Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Yazzle, Doubleclick


  • Please log in to reply
4 replies to this topic

#1 Asmerus

Asmerus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 07 November 2007 - 11:41 AM

I have been searching through the forums and I am seeing the same or similar problem but by following it I can't seem to get mine clean. My guess is the .dlls are randomly named. I would get rid of the "new dlls" but I really don't want to mess up my system and I can't find my windows recovery disk. I didn't get a windows cd because I bought it from HP, Plus my girlfriend doesn't want me to format her system and install even if I did have a disk because she thinks it is a lazy approach. So here are the logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:41 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\David\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myeastlink.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {eefab780-a0a7-69b9-4bb4-b7e5e44a9447} - {7449a44e-5e7b-4bb4-9b96-7a0a087bafee} - C:\WINDOWS\system32\quhsplse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\COMMON~1\SSEMBL~1\dllhost.exe" --ru -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164232099968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165961411031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp02.eastlink.ca/SelfProvisioning.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7441 bytes

ComboFix 07-11-07.4 - HP_Owner 2007-11-07 12:24:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\SYSTEM32\kclabdpl.dll
C:\WINDOWS\system32\llydqisc.dll
.

((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-07 11:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 11:22 79,936 --a------ C:\WINDOWS\system32\quhsplse.dll
2007-11-07 11:16 86,080 --a------ C:\WINDOWS\system32\kjresoes.dll
2007-11-07 11:14 71,232 --a------ C:\WINDOWS\system32\qkcuyhag.exe
2007-11-07 10:11 79,936 --a------ C:\WINDOWS\system32\pwkjffxm.dll
2007-11-07 10:07 71,232 --a------ C:\WINDOWS\system32\maycylcc.exe
2007-11-06 21:34 81,472 --a------ C:\WINDOWS\system32\wkfedoxh.dll
2007-11-06 21:26 71,232 --a------ C:\WINDOWS\system32\filuupvi.exe
2007-11-06 10:01 81,472 --a------ C:\WINDOWS\system32\itohcxij.dll
2007-11-06 01:10 83,008 --a------ C:\WINDOWS\system32\lvdohgaa.dll
2007-11-05 22:02 <DIR> d-------- C:\David
2007-11-05 09:38 83,008 --a------ C:\WINDOWS\system32\pqaadudb.dll
2007-11-04 14:32 78,912 --a------ C:\WINDOWS\system32\obdhmgtw.dll
2007-11-03 20:33 81,472 --a------ C:\WINDOWS\system32\kvdvcrtg.dll
2007-11-03 08:40 81,472 --a------ C:\WINDOWS\system32\crnhuowf.dll
2007-11-02 23:21 82,496 --a------ C:\WINDOWS\system32\fmxkgmeu.dll
2007-11-01 17:54 <DIR> d-------- C:\NeverwinterNights
2007-11-01 13:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2007-11-01 12:30 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2007-10-29 09:58 <DIR> d-------- C:\Program Files\Mp3 My Mp3 2.0
2007-10-27 22:31 <DIR> d-------- C:\VundoFix Backups
2007-10-26 21:10 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer PRO
2007-10-26 21:05 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Media Player Classic
2007-10-26 20:59 739,840 --a------ C:\WINDOWS\system32\divx.dll
2007-10-26 20:59 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-10-26 20:59 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-26 20:59 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-26 20:23 <DIR> d-------- C:\Program Files\Pegasus Imaging
2007-10-26 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 14:38 35,840 -ra------ C:\WINDOWS\mrofinu1044.exe
2007-10-22 22:21 <DIR> d-------- C:\Program Files\Ripple Screensaver
2007-10-08 22:29 <DIR> d-------- C:\SmartSound Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 02:33 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ZoomBrowser EX
2007-11-07 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-11-06 05:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-27 01:10 --------- d-----w C:\Program Files\Webteh
2007-10-27 00:59 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-10-27 00:54 --------- d-----w C:\Program Files\DivX
2007-10-27 00:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 00:02 --------- d-----w C:\Program Files\BitTorrent
2007-10-26 23:57 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2007-10-25 21:43 --------- d-----w C:\Program Files\iTunes
2007-10-25 21:43 --------- d-----w C:\Program Files\iPod
2007-10-22 06:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 06:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 18:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 18:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-11 02:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2007-10-02 12:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-29 13:51 --------- d-----w C:\Program Files\Java
2007-09-28 21:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 21:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-24 15:07 --------- d-----w C:\Program Files\FaxDrive
2007-09-23 15:32 --------- d-----w C:\Program Files\Common Files\Concord
2007-09-15 15:05 --------- d-----w C:\Program Files\Apple Software Update
2007-09-11 01:21 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2007-09-08 04:56 --------- d-----w C:\Program Files\Send To Toys
2006-11-18 17:01 1,656,346 ----a-w C:\Documents and Settings\HP_Owner\blah.zip
2005-12-09 18:18 270 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-12-09 05:38 49,280 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7449a44e-5e7b-4bb4-9b96-7a0a087bafee}]
2007-11-07 11:22 79936 --a------ C:\WINDOWS\system32\quhsplse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 02:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 13:31]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-03 18:08]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 14:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Srro"="C:\PROGRA~1\COMMON~1\SSEMBL~1\dllhost.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-04 16:03:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
STK014 PNP Monitor.lnk - C:\Program Files\STK014_V2.01\STK014M.exe [2006-10-23 13:57:02]

S3 ZSMC302;USB(VGA) Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 21:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 12:27:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 12:28:48
C:\ComboFix2.txt ... 2007-11-07 12:03
.
--- E O F ---



*************************
FindAWF did not produce anything.



May also notice new folder David. I created that =p Not spyware :-)

BC AdBot (Login to Remove)

 


#2 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 07 November 2007 - 09:31 PM

Hello and Welcome to Bleeping Computer.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.


Posted Image


#3 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 08 November 2007 - 08:47 AM

Hello Asmerus,

Download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)


Posted Image


#4 Asmerus

Asmerus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 08 November 2007 - 02:33 PM

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2007-11-08 15:21:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-11-08 19:21:48 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-11-07 16:23:39 UTC - RP3 - ComboFix created restore point
2: 2007-11-07 15:45:09 UTC - RP2 - ComboFix created restore point
1: 2007-11-06 05:39:59 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:18 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\David\HP_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myeastlink.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {eefab780-a0a7-69b9-4bb4-b7e5e44a9447} - {7449a44e-5e7b-4bb4-9b96-7a0a087bafee} - C:\WINDOWS\system32\quhsplse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\COMMON~1\SSEMBL~1\dllhost.exe" --ru -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164232099968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165961411031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp02.eastlink.ca/SelfProvisioning.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8088 bytes

-- HijackThis Fixed Entries (C:\David\backups\) --------------------------------

backup-20071106-010036-297 O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\COMMON~1\SSEMBL~1\dllhost.exe" --ru -vt yazb
backup-20071106-010036-517 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEC7614B76D9695772FD15FD97CB77
backup-20071106-010036-600 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071106-010036-692 O4 - HKCU\..\Run: [Bidcrhxk] "C:\Documents and Settings\HP_Owner\Application Data\W?nSxS\r?ndll32.exe"
backup-20071107-121915-476 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071107-121915-829 O4 - HKLM\..\Run: [62b72f4a] rundll32.exe "C:\WINDOWS\system32\kjresoes.dll",b

-- File Associations -----------------------------------------------------------

.txt - speakingtxtfile - DefaultIcon - unable to read value
.txt - speakingtxtfile - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing)
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 ZSMC302 (USB(VGA) Camera) - c:\windows\system32\drivers\usbvm302.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-25 17:39:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-08 and 2007-11-08 -----------------------------

2007-11-07 11:22:43 79936 --a------ C:\WINDOWS\system32\quhsplse.dll
2007-11-07 11:16:40 86080 --a------ C:\WINDOWS\system32\kjresoes.dll
2007-11-07 11:14:43 71232 --a------ C:\WINDOWS\system32\qkcuyhag.exe <Not Verified; ; DDC>
2007-11-07 10:11:57 79936 --a------ C:\WINDOWS\system32\pwkjffxm.dll
2007-11-07 10:07:02 71232 --a------ C:\WINDOWS\system32\maycylcc.exe <Not Verified; ; DDC>
2007-11-06 21:34:57 81472 --a------ C:\WINDOWS\system32\wkfedoxh.dll
2007-11-06 21:26:58 71232 --a------ C:\WINDOWS\system32\filuupvi.exe <Not Verified; ; DDC>
2007-11-06 10:01:16 81472 --a------ C:\WINDOWS\system32\itohcxij.dll
2007-11-06 01:10:29 83008 --a------ C:\WINDOWS\system32\lvdohgaa.dll
2007-11-05 22:30:05 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2007-11-05 22:02:08 0 d-------- C:\David
2007-11-05 09:38:44 83008 --a------ C:\WINDOWS\system32\pqaadudb.dll
2007-11-04 14:32:47 78912 --a------ C:\WINDOWS\system32\obdhmgtw.dll
2007-11-03 20:33:12 81472 --a------ C:\WINDOWS\system32\kvdvcrtg.dll
2007-11-03 08:40:23 81472 --a------ C:\WINDOWS\system32\crnhuowf.dll
2007-11-02 23:21:17 82496 --a------ C:\WINDOWS\system32\fmxkgmeu.dll
2007-11-01 17:54:34 0 d-------- C:\NeverwinterNights
2007-11-01 13:22:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-01 13:17:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2007-11-01 13:17:51 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-11-01 13:17:51 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-01 12:30:02 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2007-10-29 09:58:54 0 d-------- C:\Program Files\Mp3 My Mp3 2.0
2007-10-27 22:48:40 0 d-------- C:\!KillBox
2007-10-27 22:31:10 0 d-------- C:\VundoFix Backups
2007-10-26 21:15:46 10485760 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2007-10-26 21:10:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer PRO
2007-10-26 21:05:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Media Player Classic
2007-10-26 20:59:23 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-26 20:59:17 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-26 20:59:13 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX>
2007-10-26 20:59:12 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-26 20:23:11 0 d-------- C:\Program Files\Pegasus Imaging
2007-10-26 20:09:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 14:38:12 35840 -ra------ C:\WINDOWS\mrofinu1044.exe
2007-10-22 22:21:34 0 d-------- C:\Program Files\Ripple Screensaver
2007-10-08 22:29:35 0 d-------- C:\SmartSound Software


-- Find3M Report ---------------------------------------------------------------

2007-11-07 11:53:45 0 d-------- C:\Program Files\Common Files
2007-11-06 22:33:13 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\ZoomBrowser EX
2007-10-26 21:10:23 0 d-------- C:\Program Files\Webteh
2007-10-26 20:59:35 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-10-26 20:54:58 0 d-------- C:\Program Files\DivX
2007-10-26 20:23:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-26 20:02:18 0 d-------- C:\Program Files\BitTorrent
2007-10-26 19:57:41 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2007-10-25 17:43:39 0 d-------- C:\Program Files\iTunes
2007-10-25 17:43:18 0 d-------- C:\Program Files\iPod
2007-10-10 22:09:08 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2007-09-29 09:51:24 0 d-------- C:\Program Files\Java
2007-09-28 17:07:52 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-24 11:56:00 5120 --a------ C:\WINDOWS\system32\faxlog32
2007-09-24 11:07:42 0 d-------- C:\Program Files\FaxDrive
2007-09-23 11:32:06 0 d-------- C:\Program Files\Common Files\Concord
2007-09-15 11:05:42 0 d-------- C:\Program Files\Apple Software Update
2007-09-10 21:21:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2007-09-08 00:56:37 0 d-------- C:\Program Files\Send To Toys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7449a44e-5e7b-4bb4-9b96-7a0a087bafee}]
11/07/2007 11:22 AM 79936 --a------ C:\WINDOWS\system32\quhsplse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/18/2004 02:10 AM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 01:31 PM]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [01/21/2003 03:19 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/03/2005 06:08 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 01:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 02:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"Srro"="C:\PROGRA~1\COMMON~1\SSEMBL~1\dllhost.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/4/2005 4:03:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 7:05:56 PM]
STK014 PNP Monitor.lnk - C:\Program Files\STK014_V2.01\STK014M.exe [10/23/2006 1:57:02 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-11-08 15:24:12 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.93GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 503.3 MiB / 209.96 MiB
Pagefile Memory (total/avail): 1228.42 MiB / 1008.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.67 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 44.28 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 1.01 GiB free.
E: is CDROM (Unformatted)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - HDT722516DLA380 - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MATILDA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\MATILDA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=MATILDA
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems PCI Soft Modem --> agrsmdel
Animated GIF Banner Maker --> C:\PROGRA~1\ANIMAT~1\UNWISE.EXE C:\PROGRA~1\ANIMAT~1\INSTALL.LOG
Apex PowerPoint Screensaver Maker --> "C:\Program Files\ApexStudio\Powerpoint\Uninstal.exe"
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B41503CB-5FE0-47E0-87C1-47BA8E660BCC\Uninstall.exe"
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
BS.Player PRO --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CodeStuff Starter --> "C:\Program Files\CodeStuff\Starter\unStarter.exe"
Concord Telephony Translation --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\CTITELEP.INF, DefaultUninstall.ntx86
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
CTIAPI32 (remove only) --> "C:\Program Files\Common Files\Concord\CTIAPI32uninst.exe"
CtiLogC (remove only) --> "C:\Program Files\Common Files\Concord\CtiLogCuninst.exe"
Digital Image Edit-Pro V1.0 --> "C:\Program Files\Digital Image Edit-Pro\unins000.exe"
Digital Video --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A71E27C-07D2-4CB8-ACA9-165242416758}\Setup.exe" -l0x9
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDx --> "C:\Program Files\DVDx\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EVEREST Ultimate Edition v3.50 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FaxDrive --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\FaxDrive\ST5UNST.LOG"
FaxWizard --> C:\FAXWIZ\UNWISE.EXE C:\FAXWIZ\INSTALL.LOG "FaxWizard Uninstall"
Final Drive Nitro from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\741C4983-B139-407A-AD4E-3D6C7B29704B\Uninstall.exe"
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\David\HijackThis.exe" /uninstall
hitchhikers_dvd Screen Saver --> C:\WINDOWS\system32\hitchhikers_dvd.scr /u
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iScreensaver Designer 3.4 --> "C:\Program Files\iScreensaver Designer 3\unins000.exe"
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.5.3 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KBD --> C:\HP\KBD\KBD.EXE uninstalled
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexibox Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E2A4EA31-80A1-4460-9510-631AF4D6A636\Uninstall.exe"
ljArchive --> C:\Program Files\ljArchive\uninst.exe
Metacafe --> C:\Program Files\Metacafe\uninstaller.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
OLYMPUS CAMEDIA Master 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Pegasus Imaging PICVideo Motion JPEG 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{37FF74E1-843A-4431-AA07-E73E2B847CA4}
Phoenix Assault from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7CEF0F00-BA1B-4861-A102-38CC86CA622B\Uninstall.exe"
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Polar Golfer from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove WeatherBug installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\WeatherBug\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Ripple Screensaver --> "C:\Program Files\Ripple Screensaver\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SereneScreen Marine Aquarium 2 --> "C:\Program Files\SereneScreen\Marine Aquarium 2\unins000.exe"
Shooting Stars Pool from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\14DD9322-0AAE-4DA4-90A9-EB42CF296127\Uninstall.exe"
SiL (remove only) --> "C:\Program Files\SiL\Uninstall.exe"
Sim AQUARIUM 2 --> "C:\Program Files\Sim AQUARIUM 2\unins000.exe"
SiSoftware Sandra Lite XIb (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\unins000.exe"
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Speaking Notepad 3.4 --> "C:\Program Files\Speaking Notepad\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpySubtract --> C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
STK014_V2.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7C401C6-B490-4C92-9E6D-F6A862A27B65}\Setup.exe" -l0x9
Super Granny from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Ulead VideoStudio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x9
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XVID Codec Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534C6D59-D6E3-48A6-AD0B-747799019960}\Setup.exe" -l0x9
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type14089 / Success
Event Submitted/Written: 11/08/2007 02:38:25 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type14085 / Error
Event Submitted/Written: 11/07/2007 05:35:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vstudio.exe, version 10.0.0.0, faulting module ulppmgr.dll, version 8.0.0.0, fault address 0x00002fbf.
Processing media-specific event for [vstudio.exe!ws!]

Event Record #/Type14082 / Success
Event Submitted/Written: 11/07/2007 00:57:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type14061 / Success
Event Submitted/Written: 11/07/2007 11:15:05 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type14035 / Success
Event Submitted/Written: 11/07/2007 10:07:33 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type52495 / Error
Event Submitted/Written: 11/07/2007 00:24:28 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type52475 / Error
Event Submitted/Written: 11/07/2007 11:54:28 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Event Record #/Type52474 / Error
Event Submitted/Written: 11/07/2007 11:54:28 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Event Record #/Type52473 / Error
Event Submitted/Written: 11/07/2007 11:54:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The combofix service failed to start due to the following error:
%%1053

Event Record #/Type52472 / Error
Event Submitted/Written: 11/07/2007 11:54:11 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the combofix service to connect.



-- End of Deckard's System Scanner: finished at 2007-11-08 15:24:12 ------------

#5 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 10 November 2007 - 04:23 AM

Hello again,

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users