Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fakealert F Trojan


  • This topic is locked This topic is locked
36 replies to this topic

#1 flyglasses

flyglasses

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 23 April 2008 - 05:16 PM

I have the FakeAlert F Trojan. Comcast Anti-Spy software identifies this in the scan, but it will not delete it. McAfee does not even find it in scan. I am running Windows XP Media Edition Service Pack 2.

I continually get pop window warning of a threat and trying to bait me into downloading software.

Here are the results of the scans as directed to do in the "this topic"

Thanks

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-04-23 17:51:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-23 21:51:35 UTC - RP466 - Deckard's System Scanner Restore Point
2: 2008-04-23 00:13:36 UTC - RP465 - Software Distribution Service 3.0
1: 2008-04-22 23:45:05 UTC - RP464 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:05 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\kdkpypql.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.serv...7AV&LF=blue
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: NavigationAdvisor - {E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50} - C:\Program Files\NavigationAdvisor\NavigationAdvisor-4.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: dpevflbg - {859D10F7-0E0F-43A8-8DF7-EC0466A40301} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [jxkqwiua] C:\WINDOWS\system32\kdkpypql.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1201834956156
O20 - Winlogon Notify: byXQJYpQ - byXQJYpQ.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13507 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RetroLauncher (Retrospect Launcher) - c:\program files\dantz\retrospect\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 08:28:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-01 02:00:05 374 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-15 02:36:05 372 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-29 21:05:59 294 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
2008-01-29 21:00:47 340 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_rundll32_exe.job


-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-23 16:38:45 0 d-------- C:\Program Files\Trend Micro
2008-04-22 20:16:24 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-22 19:00:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-04-22 06:34:21 0 d-------- C:\Documents and Settings\All Users\Digital Camea Pictures
2008-04-21 17:36:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\TmpRecentIcons
2008-04-21 17:18:53 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-21 16:09:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-04-21 16:06:17 0 d-------- C:\WINDOWS\system32\smp
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\medup020.dll
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-21 16:06:17 4096 --a------ C:\WINDOWS\a.bat
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-21 16:06:16 4096 --a------ C:\WINDOWS\bdn.com
2008-04-21 16:06:15 81920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-21 16:06:15 94208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-21 16:06:15 155648 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-21 16:06:08 0 d-------- C:\Documents and Settings\All Users\Application Data\ixuduxyx
2008-04-21 16:06:07 114688 --a------ C:\WINDOWS\system32\kdkpypql.exe
2008-04-20 20:51:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Opera
2008-04-08 18:36:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-04-06 10:57:02 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-06 10:49:55 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-04 19:34:26 0 d-------- C:\Program Files\Safari
2008-04-04 19:31:16 0 d-------- C:\Program Files\iPod
2008-04-01 16:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-01 16:11:28 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-31 20:03:27 0 d-------- C:\Program Files\Incomplete
2008-03-27 15:57:42 1683634 --a------ C:\WINDOWS\system32\version69ie7fix.dll <Not Verified; Mirar; MBar NoL NT 1:1 NoF VIP RSV RPT AFF ATD>
2008-03-27 15:57:29 380928 --a------ C:\WINDOWS\system32\WinNB56.dll <Not Verified; ; NN_Bar IES>
2008-03-27 15:56:30 9952 --a------ C:\regxpcom.exe
2008-03-27 15:56:30 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-03-27 15:56:29 0 d-------- C:\Program Files\FBrowserAdvisor
2008-03-27 15:56:19 0 d-------- C:\Program Files\NavigationAdvisor
2008-03-27 15:56:17 0 d-------- C:\Program Files\PlayMP3z


-- Find3M Report ---------------------------------------------------------------

2008-04-23 17:32:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ComcastToolbar
2008-04-22 06:27:18 0 d-------- C:\Program Files\Java
2008-04-21 17:21:43 0 d-------- C:\Program Files\McAfee
2008-04-21 17:18:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-20 17:52:00 0 d-------- C:\Program Files\Google
2008-04-15 21:48:11 4 --a------ C:\WINDOWS\system32\99D2B6
2008-04-15 21:42:50 0 d-------- C:\Program Files\Real
2008-04-15 16:44:51 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-04-14 16:18:40 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-04-06 10:49:25 0 d-------- C:\Program Files\HP
2008-04-04 19:35:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-04-04 19:31:25 0 d-------- C:\Program Files\iTunes
2008-04-04 19:29:37 0 d-------- C:\Program Files\QuickTime
2008-04-01 16:25:43 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-01 16:11:28 0 d-------- C:\Program Files\Common Files
2008-03-22 14:57:39 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\FrostWire
2008-03-21 22:44:09 0 d-------- C:\Program Files\FrostWire
2008-03-21 22:40:24 0 d-------- C:\Program Files\AskSBar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
03/21/2008 10:40 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50}]
12/30/2007 04:48 PM 1019904 --a------ C:\Program Files\NavigationAdvisor\NavigationAdvisor-4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
03/21/2008 10:40 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [03/21/2008 10:40 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 05:56 PM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/02/2005 08:19 PM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/28/2007 02:59 AM]
"nwiz"="nwiz.exe" [08/28/2007 02:59 AM C:\WINDOWS\system32\nwiz.exe]
"@"="" []
"PCDrProfiler"="" []
"WD Button Manager"="WDBtnMgr.exe" [01/07/2008 07:48 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"RTHDCPL"="RTHDCPL.EXE" [10/25/2007 04:57 AM C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 11:43 AM C:\WINDOWS\ALCMTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [08/05/2005 04:08 PM]
"jxkqwiua"="C:\WINDOWS\system32\kdkpypql.exe" [04/21/2008 04:06 PM]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [12/19/2006 2:02:34 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1/10/2007 10:54:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\byXQJYpQ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXQJYpQ]
byXQJYpQ.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-04-23 17:54:06 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2046.48 MiB / 1518.22 MiB
Pagefile Memory (total/avail): 3939.34 MiB / 3523.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.38 MiB

C: is Fixed (NTFS) - 140.22 GiB total, 114.8 GiB free.
D: is Fixed (FAT32) - 8.81 GiB total, 0.6 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.22 GiB - C:
\PARTITION1 - Unknown - 8.82 GiB - D:

\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE8 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE7 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE6 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1201913705\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1201913705\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1201913705\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1201913705\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP_DESK_TOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\HP_DESK_TOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=HP_DESK_TOP
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
--> "C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Colorizer 1.0.0.1 --> C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
FBrowsingAdvisor --> "C:\Program Files\FBrowsingAdvisor\unins000.exe"
Flickr Uploadr 2.5.0.15 --> "C:\Documents and Settings\HP_Administrator\My Documents\Nataless Fonts\Flickr Uploadr\uninstall.exe"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Games 3.43.97 --> "C:\Program Files\DISC\uninstall.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LWAway 1.0.0.1 --> C:\PROGRA~1\LWAway\UNWISE.EXE C:\PROGRA~1\LWAway\INSTALL.LOG
Macromedia Authorware Web Player --> C:\WINDOWS\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS\system32\Macromed\AUTHORWA\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
NavigationAdvisor --> C:\Program Files\NavigationAdvisor\uninstall.exe
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Remove WeatherBug Installer --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Retrospect 6.5 --> MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Vodei Multimedia Processor 2.10 --> C:\Program Files\Vodei\uninst.exe
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type19696 / Error
Event Submitted/Written: 04/22/2008 03:31:39 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : IEXPLORE: Shared heap exhausted or damaged, process ID cb4, total alloc:3ebe8...

Event Record #/Type19695 / Error
Event Submitted/Written: 04/22/2008 03:31:39 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : IEXPLORE: Shared heap exhausted or damaged, process ID cb4, total alloc:3ebe8...

Event Record #/Type19694 / Error
Event Submitted/Written: 04/22/2008 03:31:38 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : IEXPLORE: Shared heap exhausted or damaged, process ID cb4, total alloc:3ebe8...

Event Record #/Type19693 / Error
Event Submitted/Written: 04/22/2008 03:26:25 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : IEXPLORE: Shared heap exhausted or damaged, process ID a50, total alloc:3ebe8...

Event Record #/Type19692 / Error
Event Submitted/Written: 04/22/2008 03:26:25 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : IEXPLORE: Shared heap exhausted or damaged, process ID a50, total alloc:3ebe8...



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43448 / Error
Event Submitted/Written: 04/23/2008 05:49:57 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding

Event Record #/Type43447 / Error
Event Submitted/Written: 04/23/2008 05:49:57 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding

Event Record #/Type43446 / Error
Event Submitted/Written: 04/23/2008 05:49:56 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding

Event Record #/Type43442 / Error
Event Submitted/Written: 04/23/2008 05:44:43 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding

Event Record #/Type43441 / Error
Event Submitted/Written: 04/23/2008 05:44:43 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding



-- End of Deckard's System Scanner: finished at 2008-04-23 17:54:06 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 23 April 2008 - 09:48 PM

Hello flyglasses,

Welcome to Bleeping Computer :thumbsup:

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we knew in 2006; read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

Please do the same with AskSBar, then reboot your computer.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: NavigationAdvisor - {E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50} - C:\Program Files\NavigationAdvisor\NavigationAdvisor-4.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: dpevflbg - {859D10F7-0E0F-43A8-8DF7-EC0466A40301} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [jxkqwiua] C:\WINDOWS\system32\kdkpypql.exe
O20 - Winlogon Notify: byXQJYpQ - byXQJYpQ.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders (if they exist):

C:\Program Files\Viewpoint
C:\Program Files\AskSBar
C:\Program Files\NavigationAdvisor

Reboot your computer.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 24 April 2008 - 12:49 PM

tea

Thanks, I'll do as you directed.

I have a couple of question related to the ComboFix

1. Are you my "helper"? Other then that I have no one.
2. If the computer does get "trashed", can I still use the restore feature to return it to the state I recieved it new? I'm assuming nothing here would disable that as a last resort.

Thaniks

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 24 April 2008 - 12:58 PM

Hello,

Valid questions, thank you for asking. :blink: Yes, I'm your helper. I won't let your computer get trashed. :thumbsup: If you have either recovery console installed, or your recovery disks, then if there's a problem you won't be without your computer. These are just warnings for people who take it upon themselves to run this powerful tool without knowing anything about it.

Go ahead and follow my directions. It's safe. :wacko:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 24 April 2008 - 07:33 PM

tea

I've done all the things your directed, but I think ComboFix has stalled.

Currently I have the ComboFix window which says

Preparing Log Report
Do not run any programs until ComboFix has finished

and a blinking curser


Problem may be that another Windows-No Disk window has come up also that says

Exception Processing Message c0000013 Paramters 75b6bf9c 4 75b6bf9c 75b6bf9c


Cancel Try Again Continue


I've tried all three choices, but nothing works.


What should I don now?


Thanks

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 24 April 2008 - 09:14 PM

Did it reboot? If so, look in the ComboFix folder for the .txt file and post that, please. Tell me also if your clock time is normal and your desktop. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 24 April 2008 - 09:47 PM

tea

I rebooted the computer myself. It seemed to come up fine. There is a VETlog.txt file were the ComboFix.exe is. Is that the correct log?

No the clock time is not normal.

Lastly, when I now do the Comcast Spyware scan, the FakeAlert F no longer is found.

Thanks

f

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 25 April 2008 - 12:40 AM

Hello,

I want you to run ComboFix again and let it finish and produce a log. It shouldn't take as long this time, and this is the best way to get your clock fixed. :thumbsup: It obviously worked, but it needs to run again to set everything right and hopefully produce a log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 April 2008 - 06:59 PM

tea

I ran ComboFix again and got the same results. The scan worked, but it appeared to stall during the writing of the log file. That Windows-No Disk warning came up again of which I was unable to cancel. What might this Windows-No Disk warning be and is it stalling the log? After 45 minutes I rebooted the computer manually. The clock time is still not normal. The desktop appears normal.

Here is the combofix.txt file I could find and lastest HiJackThis log.

Thanks

f

ComboFix 08-04-22.5 - HP_Administrator 2008-04-25 18:10:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1540 [GMT -4:00]
Running from: C:\ComboFix\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\RUMZP97U\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\RUMZP97U\www.broadcaster.com\played_list.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\RUMZP97U\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-25 17:51 . 2008-04-25 17:51 <DIR> d-------- C:\New Folder
2008-04-24 23:13 . 2008-04-25 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-23 17:51 . 2008-04-23 17:51 <DIR> d-------- C:\Deckard
2008-04-23 16:38 . 2008-04-23 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 20:16 . 2008-04-22 20:21 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-22 19:00 . 2008-04-24 22:20 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-04-22 06:34 . 2008-04-22 06:35 <DIR> d-------- C:\Documents and Settings\All Users\Digital Camea Pictures
2008-04-21 17:36 . 2008-04-21 22:16 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\TmpRecentIcons
2008-04-21 17:18 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-21 16:09 . 2008-04-24 17:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-21 16:06 . 2008-04-22 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ixuduxyx
2008-04-08 18:36 . 2008-04-08 18:37 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-04-06 10:57 . 2008-04-06 10:57 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-06 10:49 . 2008-04-06 10:50 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-04 19:34 . 2008-04-04 19:34 <DIR> d-------- C:\Program Files\Safari
2008-04-04 19:31 . 2008-04-04 19:31 <DIR> d-------- C:\Program Files\iPod
2008-04-01 16:31 . 2008-04-01 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-01 16:11 . 2008-04-01 16:11 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-31 20:03 . 2008-04-15 17:28 <DIR> d-------- C:\Program Files\Incomplete
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 15:57 . 2008-03-27 15:57 380,928 --a------ C:\WINDOWS\system32\WinNB56.dll
2008-03-27 15:56 . 2008-03-27 15:59 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-27 15:56 . 2008-03-27 15:59 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-03-27 15:56 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 21:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\ComcastToolbar
2008-04-25 03:15 --------- d-----w C:\Program Files\Google
2008-04-25 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-24 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-22 10:27 --------- d-----w C:\Program Files\Java
2008-04-21 21:21 --------- d-----w C:\Program Files\McAfee
2008-04-21 21:18 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-21 11:48 94,208 ----a-w C:\WINDOWS\olgdqarf.exe
2008-04-21 11:48 81,920 ----a-w C:\WINDOWS\wxvgsdbq.exe
2008-04-21 11:48 155,648 ----a-w C:\WINDOWS\dpevflbg.dll
2008-04-16 01:42 --------- d-----w C:\Program Files\Real
2008-04-15 20:44 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-04-09 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 14:49 --------- d-----w C:\Program Files\HP
2008-04-04 23:35 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-04-04 23:31 --------- d-----w C:\Program Files\iTunes
2008-04-04 23:29 --------- d-----w C:\Program Files\QuickTime
2008-04-01 20:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-22 18:57 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\FrostWire
2008-03-22 02:44 --------- d-----w C:\Program Files\FrostWire
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-01 19:25 4,189,808 ----a-w C:\Program Files\ComcastToolbar2_2.exe
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-12-27 03:41 1,206,366 ----a-w C:\Program Files\wrar371.exe
2007-12-06 03:32 1,507,504 ----a-w C:\Program Files\VodeiSetup210.exe
2007-10-29 00:52 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-03 01:49 312,820,720 ----a-w C:\Program Files\X12-30107.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_19.56.15.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 02:20:42 16,384 ----a-w C:\WINDOWS\assembly\GAC\Arbus.Interfacing.Library\1.0.0.27362__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2008-04-25 02:20:42 16,384 ----a-w C:\WINDOWS\assembly\GAC\ArbusApplicationController\1.0.2563.27362__da57d5d39b1d6dd8\ArbusApplicationController.dll
- 2008-04-24 21:37:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 21:28:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 03:15:46 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ARPPRODUCTICON.exe
+ 2008-04-25 03:15:46 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-25 03:15:46 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-04-25 03:15:46 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-04-25 03:15:46 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-04-25 03:15:46 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,112 2006-08-01 20:35:36 C:\Program Files\AIM\bak\aim.exe
----a-w 67,160 2005-08-05 20:08:26 C:\Program Files\AIM\aim.exe

----a-w 180,269 2006-12-19 17:45:50 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 1,095,256 2007-10-31 02:57:54 C:\Program Files\DISC\bak\DISCover.exe

----a-w 42 2008-02-06 03:17:49 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv
----a-w 3,756 2008-01-24 03:00:13 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.csv

----a-w 249,856 2006-02-15 23:34:58 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

----a-w 49,152 2006-02-19 07:41:10 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 54,840 2007-05-08 20:24:20 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

----a-w 90,112 2006-04-13 10:05:00 C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe

----a-w 267,048 2007-12-11 17:10:26 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 14:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 279,912 2007-05-17 21:45:32 C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe

----a-w 286,720 2007-12-11 15:56:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 03:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 709,992 2007-04-10 21:46:48 C:\WINDOWS\bak\vVX3000.exe

----a-w 67,584 2005-09-29 22:01:14 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-05 21:56:34 C:\WINDOWS\ehome\ehtray.exe

----a-w 237,568 2005-07-22 23:14:00 C:\WINDOWS\SMINST\bak\RECGUARD.EXE



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:52 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.serv...7AV&LF=blue
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1201834956156
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11964 bytes

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 25 April 2008 - 07:48 PM

Hello,

Good! you found the log....and it shows another infection we need to deal with now. You can reset your clock manually. :thumbsup:

# *Please download FindAWF by noahdfear and save it to your desktop:

# Please double-click FindAWF.exe to run option 1.
# If a security alert shows, allow the program to run.
# When the tool has completed, a report will open in Notepad.
# Please post the results of the awf.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 April 2008 - 08:30 PM

tea

Here is the log you requested.

BTW can you give me some direction for manually resetting the clock?



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 2008-04-25
The current time is: 21:17:27.68


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

2007-04-10 17:46 709,992 vVX3000.exe
1 File(s) 709,992 bytes

Directory of C:\PROGRA~1\AIM\BAK

2006-08-01 16:35 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\DISC\BAK

2007-10-30 22:57 1,095,256 DISCover.exe
1 File(s) 1,095,256 bytes

Directory of C:\PROGRA~1\HPDIGI~1\BAK

2006-04-13 06:05 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

2007-12-11 13:10 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MI6669~1\BAK

2007-05-17 17:45 279,912 LifeExp.exe
1 File(s) 279,912 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2007-12-11 11:56 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 18:01 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

2005-07-22 19:14 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

2008-02-05 23:17 42 HPBootOp.csv
2006-02-15 19:34 249,856 HPBootOp.exe
2 File(s) 249,898 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2006-02-19 03:41 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

2006-12-19 13:45 180,269 realsched.exe
1 File(s) 180,269 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

709992 Apr 10 2007 "C:\WINDOWS\bak\vVX3000.exe"
709992 Apr 10 2007 "C:\WINDOWS\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\vVX3000.exe"
67160 Aug 5 2005 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
1095256 Oct 30 2007 "C:\Program Files\DISC\bak\DISCover.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
267048 Mar 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 4 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
413696 Mar 28 2008 "C:\Program Files\QuickTime\QTTask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
3756 Jan 23 2008 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.csv"
42 Feb 5 2008 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv"
249856 Feb 15 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
54840 May 8 2007 "C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
180269 Dec 19 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"


end of report

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 25 April 2008 - 11:46 PM

Hello,

Click Start>Control Panel> Date and Time. Then reset to what time it is where you are. :thumbsup:

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\WINDOWS\bak\vVX3000.exe"
"C:\Program Files\AIM\bak\aim.exe"
"C:\Program Files\DISC\bak\DISCover.exe"
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 26 April 2008 - 10:02 AM

Hello

Below are the results.

By the way, the clock reset itself automatically. Thanks


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2008-04-26
The current time is: 10:51:51.10


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

2007-04-10 17:46 709,992 vVX3000.exe
1 File(s) 709,992 bytes

Directory of C:\PROGRA~1\AIM\BAK

2006-08-01 16:35 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\DISC\BAK

2007-10-30 22:57 1,095,256 DISCover.exe
1 File(s) 1,095,256 bytes

Directory of C:\PROGRA~1\HPDIGI~1\BAK

2006-04-13 06:05 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

2007-12-11 13:10 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MI6669~1\BAK

2007-05-17 17:45 279,912 LifeExp.exe
1 File(s) 279,912 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2007-12-11 11:56 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 18:01 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

2005-07-22 19:14 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

2008-02-05 23:17 42 HPBootOp.csv
2006-02-15 19:34 249,856 HPBootOp.exe
2 File(s) 249,898 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2006-02-19 03:41 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

2006-12-19 13:45 180,269 realsched.exe
1 File(s) 180,269 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

709992 Apr 10 2007 "C:\WINDOWS\vVX3000.exe"
709992 Apr 10 2007 "C:\WINDOWS\bak\vVX3000.exe"
709992 Apr 10 2007 "C:\WINDOWS\system32\DRVSTORE\VX3000_8C2D2A241B53D9C83A931623F8898B582C368FB7\vVX3000.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
1095256 Oct 30 2007 "C:\Program Files\DISC\DISCover.exe"
1095256 Oct 30 2007 "C:\Program Files\DISC\bak\DISCover.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 4 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
279912 May 17 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
42 Feb 5 2008 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.csv"
42 Feb 5 2008 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv"
249856 Feb 15 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 15 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
180269 Dec 19 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Dec 19 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"


end of report

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:33 PM

Posted 26 April 2008 - 10:19 AM

Good morning. :blink: I stayed up way too late last night. :thumbsup:

Glad it reset itself....usually when that happens with the clock another full run and a reboot with ComboFix sets it to right.

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\WINDOWS\bak
C:\Program Files\AIM\bak
C:\Program Files\DISC\bak
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\iTunes\bak
C:\Program Files\Microsoft LifeCam\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Common Files\Real\Update_OB\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 flyglasses

flyglasses
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 26 April 2008 - 01:03 PM

Here is the log.

Also I was wrong about the time resetting. It was in the morning so the military and standard time are the same. I looked at manually resetting, but I can not see how to get it back into AM/PM format. As you can see by the date stamp on the log, it is still in military time.

Thanks

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2008-04-26
The current time is: 14:00:34.04


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users