Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Locks Up And Hangs When User Tries To Login


  • This topic is locked This topic is locked
16 replies to this topic

#1 bummed_in_southGA

bummed_in_southGA

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 17 May 2008 - 09:35 AM

Lots of sporadic behavior, mainly in the user account - some serious. All of the following only occurrs(ed) when logged into the user account.

1. When typing Ctrl-Alt-Delete... an error window shows up that says (always):
"Task Manager has been disabled by your administrator."
No such disabling was done; at least not on purpose. I wouldn't even know how.

2. Last week, typing became very slow, especially backspacing and deleting. However, that seems to have gone away.

3. About a month ago, I had a red screen with a bio hazard symbol display when logging into the user account (user account only). Clicking anywhere in the red area launched a series of screens trying to get me to download software. This behavior has gone away also.

4. Now (before resorting to the previous restore point), logging into the user account hangs the computer completely. A physical restart is required in order to log into the admin account. Attempting to log into the user account causes the same "hanging" behavior to occur again.

Just now, when booting, I restore back to the last restore point and that seems to have fixed the computer hanging/lockup problem when logling into the user account (for now), but I think I'm infected... I'm SURE I'm infected.

I'm running:
Zone Alarm full Internet Security Suite.
Windows XP Media Center Edition 2005 on a
HP Pavilion a1330n

The attached Hijackthis log is from BEFORE I went back to the restore point. It is when the user login was hanging the PC. I ran hijackthis from the admin account, which doesn't seem to be experiencing the problems the user account is experiencing.

I hope you can help.
Thanks,
bummend_in_southGA

Attached Files



BC AdBot (Login to Remove)

 


#2 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 18 May 2008 - 11:33 AM

I posted a previous issue regarding this same topic. I was irritated and impatient and didn't notice the "read this first" note before posting. I've now gone through the guide - having run Kaspersky's scanner and then DSS. The DSS logs are attached as per the guide.

Just to reiterate, the following is the text from my previous post:

I needed to go back to the previous Restore Point required to allow user to login.

The system and been had lots of sporadic behavior, mainly in the user account - some serious. All of the following only occurrs(ed) when logged into the user account.

1. When typing Ctrl-Alt-Delete... an error window shows up that says (always):
"Task Manager has been disabled by your administrator."
No such disabling was done; at least not on purpose. I wouldn't even know how.

2. Last week, typing became very slow, especially backspacing and deleting. However, that seems to have gone away.

3. About a month ago, I had a red screen with a bio hazard symbol display when logging into the user account (user account only). Clicking anywhere in the red area launched a series of screens trying to get me to download software. This behavior has gone away also.

4. Now (before resorting to the previous restore point), logging into the user account hangs the computer completely. A physical restart is required in order to log into the admin account. Attempting to log into the user account causes the same "hanging" behavior to occur again.

Just now, when booting, I restore back to the last restore point and that seems to have fixed the computer hanging/lockup problem when logling into the user account (for now), but I think I'm infected... I'm SURE I'm infected.

I'm running:
Zone Alarm full Internet Security Suite.
Windows XP Media Center Edition 2005 on a
HP Pavilion a1330n

In my previous post I attached (as opposed to a copy and past) a Hijackthis log from a scan just BEFORE I went back to the previous restore point. I.E., when the user login was hanging the PC. I ran hijackthis from the admin account, which doesn't seem to be experiencing the problems the user account is experiencing.

The following are the Main.txt and Extra.txt logs from the DSS scan I just ran. I did do a Kaspersky scan before I ran DSS but for some reason I saved the log as an HTML file. Also, I only ran the scan on "Critical Components" and "Memory". Critical components came up with no viruses but there were a bunch of locked files. The Memory scan came up with no viruses. I needed I will run a Kaspersky scan again and post the log file(s).

MAIN.TXT:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-18 11:32:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2008-05-18 15:32:09 UTC - RP131 - Deckard's System Scanner Restore Point
82: 2008-05-18 07:45:30 UTC - RP130 - System Checkpoint
81: 2008-05-17 07:00:22 UTC - RP129 - Software Distribution Service 3.0
80: 2008-05-16 08:49:50 UTC - RP128 - System Checkpoint
79: 2008-05-15 07:49:52 UTC - RP127 - System Checkpoint


-- First Restore Point --
1: 2008-03-03 14:55:27 UTC - RP49 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:23 AM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\HP_Administrator\My Documents\ProgramEXEs_020808\DeckardsSystemScanner\dss.exe
C:\DOCUME~1\HP_ADM~1\MYDOCU~1\PROGRA~1\HIJACK~1\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVA Media - {4480F41F-F91F-4781-B1EA-30D261DA06AC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ps2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RECGUARD] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9708 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 windrvNT - c:\windows\system32\windrvnt.sys
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-18 11:30:00 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AFC26B2F-27D1-4B65-A633-E66A585CAD9E}.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 09:24:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 09:24:44 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 09:24:43 0 d-------- C:\WINDOWS\LastGood
2008-05-09 07:11:12 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-09 07:11:11 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-09 07:11:11 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-09 07:11:08 0 d-------- C:\Program Files\Render Plus Systems
2008-04-26 11:17:25 0 d-------- C:\Documents and Settings\General Users\Application Data\Nero
2008-04-26 10:55:19 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-26 10:51:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-04-26 10:39:26 0 d-------- C:\Program Files\Common Files\Nero
2008-04-26 10:39:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-26 07:26:25 0 d-------- C:\Documents and Settings\General Users\Application Data\Ahead
2008-04-21 06:56:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-18 14:52:55 0 d-------- C:\Documents and Settings\General Users\Application Data\muvee Technologies


-- Find3M Report ---------------------------------------------------------------

2008-05-18 10:15:07 0 d-------- C:\Program Files\Folder Lock
2008-05-17 07:56:00 0 d-------- C:\Program Files\PC Tune-Up
2008-05-17 07:47:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-09 07:11:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 10:39:26 0 d-------- C:\Program Files\Nero
2008-04-26 10:39:26 0 d-------- C:\Program Files\Common Files
2008-04-26 10:28:48 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-21 06:56:28 0 d-------- C:\Program Files\Common Files\Real
2008-04-12 22:23:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-04-12 22:18:25 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-12 22:17:55 0 d-------- C:\Program Files\Quicken
2008-04-12 21:48:54 0 d-------- C:\Program Files\MSBuild
2008-04-12 21:48:38 0 d-------- C:\Program Files\Reference Assemblies
2008-04-12 20:02:23 0 d-------- C:\Program Files\TurboTax
2008-04-12 14:36:08 0 d-------- C:\Program Files\EssNetTools
2008-04-09 14:55:38 139759 --a------ C:\WINDOWS\hpoins15.dat
2008-04-05 20:03:35 0 d-------- C:\Program Files\Individual Software
2008-04-05 19:57:12 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Individual Software
2008-04-05 19:21:43 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier
2008-04-04 23:24:39 0 d-------- C:\Program Files\Common Files\Individual Software
2008-04-04 10:36:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ahead
2008-04-04 00:50:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-04-04 00:30:41 0 d-------- C:\Program Files\HP
2008-04-04 00:30:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPAppData
2008-04-03 16:30:59 0 d-------- C:\Program Files\Canon
2008-04-03 16:21:18 0 d-------- C:\Program Files\Java
2008-02-24 21:14:56 34 --a------ C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
2008-02-24 21:14:50 47360 --a------ C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-24 21:14:50 1144 --a------ C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
2008-02-24 21:14:50 7887 --a------ C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
2008-02-22 14:50:11 18954 --a------ C:\WINDOWS\system32\PRE30_FCBlueprint.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4480F41F-F91F-4781-B1EA-30D261DA06AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/09/2008 01:01 PM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 03:19 AM C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [09/27/2005 03:43 AM]
"@"="" []
"PCDrProfiler"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [08/27/2005 05:14 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/28/2004 03:50 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/28/2004 03:50 AM]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [10/12/2006 04:57 PM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [03/01/2008 03:49 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"ps2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 06:17 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 04:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 12:04 PM]
"RECGUARD"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 02:14 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/03/2008 04:30 PM]
"MRC"="C:\Program Files\PC Tune-Up\PCTuneUp.exe" [10/12/2007 03:57 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/12/2006 8:55:56 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [5/1/2007 12:11:48 PM]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [9/20/2005 6:10:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03b8132-d692-11dc-9fce-0015f252175a}]
AutoRun\command- L:\wd_windows_tools\setup.exe

-- End of Deckard's System Scanner: finished at 2008-05-18 11:35:09 ------------

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3800+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 958.48 MiB / 497.1 MiB
Pagefile Memory (total/avail): 2313.64 MiB / 1913.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.2 MiB

C: is Fixed (NTFS) - 224.37 GiB total, 80.51 GiB free.
D: is Fixed (NTFS) - 189.92 GiB total, 67.13 GiB free.
E: is Fixed (FAT32) - 8.5 GiB total, 1.12 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6L200M0 - 189.92 GiB - 1 partition
\PARTITION0 - Installable File System - 189.92 GiB - D:

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 8.51 GiB - E:
\PARTITION1 (bootable) - Installable File System - 224.37 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE6 - HP Photosmart C4240 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: ZoneAlarm Security Suite Firewall v7.0.470.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.470.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OURCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\OURCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=OURCOMPUTER
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
General Users (admin)
ProfileTransfer (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy Pro 3.1.3.8 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Active@ UNDELETE DEMO --> "C:\Program Files\Active Data Recovery Software\Active UNDELETE\UNWISE.EXE" "C:\Program Files\Active Data Recovery Software\Active UNDELETE\INSTALL.LOG"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Premiere Elements 3.0.2 --> msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0.2 --> MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0.2 Templates --> MsiExec.exe /I{6EACDDF4-4220-49A3-9204-984C86852C3D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Amazon MP3 Downloader 1.0.2 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Chuzzle Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DISCover --> "C:\Program Files\DISC\uninstall.exe"
DVD43 v4.2.0 --> "C:\Program Files\dvd43\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall
EPSON Event Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x9 UNINST
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
Essential NetTools --> C:\PROGRA~1\ESSNET~1\ent.exe /u
Folder Lock --> C:\Program Files\Folder Lock\Uninstall.exe
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\HP_Administrator\My Documents\ProgramEXEs_020808\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PC Tune-Up --> C:\Program Files\PC Tune-Up\Uninstall PC Tune-Up.exe
Professor Answers --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Answers\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~3\INSTALL.LOG
Professor Teaches Flash MX 2004 --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Flash MX 2004\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PR26D7~1\INSTALL.LOG
Professor Teaches HTML Advanced --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches HTML Advanced\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PR71DE~1\INSTALL.LOG
Professor Teaches HTML Fundamentals --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches HTML Fundamentals\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PR097D~1\INSTALL.LOG
Professor Teaches Photoshop 7 --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Photoshop 7\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~2\INSTALL.LOG
Professor Teaches Photoshop CS --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Photoshop CS\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~1\INSTALL.LOG
Professor Teaches Publisher 2002 --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Publisher 2002\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PR6B64~1\INSTALL.LOG
Professor Teaches Web Design Fundamentals --> C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Web Design Fundamentals\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~4\INSTALL.LOG
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
RpTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAC1CBF-475C-421D-A641-01F1B4E2C2F2}\setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
TurboTax Premier 2007 --> C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VSO CopyToDVD 4 --> "C:\Program Files\VSO\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type1958 / Success
Event Submitted/Written: 05/17/2008 09:41:24 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type1950 / Success
Event Submitted/Written: 05/17/2008 08:57:09 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type1948 / Warning
Event Submitted/Written: 05/17/2008 08:27:07 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1940 / Success
Event Submitted/Written: 05/17/2008 07:58:52 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type1932 / Success
Event Submitted/Written: 05/17/2008 07:46:34 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3318 / Warning
Event Submitted/Written: 05/18/2008 03:01:00 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3296 / Error
Event Submitted/Written: 05/17/2008 09:41:52 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type3272 / Error
Event Submitted/Written: 05/17/2008 08:57:43 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type3248 / Error
Event Submitted/Written: 05/17/2008 07:59:23 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type3225 / Error
Event Submitted/Written: 05/17/2008 07:47:15 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

-- End of Deckard's System Scanner: finished at 2008-05-18 11:35:09 ------------

Merged topics. ~ OB

Edited by Orange Blossom, 18 May 2008 - 12:30 PM.


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:10 AM

Posted 30 May 2008 - 10:46 PM

Hello bummed_in_southGA,

Welcome back to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 06 June 2008 - 10:58 AM

Hello bummed_in_southGA,

Welcome back to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea



#5 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 06 June 2008 - 11:06 AM

Hello bummed_in_southGA,

Welcome back to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea


Tea,
Is this the place to paste in my HijackThis log?
Thanks,
Warren

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:10 AM

Posted 06 June 2008 - 06:19 PM

YAY!!!!! Yes it is! :thumbsup: Post that puppy! :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 08 June 2008 - 11:47 AM

I am running the scans now: 6/8/08 12:45 PM EDT.
Thanks!

#8 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 08 June 2008 - 12:30 PM

06/08/08 1:17 PM EDT

Below is my HijackThis log from running DSS. First though...

I had ZoneAlarm, but I uninstalled it, purchased Avira Premiun Security Suite for XP and installed it.
I do, however, see ZoneAlarm still in the HijackThis log???

Also... something I'm not sure of... Avira is catching:
myFTP.exe "This application is trying to access the Internet."
Should I Allow or Deny??

I did two of the Kaspersky online scans:
Critical Areas: (see report below)... no viruses found, there were some locked items.
Memory: no report, no malware... scanned section are CLEAN.

When I ran DSS I only got "main.txt". I did not get an "extra.txt" file. The last time I ran DSS on May 17th (5/17/08), I did get an "extra.txt" file

Here is the Kaspersky output report followed by the DSS main.txt report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 12:54:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 746581
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 32082
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:23:48

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\inf\sonypvs2.inf Object is locked skipped
C:\WINDOWS\inf\sonypvs2audio.inf Object is locked skipped
C:\WINDOWS\inf\sonypvs2usb.inf Object is locked skipped
C:\WINDOWS\inf\sonypvs3.inf Object is locked skipped
C:\WINDOWS\inf\sonypvs3audio.inf Object is locked skipped
C:\WINDOWS\inf\sonypvs3usb.inf Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{88D15341-3F9E-405E-859F-23DD492DA4AE}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F2369CEC-57E6-4E2E-813B-4C712DEAE330}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log Object is locked skipped
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\_hphtra07.log Object is locked skipped
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFAA8A.tmp Object is locked skipped

Scan process completed.


DSS main.txt log:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-06-08 13:07:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:03 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\HP_Administrator\My Documents\ProgramEXEs_020808\DeckardsSystemScanner\dss.exe
C:\DOCUME~1\HP_ADM~1\MYDOCU~1\PROGRA~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVA Media - {4480F41F-F91F-4781-B1EA-30D261DA06AC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ps2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RECGUARD] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 10502 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 03:58:30 0 d-------- C:\Documents and Settings\General Users\Application Data\Avira
2008-06-06 19:03:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Avira
2008-06-06 18:50:50 0 d-------- C:\Program Files\Avira
2008-06-06 18:50:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-22 11:57:21 0 d-------- C:\Program Files\Conduit Calculator
2008-05-22 06:25:44 0 dr-h----- C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2008-05-18 09:24:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 09:24:44 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-09 07:11:12 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-09 07:11:11 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-09 07:11:11 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-09 07:11:08 0 d-------- C:\Program Files\Render Plus Systems


-- Find3M Report ---------------------------------------------------------------

2008-06-08 12:02:22 0 d-------- C:\Program Files\Folder Lock
2008-06-07 15:25:18 0 d-------- C:\Program Files\Live_TV
2008-06-06 12:17:42 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-29 20:31:02 0 d-------- C:\Program Files\PC Tune-Up
2008-05-21 21:30:38 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-05-20 15:02:00 0 d-------- C:\Program Files\dvd43
2008-05-09 07:11:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 10:55:19 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-26 10:51:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-04-26 10:42:00 0 d-------- C:\Program Files\Common Files\Nero
2008-04-26 10:39:26 0 d-------- C:\Program Files\Nero
2008-04-26 10:39:26 0 d-------- C:\Program Files\Common Files
2008-04-26 10:28:48 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-21 06:56:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-21 06:56:28 0 d-------- C:\Program Files\Common Files\Real
2008-04-12 22:23:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-04-12 22:18:25 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-12 22:17:55 0 d-------- C:\Program Files\Quicken
2008-04-12 21:48:54 0 d-------- C:\Program Files\MSBuild
2008-04-12 21:48:38 0 d-------- C:\Program Files\Reference Assemblies
2008-04-12 20:02:23 0 d-------- C:\Program Files\TurboTax
2008-04-12 14:36:08 0 d-------- C:\Program Files\EssNetTools
2008-04-09 14:55:38 139759 --a------ C:\WINDOWS\hpoins15.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4480F41F-F91F-4781-B1EA-30D261DA06AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/09/2008 01:01 PM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [02/09/2008 01:01 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 03:19 AM C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [09/27/2005 03:43 AM]
"@"="" []
"PCDrProfiler"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [08/27/2005 05:14 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/28/2004 03:50 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/28/2004 03:50 AM]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [10/12/2006 04:57 PM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [04/09/2008 10:00 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"ps2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 06:17 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 04:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 12:04 PM]
"RECGUARD"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 02:14 AM]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/03/2008 04:30 PM]
"MRC"="C:\Program Files\PC Tune-Up\PCTuneUp.exe" [10/12/2007 03:57 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/12/2006 8:55:56 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [5/1/2007 12:11:48 PM]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [9/20/2005 6:10:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


-- End of Deckard's System Scanner: finished at 2008-06-08 13:07:26 ------------

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:10 AM

Posted 08 June 2008 - 09:28 PM

Hello,

Use Windows Search (Start > Search > For Files or Folders), to search for the following file:

myFTP.exe

Please go to VirusTotal and submit the file for a scan and post the results in your next reply.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
We'll take care of the rest in the next post. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 10 June 2008 - 06:48 PM

I was okay with your instructions until I got to "Reboot your computer..." part.
I kicked the thing and nothing happened. Then I kicked it again and the monitor said "No signal".
I had to push the start button to get it going again. Then everything seems to be okay now.

JUST KIDDING, but...!

Through all this I've discovered that I Do NOT have "Windows x64", I have just plain "Windows". This
may be the cause of some of my problems. I'm not kidding here.

The following is the info you asked for. The file that was downloaded from the java site is:
"jre-6u6-windows-x64.exe"
Executing is seemed to be just fine.

The DISC icon stayed down in the System Tray... For some reason I didn't figure how to get rid of it. Duh!

DISC is "DISCover" and it is a gaming GUI. I probably downloaded the "x64" version of it.

Any, I just now went to control panel, Add Remove Programs and removed
it. The icon is now gone from the System Tray. The DISC directory has been deleted from the Program
Files directory along with myFTP.exe. However, the other myFTP.exe..... files are still in the
respective directories as shown below. I'm still posting the Program Files\DISC\myFTP scan results
anyway. Please let me know if this is confusing (not how stupid I am :thumbsup:.

Here are the results from the VirusTotal scans:

C:\Program Files\DISC\myFTP.exe
VirusTotal results:
(no "Results" from any of the antivirus scanners)

Additional information
File size: 90112 bytes
MD5...: c8a05fb3bed71299215c3437dda7a658
SHA1..: 3f8c4822852a32f8e15508f4ba1105954a64c3a5
SHA256: f33e641ccee8f3fa254b61339d6d41d4c9e8456c3c14c7157887a26da2e7047d
SHA512: 4deb5a7d55e7f4fe8c6d69569ca2688f02d03c0cd8c6287943cbab49d45cbddf
fa8fdc964b48117ede44ca29abc3042a1e46beca19eb9143ec9804f40abde7b3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41481e
timedatestamp.....: 0x4338956c (Tue Sep 27 00:42:20 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x12824 0x13000 5.45 fe90ee5215833353941d0e155143fcaa
.rsrc 0x16000 0xda0 0x1000 4.06 9b166549ea9e9d9aac7ea7f4aa1d18ca
.reloc 0x18000 0xc 0x1000 0.02 10775a19803fb98d721f4af67eb457f1

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )

C:\WINDOWS\Prefetch\MYFTP.EXE-27C3419E.pf
VirusTotal results:
(no "Results" from any of the antivirus scanners)

Additional information
File size: 103732 bytes
MD5...: 2ccde0bf8cd33044937af881c3e72fac
SHA1..: ebd450ab0a584651c40ea2a7c5144f52fb189010
SHA256: 0d7e6e18b69b56f18fa549c8b92f5fc3b446cf1a1828ec0d84d923008055f426
SHA512: c01fcff6f4eb6c076439c434770208d82ea875b54f6516196faee9279c1de28e
0e7a7f9659a4e234062f8ec8cc2471876c67b9a62e450370873746849c7391ad
PEiD..: -
PEInfo: -

C:\Documents and Settings\<user name>\Local Settings\Application

Data\ApplicationHistory\myFTP.exe.c6bc28d9.ini
VirusTotal results:
(no "Results" from any of the antivirus scanners)

Additional information
File size: 1637 bytes
MD5...: 330aec0613350b984474b580dcc13855
SHA1..: b7e916c82475fdd361fa7a925f4f22edb917527f
SHA256: e6eb17a4dd879b2b703d23f2c4850852516c11b4338e38d1878195f9de070754
SHA512: 633368e105655e651d6b82dc01d4ad131b316ef4cfe889997b7a89e267dd0cf6
065344431b402374883eef4c3e90ac325bf562fd4745554a9a524d88ae26a2a0
PEiD..: -
PEInfo: -

I hope this helps...
Warren

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:10 AM

Posted 15 June 2008 - 12:40 PM

Hi Warren,

I was okay with your instructions until I got to "Reboot your computer..." part.
I kicked the thing and nothing happened. Then I kicked it again and the monitor said "No signal".
I had to push the start button to get it going again. Then everything seems to be okay now.

:thumbsup: Glad your method worked for you! :)

So everything is all right now yes? :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 15 June 2008 - 04:04 PM

Teacup...
Well... my little joke (glad you laughed) had a double meaning. The #1 was to get you to laugh because I'm such a slow responder. #2 was to indicate how dumb I was about the x64.

I regret to say that everything is still not quite okay. In the user account: Pressing Ctrl+Alt+Del causes an "inhibit error" window to pop onto the screen that says: "Task Manager has been disabled by your administrator." (clicking on "OK" is required) I'm the ADMINISTRATOR (although maybe I shouldn't be - but it's my PC) and I did no such thing, at least not on purpose; i.e., I didn't disable Task Manager for the user (who is my wife and me). Someone is being dishonest?

What happened? Gremlin in the computer? (I had a Gremlin car once).

:thumbsup:

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:10 AM

Posted 16 June 2008 - 11:29 AM

Hello,

Let's see what might be lurking in the depths:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you really had a Gremlin at one time, you're telling your age. :) The only thing is, the fact that I know what it is means I'm telling mine too. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 18 June 2008 - 08:06 AM

Hi Teacup,
My Gremlin was used... Do I get to subtract a couple of years for that? Yup, it was used. I used it too. That's probably one of my problems. I used a

Gremlin. "... a Gremlin scorned...". I am continuously haunted by this Gremlin since it went to it's grave.

Well, given the Gremlin and the warnings about ComboFix, I was very nervous! I even put on my brown pants! (not normally my colour - I'm a "Winter"). I did not "click" in it's window but I held my breath!

All said, ComboFix seemed to finish on it's good side and did not reboot my PC. It left me with 2 text files, 1) C:/ComboFix.txt and 2)

C:/QooBox/ComboFix-quarantined-files.txt.

Below I've included the contents of these 2 files and the log from HijackThis run immediately after ComboFix finished. I hope this helps. Thank you very

much BTW!

C:/ComboFix.txt -

ComboFix 08-06-16.5 - HP_Administrator 2008-06-18 8:25:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\My Documents\ProgramEXEs_020808\ComboFix__dangerous_careful\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware337
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\U04AE51B6.exe
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\adprotect nospam
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\Barbara.WARRENBRACKMANN\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\SpamBlocker
C:\Documents and Settings\General Users\Application Data\SpamBlocker\MarilynsEmailBoxes
C:\Documents and Settings\General Users\Application Data\SpamBlocker\WarrensEmailBoxes
C:\Documents and Settings\General Users\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\General Users\Application Data\SpamBlockerUtility_Icons\MobileSidewalk_2.ico
C:\Documents and Settings\General Users\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\General Users\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\General Users\Application Data\Starware337
C:\Documents and Settings\General Users\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\General Users\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\General Users\Application Data\Starware337\Layouts\PreferencesLayout.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\General Users\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\General Users\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\General Users\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\General Users\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\General Users\Favorites\Error Cleaner.url
C:\Documents and Settings\General Users\Favorites\Privacy Protector.url
C:\Documents and Settings\General Users\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\adprotect nospam
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\Marilyn.WARRENBRACKMANN\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Marilyn\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlocker
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlocker\MarilynsEmailBoxes
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlocker\WarrensEmailBoxes
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlockerUtility_Icons\MobileSidewalk_2.ico
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\Starware337
C:\Program Files\Starware337\brand.bmp
C:\Program Files\Starware337\icons\star_16.ico
C:\Program Files\Starware337\Starware337Config.xml
C:\Program Files\Starware337\Starware337Uninstall.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\AutoRun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-10 21:06 . 2007-12-03 02:10 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-06-10 17:19 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 17:19 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 03:58 . 2008-06-07 03:58 <DIR> d-------- C:\Documents and Settings\General Users\Application Data\Avira
2008-06-06 19:03 . 2008-06-06 19:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Avira
2008-06-06 18:50 . 2008-06-06 18:50 <DIR> d-------- C:\Program Files\Avira
2008-06-06 18:50 . 2008-06-06 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 18:50 . 2008-06-06 18:57 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-06-06 18:50 . 2008-06-06 18:57 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-05-24 18:10 . 2008-05-24 18:43 1,475 --a------ C:\WINDOWS\vpd.properties
2008-05-22 11:57 . 2008-05-22 12:01 <DIR> d-------- C:\Program Files\Conduit Calculator
2008-05-22 06:25 . 2008-05-22 06:25 <DIR> dr-h----- C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2008-05-22 06:25 . 2008-05-22 06:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-18 11:31 . 2008-05-18 11:31 <DIR> d-------- C:\Deckard
2008-05-18 09:24 . 2008-05-18 09:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 09:24 . 2008-05-18 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 21:25 --------- d-----w C:\Program Files\PC Tune-Up
2008-06-13 15:00 --------- d-----w C:\Documents and Settings\General Users\Application Data\Vso
2008-06-13 15:00 --------- d-----w C:\Documents and Settings\General Users\Application Data\CopyToDvd
2008-06-10 23:35 --------- d-----w C:\Program Files\Java
2008-06-08 16:02 --------- d-----w C:\Program Files\Folder Lock
2008-06-07 19:25 --------- d-----w C:\Program Files\Live_TV
2008-05-27 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-05-27 12:14 --------- d-----w C:\Documents and Settings\General Users\Application Data\1clickPro
2008-05-22 01:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-05-20 19:02 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-05-20 19:02 --------- d-----w C:\Program Files\dvd43
2008-05-12 22:28 --------- d-----w C:\Documents and Settings\General Users\Application Data\HPAppData
2008-05-09 11:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 11:11 --------- d-----w C:\Program Files\Render Plus Systems
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-26 15:17 --------- d-----w C:\Documents and Settings\General Users\Application Data\Nero
2008-04-26 14:55 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-26 14:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-04-26 14:42 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-26 14:39 --------- d-----w C:\Program Files\Nero
2008-04-26 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-26 14:28 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 12:05 --------- d-----w C:\Documents and Settings\General Users\Application Data\Ahead
2008-04-21 10:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-21 10:56 --------- d-----w C:\Program Files\Common Files\Real
2008-04-18 19:05 --------- d-----w C:\Documents and Settings\General Users\Application Data\muvee Technologies
2008-04-17 10:46 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-25 01:14 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-10-14 22:46 378 ----a-w C:\Documents and Settings\Warren.WARRENBRACKMANN\Application Data\wklnhst.dat
2007-10-14 22:46 378 ----a-w C:\Documents and Settings\General Users\Application Data\wklnhst.dat
2005-12-02 15:55 5,101 ------w C:\WINDOWS\inf\SETFA.tmp
2006-01-27 20:12 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-10-11 20:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101120071012\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-02-09 13:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-09 13:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"MRC"="C:\Program Files\PC Tune-Up\PCTuneUp.exe" [2007-10-12 03:57 2435072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"PCDrProfiler"="" []
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 16:57 102400]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-04-09 10:00 826880]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"ps2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 18:17 90112]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 16:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04 52736]
"RECGUARD"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 02:14 237568]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-02-12 10:06 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\Warren.WARRENBRACKMANN\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-01-10 15:16:05 73728]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [2007-07-06 18:28:44 125976]

C:\Documents and Settings\General Users\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\General Users\Application

Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-02-16 22:22:17 73728]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [2007-07-06 18:28:44 125976]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-12 20:55:56 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=

R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-06-06 18:57]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-03-26 15:33]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-06-06 18:56]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-04-09 15:57]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-02-07 10:06]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-06-06 18:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 12:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AFC26B2F-27D1-4B65-A633-E66A585CAD9E}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 08:32:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-06-18 8:32:42
ComboFix-quarantined-files.txt 2008-06-18 12:32:39

Pre-Run: 86,780,764,160 bytes free
Post-Run: 88,444,194,816 bytes free

411 --- E O F --- 2008-06-11 07:02:39

%%%%%%%%#%#%#%#%#%#%#%#%#%#%#%########$#$#$$#%$%%$%$%$%$%$%$%#%%@%#$%$%#$%@%#$%$#%$%#^$%#%#@%#$#$@$@$%#%#%#%#@$@$%#%#$#%@

C:\QooBox\ComboFix-quarantined-files.txt -

2004-04-30 06:01 53 --a------ C:\Qoobox\Quarantine\E\Autorun.inf.vir
2005-04-05 12:43 1150 --a------ C:\Qoobox\Quarantine\C\Program Files\Starware337\icons\star_16.ico.vir
2005-05-31 05:12 25358 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\SpamBlockerUtility_Icons\wallpapere1.ico.vir
2005-05-31 05:12 25358 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\SpamBlockerUtility_Icons\wallpapere1.ico.vir
2005-09-06 12:32 5188 --a------ C:\Qoobox\Quarantine\C\Program Files\Starware337\brand.bmp.vir
2005-10-07 09:00 1239 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\buttons\referencehotxp.png.vir
2005-10-07 09:00 1267 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png.vir
2005-10-07 09:00 1272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp.vir
2005-10-07 09:00 1286 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp.vir
2005-10-07 09:00 1392 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp.vir
2005-10-07 09:00 1392 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp.vir
2005-10-07 09:00 1420 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp.vir
2005-10-07 09:00 1420 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp.vir
2005-10-07 09:00 1492 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png.vir
2005-10-07 09:00 1568 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png.vir
2005-10-07 09:00 372 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp.vir
2005-10-07 09:00 372 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp.vir
2005-10-07 09:00 553 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png.vir
2005-10-07 09:00 837 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png.vir
2005-10-07 09:00 862 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png.vir
2005-10-07 09:00 924 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png.vir
2005-10-14 17:06 1016 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp.vir
2006-01-10 05:16 3262 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\SpamBlockerUtility_Icons\Registryrepair.ico.vir
2006-01-10 05:16 3262 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\SpamBlockerUtility_Icons\Registryrepair.ico.vir
2006-02-13 10:50 53 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn\Local Settings\Application Data\Microsoft\Windows

Media\10.0\WMSDKNSD.XML.vir
2006-09-19 04:22 3262 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\SpamBlockerUtility_Icons\MobileSidewalk_2.ico.vir
2006-09-19 04:22 3262 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\SpamBlockerUtility_Icons\MobileSidewalk_2.ico.vir
2006-10-23 13:47 1354 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png.vir
2006-10-23 13:47 1357 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png.vir
2006-10-23 13:47 1456 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp.vir
2006-10-23 13:47 1500 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp.vir
2006-10-27 11:45 344 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml.vir
2006-11-24 10:25 103888 --a------ C:\Qoobox\Quarantine\C\Program Files\Starware337\Starware337Config.xml.vir
2006-11-24 10:25 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup.vir
2006-11-24 10:25 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.vir
2006-11-24 10:25 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup.vir
2006-11-24 10:25 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.vir
2006-11-24 10:25 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup.vir
2006-11-24 10:25 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.vir
2006-11-24 10:25 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup.vir
2006-11-24 10:25 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.vir
2006-11-24 10:25 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup.vir
2006-11-24 10:25 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.vir
2006-11-24 10:25 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup.vir
2006-11-24 10:25 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.vir
2006-11-24 10:25 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup.vir
2006-11-24 10:25 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.vir
2006-11-24 10:25 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup.vir
2006-11-24 10:25 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.vir
2006-11-24 10:25 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup.vir
2006-11-24 10:25 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.vir
2006-11-24 10:25 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup.vir
2006-11-24 10:25 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.vir
2006-11-24 10:25 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Layouts\ToolbarLayout.xml.backup.vir
2006-11-24 10:25 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Layouts\ToolbarLayout.xml.vir
2006-11-24 10:25 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Layouts\ToolbarLayout.xml.backup.vir
2006-11-24 10:25 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Layouts\ToolbarLayout.xml.vir
2006-11-24 10:25 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.backup.vir
2006-11-24 10:25 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.vir
2006-11-24 10:25 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.backup.vir
2006-11-24 10:25 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.vir
2006-11-24 10:25 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup.vir
2006-11-24 10:25 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.vir
2006-11-24 10:25 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup.vir
2006-11-24 10:25 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.vir
2006-11-24 10:25 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Reference\ReferenceOptions.xml.backup.vir
2006-11-24 10:25 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Reference\ReferenceOptions.xml.vir
2006-11-24 10:25 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Reference\ReferenceOptions.xml.backup.vir
2006-11-24 10:25 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Reference\ReferenceOptions.xml.vir
2006-11-24 10:25 48996 --a------ C:\Qoobox\Quarantine\C\Program Files\Starware337\Starware337Uninstall.exe.vir
2006-11-24 10:25 61480 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml.vir
2006-11-24 10:25 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp.vir
2006-11-24 10:25 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.backup.vir
2006-11-24 10:25 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.vir
2006-11-24 10:25 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.backup.vir
2006-11-24 10:25 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.vir
2006-11-24 10:27 2248 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup.vir
2006-11-24 10:27 2248 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.vir
2006-12-03 15:26 1272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Manager\ManagerOptions.xml.backup.vir
2006-12-03 15:26 1272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Manager\ManagerOptions.xml.vir
2006-12-03 15:26 1272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Manager\ManagerOptions.xml.backup.vir
2006-12-03 15:26 1272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Manager\ManagerOptions.xml.vir
2006-12-03 15:26 14392 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Weather\WeatherOptions.xml.backup.vir
2006-12-03 15:26 14392 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Weather\WeatherOptions.xml.vir
2006-12-03 15:26 14392 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Weather\WeatherOptions.xml.backup.vir
2006-12-03 15:26 14392 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Weather\WeatherOptions.xml.vir
2006-12-03 15:26 4264 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Layouts\PreferencesLayout.xml.backup.vir
2006-12-03 15:26 4264 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Layouts\PreferencesLayout.xml.vir
2006-12-03 15:26 4264 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Layouts\PreferencesLayout.xml.backup.vir
2006-12-03 15:26 4264 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Layouts\PreferencesLayout.xml.vir
2006-12-03 15:26 6944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup.vir
2006-12-03 15:26 6944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.vir
2006-12-03 15:26 6944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup.vir
2006-12-03 15:26 6944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.vir
2006-12-03 15:26 7704 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup.vir
2006-12-03 15:26 7704 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.vir
2006-12-03 15:26 7704 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup.vir
2006-12-03 15:26 7704 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.vir
2006-12-30 14:46 112 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Weather\AlertArchive.xml.vir
2006-12-30 14:46 112 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Weather\AlertArchive.xml.vir
2006-12-30 14:46 19560 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Recipes\RecipesOptions.xml.backup.vir
2006-12-30 14:46 19560 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Recipes\RecipesOptions.xml.vir
2006-12-30 14:46 19560 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Recipes\RecipesOptions.xml.backup.vir
2006-12-30 14:46 19560 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Recipes\RecipesOptions.xml.vir
2006-12-30 14:46 2456 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Movies\MoviesOptions.xml.backup.vir
2006-12-30 14:46 2456 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Movies\MoviesOptions.xml.vir
2006-12-30 14:46 2456 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Movies\MoviesOptions.xml.backup.vir
2006-12-30 14:46 2456 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Movies\MoviesOptions.xml.vir
2006-12-30 14:46 2968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup.vir
2006-12-30 14:46 2968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.vir
2006-12-30 14:46 2968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup.vir
2006-12-30 14:46 2968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.vir
2006-12-30 14:46 3016 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Games\GamesOptions.xml.backup.vir
2006-12-30 14:46 3016 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Games\GamesOptions.xml.vir
2006-12-30 14:46 3016 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Games\GamesOptions.xml.backup.vir
2006-12-30 14:46 3016 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Games\GamesOptions.xml.vir
2006-12-30 14:46 368 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Movies\images\active\Movies0.bmp.vir
2006-12-30 14:46 368 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Movies\images\active\Movies0.bmp.vir
2006-12-30 14:46 500 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp.vir
2006-12-30 14:46 500 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp.vir
2006-12-30 14:46 568 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application

Data\Starware337\Games\images\active\Games0.bmp.vir
2006-12-30 14:46 568 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\Starware337\Games\images\active\Games0.bmp.vir
2007-01-18 17:32 32130 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\U04AE51B6.exe.vir
2007-02-19 17:09 3696 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup.vir
2007-02-19 17:09 3696 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.vir
2007-02-19 17:09 85832 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml.vir
2007-02-26 17:49 1048 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Movies\MoviesOptions.xml.backup.vir
2007-02-26 17:49 1048 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Movies\MoviesOptions.xml.vir
2007-02-26 17:49 112 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Weather\AlertArchive.xml.vir
2007-02-26 17:49 1176 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Manager\ManagerOptions.xml.backup.vir
2007-02-26 17:49 1176 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Manager\ManagerOptions.xml.vir
2007-02-26 17:49 1400 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Games\GamesOptions.xml.backup.vir
2007-02-26 17:49 1400 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Games\GamesOptions.xml.vir
2007-02-26 17:49 14360 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Weather\WeatherOptions.xml.backup.vir
2007-02-26 17:49 14360 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Weather\WeatherOptions.xml.vir
2007-02-26 17:49 1488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup.vir
2007-02-26 17:49 1488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.vir
2007-02-26 17:49 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup.vir
2007-02-26 17:49 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.vir
2007-02-26 17:49 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup.vir
2007-02-26 17:49 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.vir
2007-02-26 17:49 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup.vir
2007-02-26 17:49 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.vir
2007-02-26 17:49 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup.vir
2007-02-26 17:49 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.vir
2007-02-26 17:49 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup.vir
2007-02-26 17:49 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.vir
2007-02-26 17:49 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Layouts\ToolbarLayout.xml.backup.vir
2007-02-26 17:49 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Layouts\ToolbarLayout.xml.vir
2007-02-26 17:49 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.backup.vir
2007-02-26 17:49 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.vir
2007-02-26 17:49 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup.vir
2007-02-26 17:49 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.vir
2007-02-26 17:49 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Reference\ReferenceOptions.xml.backup.vir
2007-02-26 17:49 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Reference\ReferenceOptions.xml.vir
2007-02-26 17:49 4992 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Recipes\RecipesOptions.xml.backup.vir
2007-02-26 17:49 4992 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Recipes\RecipesOptions.xml.vir
2007-02-26 17:49 6984 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup.vir
2007-02-26 17:49 6984 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.vir
2007-02-26 17:49 7648 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup.vir
2007-02-26 17:49 7648 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.vir
2007-02-26 17:49 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.backup.vir
2007-02-26 17:49 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Barbara.WARRENBRACKMANN\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.vir
2007-02-26 17:50 1824 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup.vir
2007-02-26 17:50 1824 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application

Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.vir
2007-02-26 17:53 1048 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Movies\MoviesOptions.xml.backup.vir
2007-02-26 17:53 1048 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Movies\MoviesOptions.xml.vir
2007-02-26 17:53 112 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Weather\AlertArchive.xml.vir
2007-02-26 17:53 1176 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Manager\ManagerOptions.xml.backup.vir
2007-02-26 17:53 1176 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Manager\ManagerOptions.xml.vir
2007-02-26 17:53 1400 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Games\GamesOptions.xml.backup.vir
2007-02-26 17:53 1400 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Games\GamesOptions.xml.vir
2007-02-26 17:53 14360 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Weather\WeatherOptions.xml.backup.vir
2007-02-26 17:53 14360 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Weather\WeatherOptions.xml.vir
2007-02-26 17:53 1488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup.vir
2007-02-26 17:53 1488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.vir
2007-02-26 17:53 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup.vir
2007-02-26 17:53 2552 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\TravelSearch\TravelSearchOptions.xml.vir
2007-02-26 17:53 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup.vir
2007-02-26 17:53 2816 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.vir
2007-02-26 17:53 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup.vir
2007-02-26 17:53 3024 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\SearchMatch\SearchMatchOptions.xml.vir
2007-02-26 17:53 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup.vir
2007-02-26 17:53 3104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.vir
2007-02-26 17:53 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup.vir
2007-02-26 17:53 3224 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.vir
2007-02-26 17:53 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Layouts\ToolbarLayout.xml.backup.vir
2007-02-26 17:53 3528 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Layouts\ToolbarLayout.xml.vir
2007-02-26 17:53 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.backup.vir
2007-02-26 17:53 4240 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\BrowserSearch\BrowserSearch.xml.vir
2007-02-26 17:53 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup.vir
2007-02-26 17:53 4272 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.vir
2007-02-26 17:53 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Reference\ReferenceOptions.xml.backup.vir
2007-02-26 17:53 4440 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Reference\ReferenceOptions.xml.vir
2007-02-26 17:53 4992 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Recipes\RecipesOptions.xml.backup.vir
2007-02-26 17:53 4992 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Recipes\RecipesOptions.xml.vir
2007-02-26 17:53 6984 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup.vir
2007-02-26 17:53 6984 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.vir
2007-02-26 17:53 7648 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup.vir
2007-02-26 17:53 7648 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.vir
2007-02-26 17:53 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.backup.vir
2007-02-26 17:53 944 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Marilyn.WARRENBRACKMANN\Application

Data\Starware337\Toolbar\TBProductsOptions.xml.vir
2007-04-11 18:23 84 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application Data\SpamBlocker\MarilynsEmailBoxes.vir
2007-04-11 18:23 84 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\SpamBlocker\MarilynsEmailBoxes.vir
2007-04-11 21:06 56 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Application Data\SpamBlocker\WarrensEmailBoxes.vir
2007-04-11 21:06 56 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Warren.WARRENBRACKMANN\Application

Data\SpamBlocker\WarrensEmailBoxes.vir
2007-09-20 16:05 505302 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
2007-12-05 12:25 16 --a------ C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2007-12-05 12:26 1024 --a------ C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search2.vir
2008-02-24 21:14 87608 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\inst.exe.vir
2008-04-09 14:43 278 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Favorites\Error Cleaner.url.vir
2008-04-09 14:43 278 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Favorites\Privacy Protector.url.vir
2008-04-09 14:43 278 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\General Users\Favorites\Spyware&Malware Protection.url.vir
2008-04-09 19:49 1304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\index.htm.vir
2008-04-09 19:49 14916 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\down.gif.vir
2008-04-09 19:49 23870 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\capt.gif.vir
2008-04-09 19:49 43 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\spacer.gif.vir
2008-04-09 19:49 45418 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\danger.jpg.vir
2008-04-12 21:54 18250 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rs.txt.vir
2008-06-18 08:31 54 --a------ C:\Qoobox\Quarantine\catchme.log

%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&#&%$%$%$%$%$%$%$%$%#%#%#%#%#%#%#%#%#%####&#&#&#&#&&&&#&#&#&#&#&&#&#&#&#&#&

HijackThis.log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:14 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\My Documents\ProgramEXEs_020808\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ps2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RECGUARD] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements

5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security

Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 9901 bytes

#15 bummed_in_southGA

bummed_in_southGA
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 24 June 2008 - 08:58 AM

Hi teacup,
Just wondering what you might have seen in my last log files that would cause pressing CTRL-ALT-DEL (to call up the Task Manager) to send up an error window that says "Task Manager has been disabled by your administrator."

Thanks,
Warren




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users