
%YOUR-9EFCB93C2427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9EFCB93C2427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9EFCB93C24275

Scan ID: {72F88026-E326-4E39-86A3-CE3F62147A74}

User: YOUR-9EFCB93C24\HP_Administrator

Name: %YOUR-9EFCB93C24271

ID: %YOUR-9EFCB93C24272

Severity ID: %YOUR-9EFCB93C24273

Category ID: %YOUR-9EFCB93C24274

Path Found: %YOUR-9EFCB93C24276

Alert Type: %YOUR-9EFCB93C24278

Detection Type: 1.1.1505.02

Event ID #36041: Warning
Event Submitted/Written: 08/12/2007 11:21:47 AM
Event Source: WinDefend
Event Description:
%YOUR-9EFCB93C2427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9EFCB93C2427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9EFCB93C24275

Scan ID: {D8383F1D-C3AF-4F0B-9175-3053BF42DBB5}

User: YOUR-9EFCB93C24\HP_Administrator

Name: %YOUR-9EFCB93C24271

ID: %YOUR-9EFCB93C24272

Severity ID: %YOUR-9EFCB93C24273

Category ID: %YOUR-9EFCB93C24274

Path Found: %YOUR-9EFCB93C24276

Alert Type: %YOUR-9EFCB93C24278

Detection Type: 1.1.1505.02

Event ID #36040: Warning
Event Submitted/Written: 08/12/2007 11:21:47 AM
Event Source: WinDefend
Event Description:
%YOUR-9EFCB93C2427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9EFCB93C2427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9EFCB93C24275

Scan ID: {E4773699-5E50-40CB-AF2C-A95D9C7C924A}

User: YOUR-9EFCB93C24\HP_Administrator

Name: %YOUR-9EFCB93C24271

ID: %YOUR-9EFCB93C24272

Severity ID: %YOUR-9EFCB93C24273

Category ID: %YOUR-9EFCB93C24274

Path Found: %YOUR-9EFCB93C24276

Alert Type: %YOUR-9EFCB93C24278

Detection Type: 1.1.1505.02

Event ID #36039: Warning
Event Submitted/Written: 08/12/2007 11:21:44 AM
Event Source: WinDefend
Event Description:
%YOUR-9EFCB93C2427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9EFCB93C2427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9EFCB93C24275

Scan ID: {638E195E-9ADE-40A6-BAE9-9FA59F524C07}

User: YOUR-9EFCB93C24\HP_Administrator

Name: %YOUR-9EFCB93C24271

ID: %YOUR-9EFCB93C24272

Severity ID: %YOUR-9EFCB93C24273

Category ID: %YOUR-9EFCB93C24274

Path Found: %YOUR-9EFCB93C24276

Alert Type: %YOUR-9EFCB93C24278

Detection Type: 1.1.1505.02

Event ID #36038: Warning
Event Submitted/Written: 08/12/2007 11:21:44 AM
Event Source: WinDefend
Event Description:
%YOUR-9EFCB93C2427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-9EFCB93C2427 can't undo changes that you allow.

For more information please see the following:
%YOUR-9EFCB93C24275

Scan ID: {25672183-FAEF-4243-A4BF-3C384224EFA2}

User: YOUR-9EFCB93C24\HP_Administrator

Name: %YOUR-9EFCB93C24271

ID: %YOUR-9EFCB93C24272

Severity ID: %YOUR-9EFCB93C24273

Category ID: %YOUR-9EFCB93C24274

Path Found: %YOUR-9EFCB93C24276

Alert Type: %YOUR-9EFCB93C24278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-08-12 at 11:22:38 ---------

Shaba
2007-08-12, 19:38
Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {111F10D5-8E6B-F8BD-1F66-838DCA208FCB} - (no file)
O2 - BHO: (no name) - {404C1081-893B-FDEA-1866-838DCA21D3CC} - C:\Windows\system32\mlt.dll (file missing)
O2 - BHO: (no name) - {41184284-D93D-AAED-1866-838DCA20D5CF} - (no file)
O2 - BHO: (no name) - {6EF7F5E1-3D04-198F-2C05-35B6794CF1C8} - C:\Windows\system32\vmka.dll (file missing)
O4 - HKCU\..\Run: [mmur] C:\Program Files\Common Files\mmur\mmurm.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

Close all windows including browser and press fix checked.

Reboot.

Delete this:

C:\Windows\system32\wnstsicomsv.exe

Empty Recycle Bin

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed (http://www.outerinfo.com/howto.html)

Reboot.

Re-run dss

Post:

- a fresh dss log.

tmeany91
2007-08-12, 20:43
Deckard's System Scanner v20070809.63
Run by HP_Administrator on 2007-08-12 at 13:35:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1023 MiB (1024 MiB recommended).


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:56 PM, on 8/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hphmon06.exe
C:\Windows\system\hpsysdrv.exe
C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PlayLinc] "C:/Program Files/PlayLinc/PlayLincV.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)

--
End of file - 8374 bytes

-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 11:43:08 0 dr-h----- C:\$VAULT$.AVG
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\Grisoft
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\avg7
2007-08-12 10:53:02 0 d-------- C:\Program Files\Trend Micro
2007-08-11 19:24:35 0 d-------- C:\Program Files\STOPzilla!
2007-08-11 19:24:34 0 d-------- C:\Program Files\Common Files\iS3
2007-08-11 19:24:33 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-09 18:26:58 225280 -ra------ C:\Windows\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-08-09 18:20:32 28928 -ra------ C:\Windows\system32\drivers\SZKG.sys <Not Verified; iS3 Inc.; Stopzilla>
2007-08-07 13:30:58 126976 -ra------ C:\Windows\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:30:50 294912 -ra------ C:\Windows\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:30:00 372736 -ra------ C:\Windows\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:44 69632 -ra------ C:\Windows\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:24 23040 -ra------ C:\Windows\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:06 184320 -ra------ C:\Windows\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:46 94208 -ra------ C:\Windows\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:32 90112 -ra------ C:\Windows\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:06 688128 -ra------ C:\Windows\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-06 11:51:12 0 d-------- C:\Windows\Roaming
2007-08-04 23:04:08 0 d-------- C:\Windows\??crosoft.NET
2007-08-03 12:34:06 0 d-------- C:\Program Files\s?curity
2007-08-03 09:27:06 0 d-------- C:\Program Files\Disney
2007-07-23 21:30:37 0 d-------- C:\Windows\system32\?ppPatch
2007-07-23 15:13:20 0 d-------- C:\Program Files\SpeedItUpFree
2007-07-20 13:49:15 0 d-------- C:\Users\HP_Administrator\{fdd8db00-7b91-4f7a-b21d-6f81fb91fe54}
2007-07-20 13:35:48 0 d-------- C:\Program Files\Xfire Plus
2007-07-18 09:06:38 0 d-------- C:\Windows\system32\W?nSxS
2007-07-12 14:06:16 0 d-------- C:\Program Files\Flash Slideshow Generator
2007-07-12 10:49:31 0 d--h----- C:\Windows\PIF
2007-07-12 10:29:50 0 d-------- C:\Users\All Users\FLEXnet
2007-07-12 10:26:01 0 d-------- C:\Program Files\Bonjour
2007-07-12 10:13:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2007-08-12 11:51:05 0 d-------- C:\Program Files\AIM
2007-08-12 11:14:24 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\AVG7
2007-08-11 20:37:49 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??sks
2007-08-11 20:37:05 0 d-------- C:\Program Files\WildTangent
2007-08-11 19:24:34 0 d-------- C:\Program Files\Common Files
2007-08-11 17:04:40 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-11 15:27:27 0 d-------- C:\Program Files\StepMania <STEPMA~1>
2007-08-07 22:01:30 0 d-------- C:\Program Files\PlayLinc
2007-08-07 16:10:02 0 d-------- C:\Program Files\World of Warcraft
2007-08-06 13:11:29 0 d-------- C:\Program Files\verizon
2007-08-03 20:04:23 0 d-------- C:\Program Files\YouTube Downloader
2007-08-03 12:34:06 0 d-------- C:\Program Files\s?curity
2007-08-02 21:00:50 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\BitTorrent
2007-07-23 15:13:11 724992 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-22 11:13:42 0 d-------- C:\Program Files\W?nSxS
2007-07-22 11:09:55 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\teamspeak2
2007-07-20 17:12:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Simple Star
2007-07-20 13:36:41 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Xfire Plus
2007-07-12 20:26:29 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Adobe
2007-07-12 10:25:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-12 07:53:22 0 d-------- C:\Program Files\Windows Mail
2007-07-10 12:48:29 0 d-------- C:\Program Files\Replay Media Catcher
2007-07-08 11:49:43 0 d-------- C:\Program Files\?dobe
2007-07-04 12:48:47 0 d-------- C:\Program Files\PKWARE
2007-07-04 12:48:47 0 d-------- C:\Program Files\Common Files\PKWARE
2007-07-04 12:38:55 0 d-------- C:\Program Files\WinZip Self-Extractor
2007-07-04 10:27:53 0 d-------- C:\Program Files\??mantec
2007-07-03 11:59:38 0 d-------- C:\Program Files\BadgeHelp
2007-07-02 07:06:00 0 d-------- C:\Program Files\Common Files\M?crosoft
2007-07-01 20:15:03 0 d-------- C:\Program Files\AIM6
2007-07-01 20:13:52 0 d-------- C:\Program Files\Common Files\AOL
2007-06-25 12:59:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 19:50:01 0 d-------- C:\Program Files\IncrediMail
2007-06-22 08:07:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Move Networks
2007-06-18 20:48:10 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??crosoft.NET
2007-06-18 06:50:17 0 d-------- C:\Program Files\iTunes
2007-06-18 06:50:12 0 d-------- C:\Program Files\iPod
2007-06-18 06:43:57 0 d-------- C:\Program Files\QuickTime
2007-06-16 17:44:26 0 d-------- C:\Program Files\Common Files\?racle
2007-06-15 17:06:59 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??curity
2007-06-15 07:17:51 0 d-------- C:\Program Files\InetGet2
2007-06-15 07:14:50 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\WinAntiSpyware 2007
2007-06-15 07:13:56 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-06-15 07:13:41 0 d-------- C:\Program Files\HP
2007-06-15 07:13:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-31 16:48:20 1570 --a------ C:\Users\HP_Administrator\AppData\Roaming\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 03:01 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 10:42 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 10:53 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/21/2004 02:55 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/15/2004 01:54 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 08:57 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/15/2004 12:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/05/2004 06:30 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/05/2004 08:14 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/09/2006 09:55 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/09/2006 09:55 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/09/2006 09:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 04:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/12/2007 11:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [05/29/2007 09:34 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [03/01/2007 07:11 PM]
"PlayLinc"="C:/Program Files/PlayLinc/PlayLincV.exe" [12/22/2006 06:01 PM C:\Program Files\PlayLinc\PlayLincV.exe]
"SpeedItUpEX"="C:\Program Files\SpeedItUpFree\SpeedItUp.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

tmeany91
2007-08-12, 20:44
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 9:31:38 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [12/10/2004 12:02:55 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [11/5/2004 9:25:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-12 at 13:36:51 ---------

Shaba
2007-08-12, 20:54
Hi


Please click Start > Run and type in: services.msc
Click OK
In the Services window find: VundoFix Service (VundoFixSvc)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete VundoFixSvc
Click: OK

Reboot

Delete these using Windows Explorer (warning: don't delete any folders if creation date isn't the same!!! You might end up deleting some vital folder otherwise):

C:\Windows\??crosoft.NET (might look like Microsoft.NET and created 2007-08-04)
C:\Program Files\s?curity ( might look like security and created 2007-08-03)
C:\Windows\system32\?ppPatch (might look like AppPatch and created 2007-07-23)
C:\Windows\system32\W?nSxS (might look like WinSxS and created 2007-07-18 )
C:\Program Files\s?curity ( might look like security and created 2007-08-03)
C:\Program Files\?dobe (might look like Adobe and created 2007-07-08)
C:\Program Files\??mantec (might look like Symantec and created 2007-07-04)
C:\Program Files\Common Files\?racle (might look like Oracle and created 2007-06-16 )
C:\Users\HP_Administrator\AppData\Roaming\??curity ( might look like security and created 2007-06-15
C:\Program Files\InetGet2
C:\Users\HP_Administrator\AppData\Roaming\WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007

Empty Recycle Bin

Re-run dss

Post:

- a fresh dss log.

tmeany91
2007-08-13, 01:06
Deckard's System Scanner v20070809.63
Run by HP_Administrator on 2007-08-12 at 18:03:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1023 MiB (1024 MiB recommended).


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:56 PM, on 8/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hphmon06.exe
C:\Windows\system\hpsysdrv.exe
C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PlayLinc] "C:/Program Files/PlayLinc/PlayLincV.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)

--
End of file - 8374 bytes

-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 11:43:08 0 dr-h----- C:\$VAULT$.AVG
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\Grisoft
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\avg7
2007-08-12 10:53:02 0 d-------- C:\Program Files\Trend Micro
2007-08-11 19:24:35 0 d-------- C:\Program Files\STOPzilla!
2007-08-11 19:24:34 0 d-------- C:\Program Files\Common Files\iS3
2007-08-11 19:24:33 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-09 18:26:58 225280 -ra------ C:\Windows\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-08-09 18:20:32 28928 -ra------ C:\Windows\system32\drivers\SZKG.sys <Not Verified; iS3 Inc.; Stopzilla>
2007-08-07 13:30:58 126976 -ra------ C:\Windows\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:30:50 294912 -ra------ C:\Windows\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:30:00 372736 -ra------ C:\Windows\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:44 69632 -ra------ C:\Windows\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:24 23040 -ra------ C:\Windows\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:29:06 184320 -ra------ C:\Windows\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:46 94208 -ra------ C:\Windows\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:32 90112 -ra------ C:\Windows\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-07 13:28:06 688128 -ra------ C:\Windows\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-08-06 11:51:12 0 d-------- C:\Windows\Roaming
2007-08-03 09:27:06 0 d-------- C:\Program Files\Disney
2007-07-23 15:13:20 0 d-------- C:\Program Files\SpeedItUpFree
2007-07-20 13:49:15 0 d-------- C:\Users\HP_Administrator\{fdd8db00-7b91-4f7a-b21d-6f81fb91fe54}
2007-07-20 13:35:48 0 d-------- C:\Program Files\Xfire Plus
2007-07-12 14:06:16 0 d-------- C:\Program Files\Flash Slideshow Generator
2007-07-12 10:49:31 0 d--h----- C:\Windows\PIF
2007-07-12 10:29:50 0 d-------- C:\Users\All Users\FLEXnet
2007-07-12 10:26:01 0 d-------- C:\Program Files\Bonjour
2007-07-12 10:13:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2007-08-12 17:08:30 0 d-------- C:\Program Files\Common Files
2007-08-12 11:51:05 0 d-------- C:\Program Files\AIM
2007-08-12 11:14:24 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\AVG7
2007-08-11 20:37:49 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??sks
2007-08-11 20:37:05 0 d-------- C:\Program Files\WildTangent
2007-08-11 17:04:40 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-11 15:27:27 0 d-------- C:\Program Files\StepMania <STEPMA~1>
2007-08-07 22:01:30 0 d-------- C:\Program Files\PlayLinc
2007-08-07 16:10:02 0 d-------- C:\Program Files\World of Warcraft
2007-08-06 13:11:29 0 d-------- C:\Program Files\verizon
2007-08-03 20:04:23 0 d-------- C:\Program Files\YouTube Downloader
2007-08-02 21:00:50 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\BitTorrent
2007-07-23 15:13:11 724992 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-22 11:13:42 0 d-------- C:\Program Files\W?nSxS
2007-07-22 11:09:55 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\teamspeak2
2007-07-20 17:12:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Simple Star
2007-07-20 13:36:41 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Xfire Plus
2007-07-12 20:26:29 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Adobe
2007-07-12 10:25:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-12 07:53:22 0 d-------- C:\Program Files\Windows Mail
2007-07-10 12:48:29 0 d-------- C:\Program Files\Replay Media Catcher
2007-07-04 12:48:47 0 d-------- C:\Program Files\PKWARE
2007-07-04 12:48:47 0 d-------- C:\Program Files\Common Files\PKWARE
2007-07-04 12:38:55 0 d-------- C:\Program Files\WinZip Self-Extractor
2007-07-03 11:59:38 0 d-------- C:\Program Files\BadgeHelp
2007-07-02 07:06:00 0 d-------- C:\Program Files\Common Files\M?crosoft
2007-07-01 20:15:03 0 d-------- C:\Program Files\AIM6
2007-07-01 20:13:52 0 d-------- C:\Program Files\Common Files\AOL
2007-06-25 12:59:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 19:50:01 0 d-------- C:\Program Files\IncrediMail
2007-06-22 08:07:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Move Networks
2007-06-18 20:48:10 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\??crosoft.NET
2007-06-18 06:50:17 0 d-------- C:\Program Files\iTunes
2007-06-18 06:50:12 0 d-------- C:\Program Files\iPod
2007-06-18 06:43:57 0 d-------- C:\Program Files\QuickTime
2007-06-15 07:13:41 0 d-------- C:\Program Files\HP
2007-06-15 07:13:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-31 16:48:20 1570 --a------ C:\Users\HP_Administrator\AppData\Roaming\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 03:01 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 10:42 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 10:53 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/21/2004 02:55 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/15/2004 01:54 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 08:57 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/15/2004 12:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/05/2004 06:30 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/05/2004 08:14 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/09/2006 09:55 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/09/2006 09:55 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/09/2006 09:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 04:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/12/2007 11:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [05/29/2007 09:34 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [03/01/2007 07:11 PM]
"PlayLinc"="C:/Program Files/PlayLinc/PlayLincV.exe" [12/22/2006 06:01 PM C:\Program Files\PlayLinc\PlayLincV.exe]
"SpeedItUpEX"="C:\Program Files\SpeedItUpFree\SpeedItUp.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 9:31:38 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [12/10/2004 12:02:55 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [11/5/2004 9:25:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-08-12 at 18:05:04 --------

Shaba
2007-08-13, 12:00
Hi

Still three folder deletions

Delete these using Windows Explorer (warning: don't delete any folders if creation date isn't the same!!! You might end up deleting some vital folder otherwise):

C:\Users\HP_Administrator\AppData\Roaming\??sks (might look like tasks and created 2007-08-11)
C:\Users\HP_Administrator\AppData\Roaming\??crosoft.NET
(might look like Microsoft.NET and created 2007-06-18)
C:\Program Files\W?nSxS (might look like WinSxS and created on 2007-07-22)

Empty Recycle Bin

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Re-run dss

Post:

- a fresh dss log
- kaspersky report

tmeany91
2007-08-14, 00:48
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, August 13, 2007 5:45:13 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/08/2007
Kaspersky Anti-Virus database records: 379478
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 349889
Number of viruses found: 23
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 05:24:43

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20070812133548\backup\Windows\Downloaded Program Files\A18X.ocx Infected: not-a-virus:AdWare.Win32.Look2Me.aj skipped
C:\Deckard\System Scanner\20070812133548\backup\Windows\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\Downloads\DinerDashSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Downloads\PedalToTheMetalSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\iTunes\About iTunes.rtf Object is locked skipped
C:\iTunes\Acknowledgements.rtf Object is locked skipped
C:\iTunes\CD Configuration\gcdrdll.cfg Object is locked skipped
C:\iTunes\CD Configuration\gcdroem.cfg Object is locked skipped
C:\iTunes\CD Configuration\gcdrtype.cfg Object is locked skipped
C:\iTunes\CDDBControlApple.dll Object is locked skipped
C:\iTunes\ITDetector.ocx Object is locked skipped
C:\iTunes\iTunes.exe Object is locked skipped
C:\iTunes\iTunesHelper.exe Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.dll Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.exe Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00002.dll Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00003.dll Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00004.dll Object is locked skipped
C:\Program Files\DAP\History\Alyssa\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060226.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060312.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060319.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060423.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060514.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060521.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060528.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060604.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060611.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060618.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Administrator\20060702.dat Object is locked skipped
C:\Program Files\DAP\History\Tyler\20060507.dat Object is locked skipped
C:\Program Files\FunWebProducts\Installr\5.bin\F3EZSETP.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174223618 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174242813 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174331018 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174341443 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174438282 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174648062 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174745556 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174936961 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1175637099 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\A928756C-7876-4F0D-A0D0-EDECA0\95F9F468-5269-4533-B757-E086D3 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_deluxe_5_setup[1].exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_deluxe_5_setup[1].exe NSIS: infected - 1 skipped
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbAds.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped
C:\ProgramData\Broderbund Software\Print\The Print Shop\20.0\Books\Sender\Sender.abk Object is locked skipped
C:\ProgramData\Broderbund Software\Print\The Print Shop\20.0\PMWPRINT.INI Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\21ded613f2be71a66f3104061ddb00d3_49dd1261-1359-46b9-9b8b-659fe2ec4a3f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\4206e00ba6a80722ecd036032a758fd2_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\83320cbce31cfa1325098a331b85029b_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\bedc95da519ab207be750f9b3abf1734_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02d93c243f384f2c0b0e36807d37423a_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\049c931863d5f16e76cf795a2dfafeab_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0cf0de67dfdef7fbc48adb915c02e7fa_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d1c88197c361dcd34bd033edd67306a_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0de14ff624c82c5bda494d4bda73e8f3_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1130bbf3f2addfeec0ff422d60b9a1cc_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15237b473298fe06a5cf9a868533d67d_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a32f11ae5da74d1d0ece6632779c55f_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1aadf86c36fd6c39f934ccdcc4d04582_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1ebbc684fdcfe51741001a329bce71ba_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21abf5c9f67115e13f37b5ba35790277_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\228ba2ffcd52034d2b23711179d93829_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2aec1a738d0f6c09788893baa0dafde4_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2cc2d4079f06945709e8985ac69d4343_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2eedb6514972b8caa564d5982333b405_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fa9306bbfea733826cc68e2265accf6_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\331b54285e1ccb22db7d871a2fbc6e56_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36c1c3ccfcf0ce84cd361b9ad2ae3525_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3788568b86043622c45af7673592970b_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37892c8c2a2543f1f0a19d182b94f47e_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a8848daff57263bb5bca5eddab77b13_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\406ed26e1e3e20cae0ea80978f6c1fb1_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\412fa33f8111b2b576eb0dd4878a4c77_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f958e44d6766997eb23cc85464f9f0c_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51001f46654dd719f44ed9a60a313e5b_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51f3c05a5badfd36546f8b2dc661dc6c_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\585bfeac469cd743af3b88a634f7ed02_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\600ae0dce6e7da93c00cf4a730664f85_49dd1261-1359-46b9-9b8b-659fe2ec4a3f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\649462b1d421e76e2486f79f295b7c08_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\674d5647f82dd436007810844126ffa3_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\67d00919330e34e5d11ce12e08c3fa67_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6be1c11055d80dc998d2c0091cddedd0_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b121b081798edcc5604219fb1c370ab_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d83da771d75920be82e65971a13fccd_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81a77f8c5e48ecae9658f5c783ef4081_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84c5ee4590f099018201a178b87f5543_49dd1261-1359-46b9-9b8b-659fe2ec4a3f Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a118820310226e8b2b9e9ca370423e0_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a8e536bdc122bdca34990342759d7e8_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b41f996d94601ecef8d68c2642dd0fe_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ea934660e54f33634861c3a27ad98d1_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92c23ffa106bfde2f810e5ce4759c795_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97e76cf8b612b8b5c9af00736dc091b9_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9e53b72703fa26234cb51b2ae8fbef5e_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f0077fa5d84c329425f9de5037bed56_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4fa29a4a21213ce6d206ad72549f3e2_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a9113c00170c266a27a71b2671274d7d_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b68a7fed5afa97f094d1fc7a2c51ce16_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b98c727527490ab9a75dc15a43b3a905_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped

tmeany91
2007-08-14, 00:49
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bd617d2a63a0588e7c38e235311f4139_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bd9f0b1b2c5fce2bd322b71e45cd27cf_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bdcbbe62ab7e0e22f177923ec1bc67e6_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1d38689fdd4bd0b6c88020748d951e6_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c683c1339f7e9b1b294b0ee9f23d0e1d_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c6944a87d838e92a3be806e42368a57c_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c9184cae3c54560950e68f2661940949_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc41696555521b8deb0e70812b2b37d9_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d301e6d5cc155e02cd27cb162be53330_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d340fcd9acdb4cdc90aa0f5137537b01_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3fff7bbf182fe0ba278a5c2b39c7dff_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de07b0227df3a6a84b4420d2e03ac2ea_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5846b42e214d0dfb181c9b754aa7560_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5cb52f57e393839aa21a0857bdd80ec_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef518c2889c2e16c7d80ad298c13fe31_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f08de26d5e459c005789cc0ff76b1958_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9906e62dda62d0375e7a09567ea7954_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa98d19402d0a5f8f5834ae21d12804e_dc3b12ed-6040-466b-aa50-1384e81ccec2 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_49dd1261-1359-46b9-9b8b-659fe2ec4a3f Object is locked skipped
C:\ProgramData\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.122.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.122.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy1187.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2C1C.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2C4C.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\Alyssas room.bmp.41fc3d83.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0001.JPG.421610e0.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0003.JPG.42161100.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0004.JPG.42166b3e.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0005.JPG.42166b48.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0006.JPG.42166b58.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0008.JPG.42166c40.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0009.JPG.4216706c.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0010.JPG.42167080.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0011.JPG.421670bc.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0012.JPG.42167116.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\CIMG0013.JPG.42167136.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\hdrCenterLogo.gif.420522d7.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG0.JPG.3eeaa998.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG1.jpg.3eeaa980.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG10.jpg.3eeaa7c4.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG11.jpg.3eeaa7c4.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG12.jpg.3eeaa7c4.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG13.jpg.3eeaa9a4.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG2.JPG.3eeaa9ac.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG3.JPG.3eeaa9b6.mce.bmp Object is locked skipped
C:\ProgramData\muvee Technologies\030625\scratch\IMG4.JPG.3eeaa9c0.mce.bmp Object is locked skipped
C:\System Volume Information\_restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2\A0001413.exe Object is locked skipped
C:\Users\Alyssa\Desktop\New Folder (4)\New Folder (2)\Titan[1].1.25.1600.zip/Adobe_Photoshop.zip/crack.exe Infected: Trojan.Win32.LowZones.cw skipped
C:\Users\Alyssa\Desktop\New Folder (4)\New Folder (2)\Titan[1].1.25.1600.zip/Adobe_Photoshop.zip Infected: Trojan.Win32.LowZones.cw skipped
C:\Users\Alyssa\Desktop\New Folder (4)\New Folder (2)\Titan[1].1.25.1600.zip ZIP: infected - 2 skipped
C:\Users\Alyssa\Desktop\Trillian.zip/crack.exe Infected: Trojan.Win32.LowZones.cw skipped
C:\Users\Alyssa\Desktop\Trillian.zip ZIP: infected - 1 skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\P00R5PCH\cracks4u[1].htm Infected: Trojan-Downloader.JS.IstBar.y skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\Q9BKLOJ2\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\S3R3QKD9\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\S3R3QKD9\prompt[2].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\S3R3QKD9\Trillian[1].zip/crack.exe Infected: Trojan.Win32.LowZones.cw skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\S3R3QKD9\Trillian[1].zip ZIP: infected - 1 skipped
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5\ZN9R7L4S\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Users\Alyssa.YOUR-9EFCB93C24.000\AppData\Local\Temp\tmp6D2F.tmp.dll Object is locked skipped
C:\Users\Alyssa.YOUR-9EFCB93C24.000\AppData\Local\Temp\tmp6D2F.tmp.exe Object is locked skipped
C:\Users\Alyssa.YOUR-9EFCB93C24.000\AppData\Local\Temp\tmp7B93.tmp.exe Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\AOL OCP\AIM\Storage\data\tjmeany07\localStorage\common.cls Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\LightScribe\log\log664.txt Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLD79DRR\106919[5].dat Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{cca4268d-e5ff-11db-bd4a-00112fd9b525}.TM.blf Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{cca4268d-e5ff-11db-bd4a-00112fd9b525}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{cca4268d-e5ff-11db-bd4a-00112fd9b525}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{0F35452A-F153-4226-9844-E4CDE028B4EB} Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Temp\fla2A4B.tmp Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Temp\fla2A4C.tmp Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Temp\fla2A4D.tmp Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Temp\fla2B77.tmp Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Temp\fla2B97.tmp Object is locked skipped
C:\Users\HP_Administrator\AppData\Local\Temp\hpodvd09.log Object is locked skipped
C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/RunSequence.exe/script.au3 Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/RunSequence.exe Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/_aps activator.exe Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe RarSFX: infected - 4 skipped
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/RunSequence.exe/script.au3 Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/RunSequence.exe Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar/_aps activator.exe Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens\Keygens\Photoshop CS3 Keygen + Activation.exe/data.rar Infected: Backdoor.Win32.DSSdoor.c skipped
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens\Keygens\Photoshop CS3 Keygen + Activation.exe RarSFX: infected - 4 skipped
C:\Users\HP_Administrator\ntuser.dat Object is locked skipped
C:\Users\HP_Administrator\ntuser.dat.LOG1 Object is locked skipped
C:\Users\HP_Administrator\ntuser.dat.LOG2 Object is locked skipped
C:\Users\HP_Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\HP_Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\HP_Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Public\Documents\Config\desktop2.idf Object is locked skipped
C:\Users\Public\Documents\Fonts\SwUniNew.tff Object is locked skipped
C:\Users\Public\Documents\Settings\1_32bean32_1.dll Object is locked skipped
C:\Users\Public\Documents\Settings\dbf42.dll Object is locked skipped
C:\Users\Public\Documents\Settings\winsys2f.dll Object is locked skipped
C:\Users\Public\Documents\Settings\winsys2f.dll~ Infected: Trojan-Proxy.Win32.Xorpix.ar skipped

tmeany91
2007-08-14, 00:50
C:\Users\Tim\AppData\Local\Temp\tmp1C4A.tmp.exe Object is locked skipped
C:\Users\Tim\AppData\Local\Temp\tmp2504.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Users\Tim\AppData\Local\Temp\tmpEABF.tmp.exe Object is locked skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b11336d-34e43dbf.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b11336d-34e43dbf.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b11336d-34e43dbf.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b11336d-34e43dbf.zip ZIP: infected - 3 skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-28375984-448cfb11.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-28375984-448cfb11.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-28375984-448cfb11.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-28375984-448cfb11.zip ZIP: infected - 3 skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c21f996-480d3550.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c21f996-480d3550.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c21f996-480d3550.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c21f996-480d3550.zip ZIP: infected - 3 skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-f1b0c57-545bf75e.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-f1b0c57-545bf75e.zip ZIP: infected - 1 skipped
C:\Users\Tyler\Desktop\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped
C:\Users\Tyler\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped
C:\Windows\cfg32.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Windows\cfsb.exe Infected: Packed.Win32.NSAnti.r skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\SchedLgU.Txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{2F33BAEC-2724-497C-96A5-66CB84064F18}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{3f82aee6-384d-11dc-8c4e-00112fd9b525}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{3f82aee6-384d-11dc-8c4e-00112fd9b525}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{3f82aee6-384d-11dc-8c4e-00112fd9b525}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{3f82aee6-384d-11dc-8c4e-00112fd9b525}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

tmeany91
2007-08-14, 00:51
Deckard's System Scanner v20070809.63
Run by HP_Administrator on 2007-08-13 at 17:48:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1023 MiB (1024 MiB recommended).


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:00 PM, on 8/13/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hphmon06.exe
C:\Windows\system\hpsysdrv.exe
C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
c:\program files\aim6\anotify.exe
C:\Users\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PlayLinc] "C:/Program Files/PlayLinc/PlayLincV.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7999 bytes

-- Files created between 2007-07-13 and 2007-08-13 -----------------------------

2007-08-13 09:38:50 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-08-13 09:38:48 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-08-12 11:43:08 0 dr-h----- C:\$VAULT$.AVG
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\Grisoft
2007-08-12 11:12:23 0 d-------- C:\Users\All Users\avg7
2007-08-12 10:53:02 0 d-------- C:\Program Files\Trend Micro
2007-08-11 19:24:35 0 d-------- C:\Program Files\STOPzilla!
2007-08-11 19:24:34 0 d-------- C:\Program Files\Common Files\iS3
2007-08-11 19:24:33 0 d-------- C:\Users\All Users\STOPzilla!
2007-08-06 11:51:12 0 d-------- C:\Windows\Roaming
2007-08-03 09:27:06 0 d-------- C:\Program Files\Disney
2007-07-23 15:13:20 0 d-------- C:\Program Files\SpeedItUpFree
2007-07-20 13:49:15 0 d-------- C:\Users\HP_Administrator\{fdd8db00-7b91-4f7a-b21d-6f81fb91fe54}
2007-07-20 13:35:48 0 d-------- C:\Program Files\Xfire Plus


-- Find3M Report ---------------------------------------------------------------

2007-08-12 18:21:10 0 d-------- C:\Program Files\iTube
2007-08-12 18:20:49 0 d-------- C:\Program Files\BitTorrent
2007-08-12 17:08:30 0 d-------- C:\Program Files\Common Files
2007-08-12 11:51:05 0 d-------- C:\Program Files\AIM
2007-08-12 11:14:24 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\AVG7
2007-08-11 20:37:05 0 d-------- C:\Program Files\WildTangent
2007-08-11 17:04:40 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-11 15:27:27 0 d-------- C:\Program Files\StepMania <STEPMA~1>
2007-08-07 22:01:30 0 d-------- C:\Program Files\PlayLinc
2007-08-07 16:10:02 0 d-------- C:\Program Files\World of Warcraft
2007-08-06 13:11:29 0 d-------- C:\Program Files\verizon
2007-08-03 20:04:23 0 d-------- C:\Program Files\YouTube Downloader
2007-08-02 21:00:50 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\BitTorrent
2007-07-23 15:13:11 724992 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-22 11:09:55 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\teamspeak2
2007-07-20 17:12:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Simple Star
2007-07-20 13:36:41 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Xfire Plus
2007-07-12 20:26:29 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Adobe
2007-07-12 14:09:24 0 d-------- C:\Program Files\Flash Slideshow Generator
2007-07-12 10:26:01 0 d-------- C:\Program Files\Bonjour
2007-07-12 10:25:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-12 10:13:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-12 07:53:22 0 d-------- C:\Program Files\Windows Mail
2007-07-10 12:48:29 0 d-------- C:\Program Files\Replay Media Catcher
2007-07-04 12:48:47 0 d-------- C:\Program Files\PKWARE
2007-07-04 12:48:47 0 d-------- C:\Program Files\Common Files\PKWARE
2007-07-04 12:38:55 0 d-------- C:\Program Files\WinZip Self-Extractor
2007-07-03 11:59:38 0 d-------- C:\Program Files\BadgeHelp
2007-07-02 07:06:00 0 d-------- C:\Program Files\Common Files\M?crosoft
2007-07-01 20:15:03 0 d-------- C:\Program Files\AIM6
2007-07-01 20:13:52 0 d-------- C:\Program Files\Common Files\AOL
2007-06-25 12:59:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 19:50:01 0 d-------- C:\Program Files\IncrediMail
2007-06-22 08:07:47 0 d-------- C:\Users\HP_Administrator\AppData\Roaming\Move Networks
2007-06-18 06:50:17 0 d-------- C:\Program Files\iTunes
2007-06-18 06:50:12 0 d-------- C:\Program Files\iPod
2007-06-18 06:43:57 0 d-------- C:\Program Files\QuickTime
2007-06-15 07:13:41 0 d-------- C:\Program Files\HP
2007-06-15 07:13:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-31 16:48:20 1570 --a------ C:\Users\HP_Administrator\AppData\Roaming\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 03:01 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 10:42 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 10:53 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/21/2004 02:55 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/15/2004 01:54 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 08:57 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/15/2004 12:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/05/2004 06:30 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/05/2004 08:14 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/09/2006 09:55 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/09/2006 09:55 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/09/2006 09:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 04:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/12/2007 11:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [05/29/2007 09:34 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"PlayLinc"="C:/Program Files/PlayLinc/PlayLincV.exe" [12/22/2006 06:01 PM C:\Program Files\PlayLinc\PlayLincV.exe]
"SpeedItUpEX"="C:\Program Files\SpeedItUpFree\SpeedItUp.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 9:31:38 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [12/10/2004 12:02:55 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [11/5/2004 9:25:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-13 at 17:49:33 ---------

tmeany91
2007-08-14, 00:52
My computer has been running very smoothly, I just want to say thank you for all your help so far.

Shaba
2007-08-14, 10:09
Hi

You have a nasty keylogger present:

C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.dll Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.exe Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00002.dll Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00003.dll Object is locked skipped
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00004.dll Object is locked skipped

Along with some other nastys:

C:\Users\Public\Documents\Settings\winsys2f.dll Object is locked skipped
C:\Users\Public\Documents\Settings\winsys2f.dll~ Infected: Trojan-Proxy.Win32.Xorpix.ar skipped

Tell me if you still want to continue cleaning or if you want to format.

If you want to clean you should change all online passwords from clean computer and contact online bank/credit card company if you have used their services via this computer.

tmeany91
2007-08-14, 15:09
I do not use this computer for any banking needs, I would still like to clean up the computer

Shaba
2007-08-14, 17:26
Hi

Empty these folders:

C:\Users\Tim\AppData\Local\Temp\
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar

Delete these:

C:\Downloads\DinerDashSetup-dm[1].exe
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe
C:\Downloads\PedalToTheMetalSetup-dm[1].exe
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00002.dll
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00003.dll
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00004.dll
C:\Program Files\FunWebProducts\Installr\5.bin\F3EZSETP.DLL
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174223618
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174242813
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174331018
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174341443
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174438282
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174648062
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174745556
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174936961
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1175637099
C:\Users\Tyler\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe
C:\Windows\cfg32.exe
C:\Windows\cfsb.exe

Empty Recycle Bin

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it.
Press 1 and enter.
When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.

tmeany91
2007-08-14, 19:26
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 08/14/2007
The current time is: 12:06:12.79


bak folders found
~~~~~~~~~~~


Directory of C:\ITUNES\BAK


Directory of C:\PROGRA~1\ADVANC~1\BAK

08/13/2005 08:16 PM 184,320 HCUcp.txt
08/13/2005 08:16 PM 2,289,664 HCUsm.txt
08/13/2005 08:16 PM 12,288 HCUsp.txt
08/13/2005 08:16 PM 8,192 HLMctrc.txt
08/13/2005 08:16 PM 8,192 HLMctrf.txt
08/13/2005 08:16 PM 98,304 HLMctrs.txt
08/13/2005 08:16 PM 651,264 HLMser.txt
7 File(s) 3,252,224 bytes

Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 04:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 11:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

03/30/2007 07:58 AM 100,048 SNDMon.exe
1 File(s) 100,048 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/10/2004 03:04 PM 59,392 ehtray.exe
1 File(s) 59,392 bytes

Directory of C:\WINDOWS\SMINST\BAK

04/15/2004 12:43 AM 233,472 RECGUARD.EXE
1 File(s) 233,472 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 08:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\HP\DRIVERS\HPLSBW~1\BAK

10/15/2004 01:54 AM 253,952 lsburnwatcher.exe
1 File(s) 253,952 bytes

Directory of C:\PROGRA~1\HP\{AAC4F~1\BAK

06/07/2004 10:53 PM 49,152 hphupd06.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/05/2004 08:14 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

11/05/2004 06:30 AM 32,881 jusched.exe
1 File(s) 32,881 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

184320 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HCUcp.txt"
2289664 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HCUsm.txt"
12288 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HCUsp.txt"
8192 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMctrc.txt"
8192 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMctrf.txt"
98304 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMctrs.txt"
651264 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMser.txt"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
111840 Apr 8 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100048 Mar 30 2007 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
125440 Nov 2 2006 "C:\Windows\ehome\ehtray.exe"
59392 Aug 10 2004 "C:\Windows\ehome\bak\ehtray.exe"
125440 Nov 2 2006 "C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.0.6000.16386_none_28a24bc3701e0760\ehtray.exe"
233472 Apr 15 2004 "C:\Windows\SMINST\Recguard.exe"
233472 Apr 15 2004 "C:\Windows\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\Windows\system\hpsysdrv.exe"
52736 May 7 1998 "C:\Windows\system\bak\hpsysdrv.exe"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe1175394912"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
180269 Nov 5 2004 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Nov 5 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Nov 5 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
49263 Sep 7 2006 "C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\jusched.exe"
32881 Nov 5 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"


end of report

Shaba
2007-08-14, 19:39
Hi

Uninstall via add/remove programs if present:

SpamBlockerUtility

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Empty these folders:

C:\Users\Tyler\Local Settings\Temp
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5


Delete these:

C:\Users\Tyler\Desktop\incredimail_install.exe
C:\Program Files\SpamBlockerUtility
C:\Users\Alyssa\Desktop\New Folder (4)\New Folder (2)\Titan[1].1.25.1600.zip
C:\Users\Alyssa\Desktop\Trillian.zip
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens
C:\Users\Public\Documents\Settings\winsys2f.dll
C:\Users\Public\Documents\Settings\winsys2f.dll~

Empty Recycle Bin

Please click this link-->Jotti (http://virusscan.jotti.org/)

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\QuickTime\qttask.exe

Repeat for these:

C:\Program Files\SymNetDrv\SNDMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\SMINST\Recguard.exe
C:\Windows\system\hpsysdrv.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

tmeany91
2007-08-14, 23:18
None found on any of the files

Shaba
2007-08-15, 16:18
Hi

Then re-scan with kaspersky and post a fresh HijackThis log and kaspersky report, please :)

Shaba
2007-08-22, 17:49
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.