Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups In Ie


  • Please log in to reply
30 replies to this topic

#1 ATA Dave

ATA Dave

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 06 May 2008 - 12:22 PM

Hi,

My name is Dave and I am new to this site. I have a HP Pavilion notebook with a Vista OS.

I am consistently bothered by the most aggressive pop-ups I have ever seen. I use Internet Explorer (IE) exclusively as my web browser. The program will actually open IE on its own. While I am browsing, sometimes it completely redirects my page, and sometimes it opens an additional tab. At all times, when it becomes active, I see a miniature IE page (about the size of a quarter) in the upper left corner of my display. In the address bar of this miniature IE page are the words “about:blank”.

Because this has been going on for 3-4 weeks now, it is difficult to determine the date that my problems first appeared. I can tell you that immediately after these symptoms appeared, I completed a couple of system restores - no change. I use McAfee because it comes free with my AOL subscription. Obviously McAfee did not catch this one. I thought I would give PCSafe a try so I purchased and installed - no help.

The only thing I remember about when this first started is that I was browsing for a free program that would keep the clock on my computer updated. I think I probably Googled "computer clock". I found and tried to install such a program, but I didn't think I was successful. My problems started immediately thereafter, but I don't remember the name of this program. At one time, I saw one instance of what looked like a small program icon. It had an oriental sounding name that began with an "R", like "reykin" or "reku" or something. I cannot find this program listed in any directory.

I never pay any attention to the pop-ups. (My method of retaliation perhaps.) I can certainly start paying attention if this will help identify the malware. I know I have seen multiple ads for the iPhone. Another common pop-up is an IE page divided into 4 equal parts with 4 different ads.

This morning I paid more attention to the content of the pop-ups. This is what I observed:

With an IE address of: <http://amrxchange.com/logitech1.html> This appeared to be a cell phone offer from the “Orange Network”.

<http://ww2.degreeusa.com> When I attempted to close this one, I got what appeared to be a windows vista generated message that read: “Are you sure you want to navigate away from this page? We have more offers that you may be interested in.”

When I attempted to close one from: hartnetworkorg/secure.cgi?ps8pfizt I got a message that read: “website wants to run the following add-on: ‘SB’ from AOL,LLC. (Unverified publisher)”

An advertisement for: Nubella

An advertisement for: newcondosonline.com

I frequently see a “send message” type window. At the top, it has buttons arranged vertically for To:, Cc:, and Bcc: - at the bottom, horizontal buttons for Help, Send, Cancel – in place of what would be the message body is a series of symmetrical squiggly lines.

Tech support at PCSafe advised me to run ComboFix and post the results here. I followed the advice in the tutorial as best I could, but I was not able to boot in the Vista Recovery Environment. The program appeared to run as advertised with the exception that when the program finished running, it rebooted my computer and I had to search for the results. I will post these results when/if advised.

Results from a Deckard’s scan as well as a Kaspersky scan follow.

Thank you very much for any help you can provide.



Deckard's System Scanner v20071014.68
Run by cadave on 2008-05-06 12:55:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
22: 2008-05-05 17:50:52 UTC - RP222 - ComboFix created restore point
21: 2008-05-04 18:40:12 UTC - RP221 - Scheduled Checkpoint
20: 2008-05-03 14:29:34 UTC - RP220 - Scheduled Checkpoint
19: 2008-05-02 17:09:04 UTC - RP219 - Scheduled Checkpoint
18: 2008-05-01 15:48:01 UTC - RP218 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-04-20 13:49:37 UTC - RP200 - Configured Logbook Pro Pocket PC Companion


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as cadave.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59, on 2008-05-06
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\aol\1187319687\ee\aolsoftware.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Users\cadave\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cadave.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duats.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.1:9888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [combofix] C:\Windows\system32\CF20902.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11351 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-16 23:38:36 354 --a------ C:\Windows\Tasks\McQcTask.job
2007-08-16 23:38:36 352 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 12:59:35 0 d-------- C:\Program Files\Trend Micro
2008-05-06 10:31:33 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-05 13:54:59 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-05 13:50:20 68096 --a------ C:\Windows\zip.exe
2008-05-05 13:50:20 49152 --a------ C:\Windows\VFind.exe
2008-05-05 13:50:20 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-05 13:50:20 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-05 13:50:20 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-05 13:50:20 98816 --a------ C:\Windows\sed.exe
2008-05-05 13:50:20 80412 --a------ C:\Windows\grep.exe
2008-05-05 13:50:20 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-18 17:47:09 0 d-------- C:\Windows\system32\URTTEMP
2008-04-08 20:14:39 0 d-------- C:\Program Files\Route Browser
2008-04-08 20:03:07 0 d-------- C:\Program Files\Logbook Pro


-- Find3M Report ---------------------------------------------------------------

2008-05-06 08:33:19 0 d-------- C:\Users\cadave\AppData\Roaming\skypePM
2008-05-06 08:32:55 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.001
2008-05-05 22:08:25 836 --a------ C:\Windows\bthservsdp.dat
2008-05-05 18:11:48 0 d-------- C:\Users\cadave\AppData\Roaming\McAfee
2008-05-05 09:00:50 0 d-------- C:\Program Files\AdwareFilter
2008-05-02 22:21:38 0 d-------- C:\Users\cadave\AppData\Roaming\Skype
2008-04-30 18:48:29 0 d-------- C:\Users\cadave\AppData\Roaming\MSN6
2008-04-30 18:13:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 10:38:36 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.dat
2008-04-20 10:14:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 09:01:00 0 d-------- C:\Program Files\Microsoft.NET
2008-04-17 08:31:01 0 d-------- C:\Program Files\SkyGuide PocketFly Timetable
2008-04-09 09:05:59 0 d-------- C:\Program Files\Windows Mail
2008-04-04 13:23:47 96629 --a------ C:\Windows\hpqins16.dat
2008-04-04 13:23:36 0 d-------- C:\Program Files\Hp
2008-04-04 13:23:36 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-26 10:01:27 0 d-------- C:\Program Files\Java
2008-03-21 19:07:04 0 d-------- C:\Program Files\Google
2008-03-21 16:19:38 0 d-------- C:\Program Files\Skype
2008-03-21 16:19:34 0 d-------- C:\Program Files\Common Files
2008-03-21 16:19:34 0 d-------- C:\Program Files\Common Files\Skype
2008-03-21 09:22:59 0 d-------- C:\Program Files\Synaptics
2008-03-21 05:21:36 0 d-------- C:\Program Files\MP4 Player
2008-03-21 05:21:35 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-21 05:21:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 09:56:37 0 d-------- C:\Program Files\McAfee
2008-03-03 12:41:20 2540 --a------ C:\Windows\unins000.dat
2008-03-03 12:23:50 691545 --a------ C:\Windows\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 18:46]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 00:43]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 15:38 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 20:45]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 13:58]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 15:12]
"HostManager"="C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe" [2006-09-25 20:52]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-10-18 12:08]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 09:40]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 09:40]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 09:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29]
"combofix"="C:\Windows\system32\CF20902.exe" [2006-11-02 05:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 22:16]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 18:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 10:05]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 09:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [2008-04-03 15:19:36]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76cdd403-c9ba-11dc-b4cf-001a6b813aca}]
AutoRun\command- F:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-06 13:02:29 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1982 MiB / 1023.39 MiB
Pagefile Memory (total/avail): 4182.15 MiB / 3094.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.97 MiB

C: is Fixed (NTFS) - 140.86 GiB total, 89.67 GiB free.
D: is Fixed (NTFS) - 8.19 GiB total, 1.5 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2160BH PL SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.86 GiB - C:
\PARTITION1 - Installable File System - 8.19 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee) Disabled
AV: McAfee VirusScan v (McAfee) Disabled
AS: McAfee VirusScan v (McAfee) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\cadave\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\cadave
LOCALAPPDATA=C:\Users\cadave\AppData\Local
LOGONSERVER=\\DAVE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;c:\Program Files\Bioscrypt\VeriSoft\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\cadave\AppData\Local\Temp
TMP=C:\Users\cadave\AppData\Local\Temp
USERDOMAIN=Dave-PC
USERNAME=cadave
USERPART=E:
USERPROFILE=C:\Users\cadave
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

cadave


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
1-Calc (Pocket PC) from Omega One --> c:\Program Files\Omega One\Calc-PPC\setup.exe -u
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Airport Insight --> C:\Windows\iun507.exe C:\Program Files\Airport Insight\irunin.ini
Airport Insight for PocketPC 1.07 --> C:\Windows\iun6002.exe "C:\Program Files\Airport Insight for PocketPC\irunin.ini"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AT&T Communication Manager --> MsiExec.exe /X{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}
ATA ALPA Consolidated Contract (Red Book) --> C:\Windows\uninst.exe -f"C:\Program Files\ATA ALPA 2007\DeIsL1.isu" -c"C:\Program Files\ATA ALPA 2007\_ISREG32.DLL"
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{55CABB2F-4513-4FF1-B912-B45F93FC5B01}
Business Contact Manager for Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Driver Installer --> MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
eFAD2Go --> C:\Windows\WindowsMobile\eFAD2Go\Uninstall.exe eFAD2Go
ESU for Microsoft Vista --> MsiExec.exe /X{88A548E6-4B09-43E7-AD55-3C7D1B37706D}
Fizz Traveller 2 --> C:\Windows\WindowsMobile\Fizz Traveller 2\Uninstall.exe Fizz Traveller 2
FlightCentral Route Browser --> MsiExec.exe /I{5FD59F5F-DA61-4321-BA4A-CD2DF6272688}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{E59A46D4-699C-4DC8-969F-DAC3395B4543}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Imaging Device Functions 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP OCR Software 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Essential 2.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Solution Center 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor --> MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0034 --> MsiExec.exe /I{1B210DDA-6402-47F6-8CE4-BB8BB19809B9}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.2.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Logbook Pro for Windows --> C:\Program Files\InstallShield Installation Information\{5BCB8AF9-C74D-42CA-B194-705B083DF242}\setup.exe -runfromtemp -l0x0409
Logbook Pro Pocket PC Companion --> C:\Program Files\InstallShield Installation Information\{11C66698-CB58-449C-A041-3EC86C1AA9D2}\setup.exe -runfromtemp -l0x0409
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Easy Assist --> MsiExec.exe /I{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Outlook Connector --> MsiExec.exe /I{95120000-011C-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007 --> MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
MP4 Player --> C:\Program Files\MP4 Player\uninst.exe
MSCU for Microsoft Vista --> MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PCSafe Adware Filter --> C:\Program Files\AdwareFilter\AdwareFilter-uninst.exe
Photo Contacts PRO --> C:\Windows\WindowsMobile\Photo Contacts PRO\Uninstall.exe Photo Contacts PRO
Pocket Earth 3.4 --> C:\Windows\WindowsMobile\Pocket Earth 3.4\Uninstall.exe Pocket Earth 3.4
Pocket World Info 4.0 --> C:\Windows\WindowsMobile\Pocket World Info 4.0\Uninstall.exe Pocket World Info 4.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies --> C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SkyGuide PocketFly (sm) Timetable --> "C:\Program Files\SkyGuide PocketFly Timetable\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
VeriSoft Access Manager --> rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {D83899AB-9964-4CFC-A246-F1BD430A455F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WordBook for PocketPC --> C:\Windows\WindowsMobile\WordBook for PocketPC\Uninstall.exe WordBook for PocketPC


-- Application Event Log -------------------------------------------------------

Event Record #/Type63590 / Success
Event Submitted/Written: 05/06/2008 08:30:33 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type63589 / Success
Event Submitted/Written: 05/06/2008 08:30:33 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type63586 / Warning
Event Submitted/Written: 05/06/2008 08:30:32 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Event Record #/Type63579 / Success
Event Submitted/Written: 05/06/2008 08:30:25 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type63567 / Warning
Event Submitted/Written: 05/05/2008 10:08:16 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1743218251-2031422498-863657086-1000_Classes:
Process 1916 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1743218251-2031422498-863657086-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type109317 / Error
Event Submitted/Written: 05/06/2008 08:32:07 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
vkquwexg

Event Record #/Type109316 / Error
Event Submitted/Written: 05/06/2008 08:32:07 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Event Record #/Type109315 / Error
Event Submitted/Written: 05/06/2008 08:32:06 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
CyberLink Background Capture Service (CBCS)

Event Record #/Type109226 / Error
Event Submitted/Written: 05/06/2008 08:31:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
{C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

Event Record #/Type109225 / Warning
Event Submitted/Written: 05/06/2008 08:30:38 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.



-- End of Deckard's System Scanner: finished at 2008-05-06 13:02:29 ------------



KASPERSKY ONLINE SCANNER REPORT
2008-05-06 12:27
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/05/2008
Kaspersky Anti-Virus database records: 742374


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 139321
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:20:49

Infected Object Name Virus Name Last Action
C:\boot\bcd Object is locked skipped

C:\boot\BCD.LOG Object is locked skipped

C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped

C:\ProgramData\McAfee\MNA\NAData Object is locked skipped

C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped

C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\ProgramData\McAfee\MSC\Logs\{D9433D75-3367-4559-9084-18B97E7B96C0}.log Object is locked skipped

C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped

C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped

C:\System.sav\util\App.Evt Object is locked skipped

C:\System.sav\util\Sec.Evt Object is locked skipped

C:\System.sav\util\Sys.Evt Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008050620080507\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\UsrClass.dat{977ff4be-4cc1-11dc-af85-001a6b813aca}.TM.blf Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\UsrClass.dat{977ff4be-4cc1-11dc-af85-001a6b813aca}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows\UsrClass.dat{977ff4be-4cc1-11dc-af85-001a6b813aca}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness.ldf Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness.mdf Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\InputPersonalization\edb.log Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\InputPersonalization\tmp.edb Object is locked skipped

C:\Users\cadave\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\cadave\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Users\cadave\AppData\Local\Temp\Low\~DF9283.tmp Object is locked skipped

C:\Users\cadave\AppData\Local\Temp\~DF64D8.tmp Object is locked skipped

C:\Users\cadave\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\cadave\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\call256.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\callmember256.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\chat512.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\chatmember256.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\chatmsg256.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\chatmsg512.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\contactgroup256.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\dyncontent\bundle.dat Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\index2.dat Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\profile16384.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\user1024.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\user16384.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\user256.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\user4096.dbb Object is locked skipped

C:\Users\cadave\AppData\Roaming\Skype\dave_withers\voicemail256.dbb Object is locked skipped

C:\Users\cadave\ntuser.dat Object is locked skipped

C:\Users\cadave\ntuser.dat.LOG1 Object is locked skipped

C:\Users\cadave\ntuser.dat.LOG2 Object is locked skipped

C:\Users\cadave\ntuser.dat{abf767e5-16ff-11dd-8e38-001a6b813aca}.TM.blf Object is locked skipped

C:\Users\cadave\ntuser.dat{abf767e5-16ff-11dd-8e38-001a6b813aca}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\cadave\ntuser.dat{abf767e5-16ff-11dd-8e38-001a6b813aca}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\Logs\CBS\CBS.log Object is locked skipped

C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped

C:\Windows\Logs\DPX\setupact.log Object is locked skipped

C:\Windows\Logs\DPX\setuperr.log Object is locked skipped

C:\Windows\MEMORY.DMP Object is locked skipped

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped

C:\Windows\panther\diagerr.xml Object is locked skipped

C:\Windows\panther\diagwrn.xml Object is locked skipped

C:\Windows\panther\setupact.log Object is locked skipped

C:\Windows\panther\setuperr.log Object is locked skipped

C:\Windows\panther\UnattendGC\diagerr.xml Object is locked skipped

C:\Windows\panther\UnattendGC\diagwrn.xml Object is locked skipped

C:\Windows\panther\UnattendGC\setupact.log Object is locked skipped

C:\Windows\panther\UnattendGC\setuperr.log Object is locked skipped

C:\Windows\security\database\secedit.sdb Object is locked skipped

C:\Windows\SoftwareDistribution\EventCache\{B12E4FA8-E81D-4885-A155-BB64F0019C4A}.bin Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\components Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\default Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\sam Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\security Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\software Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\system Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{abf767ca-16ff-11dd-8e38-001a6b813aca}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{abf767ca-16ff-11dd-8e38-001a6b813aca}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{abf767ca-16ff-11dd-8e38-001a6b813aca}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{abf767ca-16ff-11dd-8e38-001a6b813aca}.TxR.blf Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped

C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\10A9EB2C94277C0A1A6143B54809F210.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\8A20D7181B570E2E2142FB6261D170A2.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\VeriSoft.evtx Object is locked skipped

C:\Windows\Tasks\McDefragTask.job Object is locked skipped

C:\Windows\Tasks\McQcTask.job Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\Temp\HPSLPS003.log Object is locked skipped

C:\Windows\Temp\mcafee_QY1vc0h5jperFfV Object is locked skipped

C:\Windows\Temp\mcafee_twswoN3Awysthkf Object is locked skipped

C:\Windows\Temp\mcmsc_3hDQSRjwnAy5Vf3 Object is locked skipped

C:\Windows\Temp\mcmsc_gbP3umdfkOHNiRk Object is locked skipped

C:\Windows\Temp\mcmsc_NIrGc8UcdI5eOUI Object is locked skipped

C:\Windows\Temp\mcmsc_rHqyshoHT0cGdNS Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

Deactivated links. ~ OB

Edited by Orange Blossom, 06 May 2008 - 07:12 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:15 AM

Posted 29 May 2008 - 11:19 AM

Hello ATA Dave,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:15 AM

Posted 13 June 2008 - 10:18 PM

Hello ATA Dave,

I deleted your new topic which you created today. It was an exact duplicate of the one you posted May 6. Indeed, you copied and pasted your first post to create the second. Please create a NEW HiJack This log and post it as a reply to THIS thread using the Add Reply button at the bottom of the topic. Creating new topics creates confusion and delays the assistance you receive.

Back to you Teacup.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 14 June 2008 - 09:59 PM

As requested, a fresh scan follows. Thanks for your help!


Deckard's System Scanner v20071014.68
Run by cadave on 2008-06-14 22:20:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
26: 2008-06-14 13:20:59 UTC - RP261 - Scheduled Checkpoint
25: 2008-06-13 14:27:53 UTC - RP260 - Scheduled Checkpoint
24: 2008-06-12 13:49:38 UTC - RP259 - Scheduled Checkpoint
23: 2008-06-11 07:00:53 UTC - RP258 - Windows Update
22: 2008-06-10 23:10:36 UTC - RP257 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-05-21 23:08:00 UTC - RP236 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as cadave.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:42 PM, on 6/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\aol\1187319687\ee\aolsoftware.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\system32\wuauclt.exe
C:\Users\cadave\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cadave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duats.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.1:9888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10856 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 2420
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp LaserJet 2420
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-16 23:38:36 354 --a------ C:\Windows\Tasks\McQcTask.job
2007-08-16 23:38:36 352 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-05-30 15:22:31 0 d-------- C:\Garmin


-- Find3M Report ---------------------------------------------------------------

2008-06-14 16:08:04 0 d-------- C:\Users\cadave\AppData\Roaming\skypePM
2008-06-14 08:34:52 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.001
2008-06-13 22:19:29 836 --a------ C:\Windows\bthservsdp.dat
2008-06-13 07:15:15 0 d-------- C:\Program Files\AdwareFilter
2008-06-11 03:12:26 0 d-------- C:\Program Files\Windows Mail
2008-06-10 15:42:41 0 d-------- C:\Program Files\SkyGuide PocketFly Timetable
2008-06-10 15:26:00 0 d-------- C:\Program Files\Airport Insight for PocketPC
2008-06-09 07:23:56 0 d-------- C:\Users\cadave\AppData\Roaming\Skype
2008-06-07 12:07:20 0 --a------ C:\Users\cadave\AppData\Roaming\wklnhst.dat
2008-06-07 11:22:07 130887 --a------ C:\Windows\hpoins18.dat
2008-05-30 07:58:59 0 d-------- C:\Program Files\McAfee
2008-05-30 07:48:33 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-12 19:11:17 0 d-------- C:\Users\cadave\AppData\Roaming\MSN6
2008-05-06 12:59:35 0 d-------- C:\Program Files\Trend Micro
2008-05-05 18:11:48 0 d-------- C:\Users\cadave\AppData\Roaming\McAfee
2008-04-30 18:13:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 10:38:36 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.dat
2008-04-20 10:21:20 0 d-------- C:\Program Files\Logbook Pro
2008-04-20 10:14:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 09:01:00 0 d-------- C:\Program Files\Microsoft.NET
2008-04-18 21:42:18 0 d-------- C:\Program Files\Route Browser
2008-04-04 13:23:47 96629 --a------ C:\Windows\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/16/2007 06:46 PM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/09/2006 12:43 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 03:38 PM C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 08:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 01:58 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 07:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 03:12 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"@"="" []
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [10/18/2007 12:08 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 09:40 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 09:40 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 09:40 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/14/2007 07:29 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/11/2008 10:16 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 06:23 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/2005 10:05 AM]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [09/19/2007 09:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [11/10/2006 08:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [4/3/2008 3:19:36 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/20/2006 12:27:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76cdd403-c9ba-11dc-b4cf-001a6b813aca}]
AutoRun\command- F:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-14 22:28:03 ------------


extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1982 MiB / 1046.7 MiB
Pagefile Memory (total/avail): 4182.15 MiB / 2975.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.04 MiB

C: is Fixed (NTFS) - 140.86 GiB total, 87.73 GiB free.
D: is Fixed (NTFS) - 8.19 GiB total, 1.29 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2160BH PL SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.86 GiB - C:
\PARTITION1 - Installable File System - 8.19 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\cadave\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\cadave
LOCALAPPDATA=C:\Users\cadave\AppData\Local
LOGONSERVER=\\DAVE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Bioscrypt\VeriSoft\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\cadave\AppData\Local\Temp
TMP=C:\Users\cadave\AppData\Local\Temp
USERDOMAIN=Dave-PC
USERNAME=cadave
USERPART=E:
USERPROFILE=C:\Users\cadave
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

cadave


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
1-Calc (Pocket PC) from Omega One --> c:\Program Files\Omega One\Calc-PPC\setup.exe -u
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Airport Insight --> C:\Windows\iun507.exe C:\Program Files\Airport Insight\irunin.ini
Airport Insight for PocketPC 1.07 --> C:\Windows\iun6002.exe "C:\Program Files\Airport Insight for PocketPC\irunin.ini"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AT&T Communication Manager --> MsiExec.exe /X{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}
ATA ALPA Consolidated Contract (Red Book) --> C:\Windows\uninst.exe -f"C:\Program Files\ATA ALPA 2007\DeIsL1.isu" -c"C:\Program Files\ATA ALPA 2007\_ISREG32.DLL"
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{55CABB2F-4513-4FF1-B912-B45F93FC5B01}
Business Contact Manager for Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Driver Installer --> MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
eFAD2Go --> C:\Windows\WindowsMobile\eFAD2Go\Uninstall.exe eFAD2Go
ESU for Microsoft Vista --> MsiExec.exe /X{88A548E6-4B09-43E7-AD55-3C7D1B37706D}
Fizz Traveller 2 --> C:\Windows\WindowsMobile\Fizz Traveller 2\Uninstall.exe Fizz Traveller 2
FlightCentral Route Browser --> MsiExec.exe /I{5FD59F5F-DA61-4321-BA4A-CD2DF6272688}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{E59A46D4-699C-4DC8-969F-DAC3395B4543}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Imaging Device Functions 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP OCR Software 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Essential 2.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Solution Center 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor --> MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0034 --> MsiExec.exe /I{1B210DDA-6402-47F6-8CE4-BB8BB19809B9}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.2.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logbook Pro for Windows --> C:\Program Files\InstallShield Installation Information\{5BCB8AF9-C74D-42CA-B194-705B083DF242}\setup.exe -runfromtemp -l0x0409
Logbook Pro Pocket PC Companion --> C:\Program Files\InstallShield Installation Information\{11C66698-CB58-449C-A041-3EC86C1AA9D2}\setup.exe -runfromtemp -l0x0409
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Easy Assist --> MsiExec.exe /I{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Outlook Connector --> MsiExec.exe /I{95120000-011C-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007 --> MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
MP4 Player --> C:\Program Files\MP4 Player\uninst.exe
MSCU for Microsoft Vista --> MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PCSafe Adware Filter --> C:\Program Files\AdwareFilter\AdwareFilter-uninst.exe
Photo Contacts PRO --> C:\Windows\WindowsMobile\Photo Contacts PRO\Uninstall.exe Photo Contacts PRO
Pocket Earth 3.4 --> C:\Windows\WindowsMobile\Pocket Earth 3.4\Uninstall.exe Pocket Earth 3.4
Pocket World Info 4.0 --> C:\Windows\WindowsMobile\Pocket World Info 4.0\Uninstall.exe Pocket World Info 4.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies --> C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SkyGuide PocketFly (sm) Timetable --> "C:\Program Files\SkyGuide PocketFly Timetable\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VeriSoft Access Manager --> rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {D83899AB-9964-4CFC-A246-F1BD430A455F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WordBook for PocketPC --> C:\Windows\WindowsMobile\WordBook for PocketPC\Uninstall.exe WordBook for PocketPC


-- Application Event Log -------------------------------------------------------

Event Record #/Type71684 / Error
Event Submitted/Written: 06/14/2008 07:12:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16681 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1628
Start Time: 01c8ce73e8717650
Termination Time: 98

Event Record #/Type71600 / Success
Event Submitted/Written: 06/14/2008 08:32:42 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type71599 / Success
Event Submitted/Written: 06/14/2008 08:32:42 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type71596 / Warning
Event Submitted/Written: 06/14/2008 08:32:41 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Event Record #/Type71593 / Success
Event Submitted/Written: 06/14/2008 08:32:36 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type127303 / Warning
Event Submitted/Written: 06/14/2008 11:38:04 AM
Event ID/Source: 134 / W32Time
Event Description:
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Event Record #/Type127240 / Error
Event Submitted/Written: 06/14/2008 08:34:07 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Event Record #/Type127239 / Error
Event Submitted/Written: 06/14/2008 08:34:06 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
CyberLink Background Capture Service (CBCS)

Event Record #/Type127151 / Warning
Event Submitted/Written: 06/13/2008 10:19:32 PM
Event ID/Source: 10002 / Microsoft-Windows-WLAN-AutoConfig
Event Description:
C:\Windows\System32\bcmihvsrv.dll

Event Record #/Type127129 / Warning
Event Submitted/Written: 06/13/2008 10:11:21 PM
Event ID/Source: 134 / W32Time
Event Description:
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)



-- End of Deckard's System Scanner: finished at 2008-06-14 22:28:03 ------------


Kaspersky scan: This scan ran for around two hours and got to approximately 46%. I checked it a moment later and it indicated “scan complete”. It indicated it scanned around 157,000 files, but the report on this scan was completely blank. I am unsure as to if this scan completed correctly.

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:15 AM

Posted 15 June 2008 - 11:10 AM

Hello Dave,

I see you've had ComboFix before. If you still have it, please delete it and C:\Qoobox, then reboot your computer. It's been updated since then, several times. Grab a fresh one :

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 15 June 2008 - 01:26 PM

As requested, a new combofix log follows. The program rebooted my computer towards the end of the process, but this was not mentioned in the instructions. Also, I do not have a CD so I was not able to enter the “Vista Recovery Environment” mentioned in these same instructions.

I also ran hijackThis again and its log follows as well.

Thank you very much,
Dave

Combofix log 6/15/08:



ComboFix 08-06-12.2 - cadave 2008-06-15 13:43:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1181 [GMT -4:00]
Running from: C:\Users\cadave\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 13:17 --------- d-----w C:\Users\cadave\AppData\Roaming\skypePM
2008-06-13 11:15 --------- d-----w C:\Program Files\AdwareFilter
2008-06-11 07:12 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 19:42 --------- d-----w C:\Program Files\SkyGuide PocketFly Timetable
2008-06-10 19:26 --------- d-----w C:\Program Files\Airport Insight for PocketPC
2008-06-09 11:23 --------- d-----w C:\Users\cadave\AppData\Roaming\Skype
2008-06-07 16:07 0 ----a-w C:\Users\cadave\AppData\Roaming\wklnhst.dat
2008-05-30 11:58 --------- d-----w C:\Program Files\McAfee
2008-05-30 11:48 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-15 12:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-12 23:11 --------- d-----w C:\Users\cadave\AppData\Roaming\MSN6
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-10 00:43 --------- d-----w C:\ProgramData\AOL
2008-05-06 16:59 --------- d-----w C:\Program Files\Trend Micro
2008-05-05 22:11 --------- d-----w C:\Users\cadave\AppData\Roaming\McAfee
2008-05-05 22:11 --------- d-----w C:\ProgramData\McAfee
2008-04-30 22:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-20 14:38 13,072 ----a-w C:\Users\cadave\AppData\Roaming\nvModes.dat
2008-04-20 14:21 --------- d-----w C:\Program Files\Logbook Pro
2008-04-20 14:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 13:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-19 01:42 --------- d-----w C:\Program Files\Route Browser
2008-03-21 20:23 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-21 20:23 32 ----a-w C:\ProgramData\ezsid.dat
2007-09-01 14:46 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 22:16 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 18:23 1773568]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 10:05 6856704]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 09:00 639488]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 00:43 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 15:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 20:45 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 13:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 15:12 17920]
"HostManager"="C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-10-18 12:08 33280]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 09:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 09:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 09:40 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [2008-04-03 15:19:36 4564280]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{250BB2DB-608B-4C35-BBAF-B35A44314358}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3A5BBDC5-80B5-4461-B61F-C303D435C714}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{14964889-220B-4E71-AF6B-8A0D0F40D4DB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A1CBAB0B-30A1-4A5D-9857-60EA26E5BD65}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9ED93697-65E7-4EE2-8CE7-0B90D63529D4}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A0684517-0A59-42E2-9B37-0FCA0D8B8D3F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{44D2EFCF-190B-42A7-ACC7-A86181E6B04E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{599EF52C-B1B5-4C5C-8CF6-CDE137995A36}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FAC4C87F-83DA-40E8-A8CF-FCFED1CD6C22}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{14CD316C-8C8E-4C85-9BF7-B6549DAD7096}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{74572D20-8C45-47F1-AA38-171A2A434DB3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F6EEBE13-2CD9-4539-95BA-C8E941865389}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{62C5F42D-C687-454F-AF88-03BE2B8601A5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{7C8A8C78-FDF5-40FF-86FB-DD7087AB4E3F}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{5C901176-ACE1-4C15-80F8-0D7EF04BEAFF}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{B89FDA39-AD15-4802-942E-2681800FB98A}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{A2AA0C1D-7424-4D11-B300-6EDE39497F84}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{3AE8BF1C-7117-46BE-B27B-FBA10271ED6C}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{EAC55FEE-419C-4E30-A396-58872A5A9504}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{596138E1-480C-4B50-A4AC-A4D54F005C92}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{A5C796F9-8056-49DB-B576-8D5FA92A989C}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{75A89F5C-0B2B-468C-A246-9B684FB240E2}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{18B83E7B-DD56-472F-B294-047702F30FD9}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{080194D3-4667-45BB-9934-E3027D943EB4}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{C94C19E8-90DA-4A2B-A143-835BA26F1E6B}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{38581D0D-6C08-415E-8719-AA4D3127D73C}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{188E7332-5640-4EB2-A54B-0FBF093F18F0}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{478333B5-14CA-4720-B57B-F4700B7CA2F4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4659CB31-9D28-4DCF-B07E-80D7BB660D09}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{7879B34D-8EDB-4696-B23B-2780784FB9E1}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8F67C23F-6DF7-4AE4-BD90-B76849ED2DCD}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E5248C86-ECA4-4803-A3C7-C01966FD828E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B9603CF5-4795-48B2-A713-67256FAE97E3}"= Disabled:UDP:C:\Users\cadave\AppData\Local\Temp\7zS6A42.tmp\setup\HPZnui01.exe:hpznui01.exe
"{564C3D4A-BFF9-4559-9E1C-36CAD2AED937}"= Disabled:TCP:C:\Users\cadave\AppData\Local\Temp\7zS6A42.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{D0A14180-D8C6-4AC3-8745-800C3FB3A6FA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CEEF74A9-8371-4455-AD79-A9294764438A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{8D073CB7-754A-4231-B9DF-79A8A2C86B1B}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CD9ABAEB-6DD0-4ECB-B3D6-CF01F71FE7AB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{72C3B187-6BD0-4462-9E94-4F62FD109FBC}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{02F90B8B-00A2-4E35-A95C-5BB6639CDAA0}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{C950D1EC-66F8-4BA5-9443-CA61080FE149}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{D6AAE733-D3CC-4DE6-86B5-D153B0FA0083}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 05:45]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 05:45]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 06:45]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 06:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 06:45]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 swmsflt;swmsflt;C:\Windows\system32\drivers\swmsflt.sys [2007-10-18 12:08]
S3 ATTRcAppSvc;AT&T RcAppSvc;"C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" []
S3 CAATT;AT&T Con App Svc;"C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76cdd403-c9ba-11dc-b4cf-001a6b813aca}]
\shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 03:38:36 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-08-17 03:38:36 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 13:51:50
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
.
**************************************************************************
.
Completion time: 2008-06-15 14:02:01 - machine was rebooted [cadave]
ComboFix-quarantined-files.txt 2008-06-15 18:01:50

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

223 --- E O F --- 2008-06-15 13:22:55


Hijack this log 6/15/08


Deckard's System Scanner v20071014.68
Run by cadave on 2008-06-15 14:14:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as cadave.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:54 PM, on 6/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\aol\1187319687\ee\aolsoftware.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cadave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cadave.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duats.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.1:9888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10494 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 13:48:04 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-15 13:42:32 68096 --a------ C:\Windows\zip.exe
2008-06-15 13:42:32 49152 --a------ C:\Windows\VFind.exe
2008-06-15 13:42:32 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 13:42:32 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 13:42:32 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 13:42:32 98816 --a------ C:\Windows\sed.exe
2008-06-15 13:42:32 80412 --a------ C:\Windows\grep.exe
2008-06-15 13:42:32 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-30 15:22:31 0 d-------- C:\Garmin


-- Find3M Report ---------------------------------------------------------------

2008-06-15 13:51:35 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.001
2008-06-15 13:49:12 836 --a------ C:\Windows\bthservsdp.dat
2008-06-15 09:17:05 0 d-------- C:\Users\cadave\AppData\Roaming\skypePM
2008-06-13 07:15:15 0 d-------- C:\Program Files\AdwareFilter
2008-06-11 03:12:26 0 d-------- C:\Program Files\Windows Mail
2008-06-10 15:42:41 0 d-------- C:\Program Files\SkyGuide PocketFly Timetable
2008-06-10 15:26:00 0 d-------- C:\Program Files\Airport Insight for PocketPC
2008-06-09 07:23:56 0 d-------- C:\Users\cadave\AppData\Roaming\Skype
2008-06-07 12:07:20 0 --a------ C:\Users\cadave\AppData\Roaming\wklnhst.dat
2008-06-07 11:22:07 130887 --a------ C:\Windows\hpoins18.dat
2008-05-30 07:58:59 0 d-------- C:\Program Files\McAfee
2008-05-30 07:48:33 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-12 19:11:17 0 d-------- C:\Users\cadave\AppData\Roaming\MSN6
2008-05-06 12:59:35 0 d-------- C:\Program Files\Trend Micro
2008-05-05 18:11:48 0 d-------- C:\Users\cadave\AppData\Roaming\McAfee
2008-04-30 18:13:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 10:38:36 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.dat
2008-04-20 10:21:20 0 d-------- C:\Program Files\Logbook Pro
2008-04-20 10:14:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 09:01:00 0 d-------- C:\Program Files\Microsoft.NET
2008-04-18 21:42:18 0 d-------- C:\Program Files\Route Browser
2008-04-04 13:23:47 96629 --a------ C:\Windows\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/09/2006 12:43 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 03:38 PM C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 08:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 01:58 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 07:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 03:12 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [10/18/2007 12:08 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 09:40 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 09:40 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 09:40 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/14/2007 07:29 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/11/2008 10:16 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 06:23 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/2005 10:05 AM]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [09/19/2007 09:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [4/3/2008 3:19:36 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/20/2006 12:27:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76cdd403-c9ba-11dc-b4cf-001a6b813aca}]
AutoRun\command- F:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-15 14:15:30 ------------

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:15 AM

Posted 15 June 2008 - 01:54 PM

Hello,

I see entries for Symantec......did you used to use it? If you don't any more, please let me know. Same for Earthlink.....I see it and AOL. Do you use them both....neither....? How is it running?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 15 June 2008 - 02:09 PM

Symantec: I used to use Norton Antivirus but do not use it any longer. I don’t remember when I stopped but this is a fairly new lap top and don’t remember ever using it on this machine. I stopped using it because my wife is an AOL customer and therefore is supplied with McAfee.

AOL: This is installed only for the McAfee. I am not an AOL user.

Earthlink: I have never used this program

I don’t have any idea how any of these are running as I don’t use them. In an effort to get rid of my problems, I purchased and installed PCSafe. This had no effect. When I inquired with them, they suggested you.

I’m assuming no easy or obvious spyware/malware was evident?

Thanks,
Dave

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:15 AM

Posted 15 June 2008 - 02:28 PM

Hello,

No, nothing evident. Are you still getting the popups? Still ways to look. :thumbsup: For Symantec:

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Uninstall anything from Earthlink in Add/Remove in your Control Panel, then Reboot.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 15 June 2008 - 03:03 PM

Thank you so much for your help on this. New logs follow. As for the Norton removal, I have to choose between 9 options. No mention of any Norton products or Earthlink are found in the uninstall registry

Thank you, thank you, thank you!

Malwarebytes' Anti-Malware 1.17
Database version: 857

3:56:18 PM 6/15/2008
mbam-log-6-15-2008 (15-56-18).txt

Scan type: Quick Scan
Objects scanned: 38264
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


NEW HIJACKTHIS LOG

Deckard's System Scanner v20071014.68
Run by cadave on 2008-06-15 15:58:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as cadave.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:22 PM, on 6/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\aol\1187319687\ee\aolsoftware.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AdwareFilter\adwarefilter.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cadave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cadave.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duats.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.1:9888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10449 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 15:47:45 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-15 15:47:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 13:48:04 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-15 13:42:32 68096 --a------ C:\Windows\zip.exe
2008-06-15 13:42:32 49152 --a------ C:\Windows\VFind.exe
2008-06-15 13:42:32 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 13:42:32 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 13:42:32 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 13:42:32 98816 --a------ C:\Windows\sed.exe
2008-06-15 13:42:32 80412 --a------ C:\Windows\grep.exe
2008-06-15 13:42:32 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-30 15:22:31 0 d-------- C:\Garmin


-- Find3M Report ---------------------------------------------------------------

2008-06-15 15:47:47 0 d-------- C:\Users\cadave\AppData\Roaming\Malwarebytes
2008-06-15 14:36:22 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.001
2008-06-15 14:32:22 836 --a------ C:\Windows\bthservsdp.dat
2008-06-15 09:17:05 0 d-------- C:\Users\cadave\AppData\Roaming\skypePM
2008-06-13 07:15:15 0 d-------- C:\Program Files\AdwareFilter
2008-06-11 03:12:26 0 d-------- C:\Program Files\Windows Mail
2008-06-10 15:42:41 0 d-------- C:\Program Files\SkyGuide PocketFly Timetable
2008-06-10 15:26:00 0 d-------- C:\Program Files\Airport Insight for PocketPC
2008-06-09 07:23:56 0 d-------- C:\Users\cadave\AppData\Roaming\Skype
2008-06-07 12:07:20 0 --a------ C:\Users\cadave\AppData\Roaming\wklnhst.dat
2008-06-07 11:22:07 130887 --a------ C:\Windows\hpoins18.dat
2008-05-30 07:58:59 0 d-------- C:\Program Files\McAfee
2008-05-30 07:48:33 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-12 19:11:17 0 d-------- C:\Users\cadave\AppData\Roaming\MSN6
2008-05-06 12:59:35 0 d-------- C:\Program Files\Trend Micro
2008-05-05 18:11:48 0 d-------- C:\Users\cadave\AppData\Roaming\McAfee
2008-04-30 18:13:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 10:38:36 13072 --a------ C:\Users\cadave\AppData\Roaming\nvModes.dat
2008-04-20 10:21:20 0 d-------- C:\Program Files\Logbook Pro
2008-04-20 10:14:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 09:01:00 0 d-------- C:\Program Files\Microsoft.NET
2008-04-18 21:42:18 0 d-------- C:\Program Files\Route Browser
2008-04-04 13:23:47 96629 --a------ C:\Windows\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/09/2006 12:43 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 03:38 PM C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 08:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 01:58 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 07:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 03:12 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1187319687\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [10/18/2007 12:08 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 09:40 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 09:40 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 09:40 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/14/2007 07:29 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/11/2008 10:16 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 06:23 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/2005 10:05 AM]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [09/19/2007 09:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [4/3/2008 3:19:36 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/20/2006 12:27:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76cdd403-c9ba-11dc-b4cf-001a6b813aca}]
AutoRun\command- F:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-15 15:59:06 ------------

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:15 AM

Posted 15 June 2008 - 03:06 PM

Are you still getting the popups?


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 16 June 2008 - 08:09 AM

My computer has behaved normally this morning. This is unusual as it normally goes nuts with pop-ups as soon as it is booted. It normally wildly redirects IE as soon as it is opened, or if it is not opened, the malware will open IE un-commanded.

I recall that I may have gotten a day of reprieve the last time I ran Combofix, but the symptoms reappeared the next day. I did not notice anything in the logs that indicated to me that any malware was detected or removed, but the computer is operating normally. Could we have fixed it?

Thank you for your help. I will post on this thread if/when the symptoms reappear.

Dave

#13 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 16 June 2008 - 08:25 AM

I was premature. All symptoms have reappeared. There has been no change.
Dave

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:15 AM

Posted 16 June 2008 - 11:08 AM

Hello,

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 ATA Dave

ATA Dave
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 16 June 2008 - 11:29 AM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-16 12:28:32
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8B7769BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8B776958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8B77696C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B7769FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8B776A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8B776930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8B776944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8B7769D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8B776A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8B776A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8B7769AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8B776996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B776A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B776A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B7769E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8B776982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users