Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Problems


  • This topic is locked This topic is locked
18 replies to this topic

#1 Amedeus

Amedeus

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 July 2008 - 10:34 PM

My computer seems to be having random problems. I posted a log sometime ago and we worked through what I thought was a minor problem, but since then it's gotten worse so I guess it isn't totally gone. It really all depends on start-up. When I start my computer now, sometimes it works fine, but more often it has some random problem with itself. Like errors when loading web pages that shouldn't happen or my Internet just closing itself for no reason. Today it wasn't able to find my memory card and USB slots until I restarted a few times. So yeah. That.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:04 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\HP\KBD\KBD.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\divxsm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12187 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 09 July 2008 - 11:44 AM

Hi,

Welcome to Bleeping Computer HijackThis forum. I am farbar. I am going to assist you with your problem.
Our apology for the delay in response we get overwhelmed at times but we are trying our best to keep up.
Please give me some time to look it over and I will get back to you as soon as possible. If it took some time to get back to you please be patient.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 10 July 2008 - 02:04 AM

Hello again Amedeus,

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore decide and let me know which one you want to keep Symantec or McAfee. The other one should be removed with a removal tool.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • Please download Deckard's System Scanner (DSS) and save to your Desktop.
    alternate download site

    DSS will do the following:
    • Create a new System Restore point in Windows XP and Vista.
    • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
    • Check some important areas of your system and produce a report for an analyst to review.
    • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
    You must be logged onto an account with administrator privileges when using.
    • Close all applications and windows.
    • Double-click on dss.exe to run it and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not
      malicious.
    • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



#4 Amedeus

Amedeus
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 11 July 2008 - 12:37 PM

Hey, thanks for helping me. Alright, I thought Symantec was already removed, so I guess I want to remove that one.

In the meantime, I should probably say my computer's gotten a little worse in the past week. I can't open Internet Explorer anymore, as McAfee tells me it's going to have a buffer overflow and mess things up. And it's been running a bit slower than usual.

Kaspersky Report:

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 00:27:25
Records in database: 937938
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
Scan statistics
Files scanned 304204
Threat name 45
Infected objects 262
Suspicious objects 2
Duration of the scan 06:31:11

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14CE44FF.par Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\22\53368ad6-146fb9fa Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6ec0616d Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-463fc2bf Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-445502d0 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-502064fb-387e1137.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-28b927af.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-32fe21ef.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-7da7d860.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Adventure Game Studio 3.0\unins000.exe Infected: Trojan-Downloader.Win32.Agent.vur 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1
C:\WINDOWS\system32\fontvieww.exe Infected: Trojan-Downloader.Win32.Mutant.aag 1
C:\WINDOWS\system32\iehlpr32.dll Infected: Trojan-Downloader.Win32.Agent.utd 1
D:\I386\APPS\APP23880\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP23880\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\005F25AC.dll Infected: Trojan-PSW.Win32.Sinowal.bg 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00624FA9.htm Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006579A5.dll Infected: Trojan-PSW.Win32.Sinowal.bg 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006579A5.htm Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006579A5.txt Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006579A5.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006923A1.exe Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006923A1.htm Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006923A1.txt Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006923A1.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006C4D9E.exe Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006C4D9E.txt Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006C4D9E.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006F779A.exe Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00722197.exe Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00722197.htm Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00722197.txt Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00764B93.exe Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0079758F.exe Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0079758F.htm Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0079758F.txt Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007C1F8C.htm Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007C1F8C.txt Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007F4988.htm Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007F4988.txt Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00837385.htm Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00837385.txt Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\014942EE.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01863489.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01AB0AFD.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02863F2F.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\038D3016.exe Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03A07818.cla Infected: Trojan-Downloader.Java.OpenConnection.aj 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03A64C11.cla Infected: Trojan-Downloader.Java.OpenConnection.aj 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03C227D3.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03F9765A.zip Infected: Trojan-Downloader.Win32.Small.bvv 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03F9765A.zip Infected: Trojan-Downloader.Win32.Small.cbp 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05B93287.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06446712.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06920192.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06952B8E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06AB557D.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06C55C83.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06FB44D0.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07AA5787.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07AB1C5D.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07AC41C5.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07F90C07.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\080633F8.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08B60F36.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08F2285E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\093D6AE2.cla Infected: Trojan.Java.ClassLoader.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A141410.exe Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A3514BB.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A38698E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B3A07E2.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B78259E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8A1FE2.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9A14EE.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDF06A3.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D037DEB.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D411BA7.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E58086E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FF008AC.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10893E04.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\116A6DBF.dll Infected: Trojan-Downloader.Win32.Zlob.tj 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D90144.exe Infected: Trojan-Downloader.Win32.Small.cxq 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D90144.xpn Infected: Trojan.Win32.Agent.qe 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12074D12.xpn Infected: Trojan.Win32.Agent.qe 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\126A0590.exe Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\140936C7.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\141D0941.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1728298A.dll Infected: Trojan-Downloader.Win32.Zlob.anu 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18BC2199.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19E9384F.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AEB2D33.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B622EB1.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B7E0E91.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C116FEF.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C2715D6.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C8F7C89.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9D7D55.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DCD3E07.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DFA418F.exe Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E2B7F9E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E594B6C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EEC2CCA.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F4D3F84.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F68319C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FC47FDD.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20266B71.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20975019.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\221925AC.zip Infected: Trojan.Java.ClassLoader.c 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\221925AC.zip Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\221925AC.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\221925AC.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230E503E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\236C52BC.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.c 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EE6C2E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\255301BE.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29744C58.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\298B7D8D.exe Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ABB32F0.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AC16B15.cla Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BE72FBA.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D9E1C9E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DC7762B.exe Infected: P2P-Worm.Win32.Krepper.c 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E157653.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EDD0735.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F1550F8.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F187AF4.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FF62200.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304F37A8.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31710823.exe Infected: Trojan.Win32.VB.aad 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32C908EF.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338B5CD4.exe Infected: not-virus:Hoax.Win32.Renos.fh 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\339804C6.exe Infected: not-virus:Hoax.Win32.Renos.fh 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\351B398C.htm Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\351B398C.txt Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355C4F08.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36126B0A.htm Infected: Trojan-Downloader.JS.Inor.a 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36B94FB6.zip Infected: Trojan.Java.ClassLoader.c 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36B94FB6.zip Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36B94FB6.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36B94FB6.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A7D3F43.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C254CDC.exe Infected: Backdoor.Win32.IRCBot.dd 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D1634BD.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FF723D9.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFE77D2.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40757950.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A3451E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40DE38DD.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4146786A.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41C233E2.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41CF01A9.tmp Infected: Trojan-Downloader.Java.OpenConnection.aj 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41D655A2.tmp Infected: Trojan-Downloader.Java.OpenConnection.aj 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41E9518C.tmp Infected: Trojan.Java.ClassLoader.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42627C0C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42B41963.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\431F7F3C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43556272.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43574CB0.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43816E81.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43EB5007.exe Infected: Trojan-Downloader.Win32.Zlob.anu 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\440153F5.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4540749E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B64A63.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\462A4B54.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46E17A8B.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\478E2BCC.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47C24B93.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4897271F.xpn Infected: Trojan.Win32.Agent.qe 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49CC0954.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A01291A.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AB42E55.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AE036B3.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AEF2214.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B934C04.exe Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C271D4C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CA22791.exe Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EAA6C88.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F2B156B.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52EB5DD3.exe Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\536F700F.exe Infected: Trojan-Clicker.Win32.Costrat.l 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57450750.dll Infected: Trojan-Downloader.Win32.Zlob.aot 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5832638F.exe Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58D14239.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59054048.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59714B88.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598B1B6C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\598F4568.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AEB3030.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AF52E25.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B377DA9.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B680D5F.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B8C5B38.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC424FA.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BDA4246.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BFA6622.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CD22019.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D2439BF.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E192869.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E6060F7.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F135263.exe Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60435A9B.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\605805F0.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60904FB3.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\611A19AA.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\615F0B5E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62CD69CC.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C21F8E.exe Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63CF5AEB.exe Infected: Trojan-Proxy.Win32.Agent.ln 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63FB43F0.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65CC1833.exe Infected: Trojan-Downloader.Win32.Zlob.tw 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\682460C5.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69F42AC7.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A7D0E30.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BCA48C1.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DE059A1.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DF02B8F.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2C608A.exe Infected: Trojan-PSW.Win32.Sinowal.bg 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBA34F9.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F535B8D.htm Infected: Trojan-Downloader.Win32.CWS.ae 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA94C10.cla Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA94C10.htm Infected: Trojan-Downloader.JS.Agent.eg 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FAC760C.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FAF2009.cla Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70894914.cla Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70F22D0E.exe Infected: not-virus:Hoax.Win32.Renos.fh 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72AE592D.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74982684.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74992D69.exe Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74A36CFF.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\753B265E.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7710380C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77517FC4.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79505552.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79B56AE3.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79E520EE.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79E90AA9.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AB82F7B.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AD12FAA.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE3178B.txt Infected: Trojan-Downloader.Win32.Small.wnf 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B446D2C.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BB97F65.exe Infected: Trojan-Proxy.Win32.Small.bo 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C3802FC.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D291D56.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB52895.zip Infected: Trojan.Java.ClassLoader.c 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB52895.zip Infected: Exploit.Java.ByteVerify 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB52895.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EB52895.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EC425DA.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F4A7B2B.zip Infected: Exploit.Java.ByteVerify 2
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F4A7B2B.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
L:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FDA3860.htm Infected: Exploit.HTML.Mht 1
L:\Documents and Settings\Nick\.housecall\Quarantine\00123246.dll.bac_a01036 Infected: not-a-virus:AdTool.Win32.WhenU.i 1
L:\Documents and Settings\Nick\.housecall\Quarantine\00123247.exe.bac_a01036 Infected: not-a-virus:AdTool.Win32.WhenU.g 1
L:\Documents and Settings\Nick\.housecall\Quarantine\axdlplug.dll.bac_a01036 Infected: not-a-virus:AdWare.Win32.PluginDL.a 1
L:\Documents and Settings\Nick\.housecall\Quarantine\jrl.jar-eea61fb-2a66a206.zip.bac_a00832 Infected: Exploit.Java.ByteVerify 2
L:\Documents and Settings\Nick\Local Settings\Application Data\Identities\{80D2CE60-0BDF-4F69-9B5F-574CFD3DE1EA}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.JS.Yamanner.a 2
L:\WINDOWS\eMusicSetup.exe Infected: not-a-virus:AdWare.Win32.Emusic.c 1
The selected area was scanned.



main.txt:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-11 13:17:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-07-11 17:18:00 UTC - RP544 - Deckard's System Scanner Restore Point
37: 2008-07-11 13:28:21 UTC - RP543 - System Checkpoint
36: 2008-07-10 05:10:24 UTC - RP542 - Software Distribution Service 3.0
35: 2008-07-09 23:55:29 UTC - RP541 - System Checkpoint
34: 2008-07-08 23:50:57 UTC - RP540 - System Checkpoint


-- First Restore Point --
1: 2008-06-03 20:03:41 UTC - RP507 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 20.3 GiB (less than 15%) free.


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:50 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12180 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080531-215516-141 O2 - BHO: (no name) - {C2FCC2C1-C122-4481-9B32-FBDA17FF848F} - C:\WINDOWS\system32\asferrorj.dll
backup-20080531-215516-361 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080531-215516-975 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080531-215517-451 O4 - Startup: PowerReg Scheduler.exe
backup-20080531-215517-860 O2 - BHO: (no name) - {C4A451B2-1970-4D71-8BFA-252EE42A0FAA} - C:\WINDOWS\system32\asferrorj.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 AIRPLUS (D-Link AirPlus Wireless Adapter) - c:\windows\system32\drivers\airplus.sys <Not Verified; D-Link; D-Link AirPlus 22M Wireless LAN Adapter>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 catchme - c:\docume~1\hp_adm~1\locals~1\temp\catchme.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-01 01:00:30 374 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-06-15 01:08:18 372 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 00:21:28 0 d-------- C:\Logs
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-08 17:45:30 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 15:56:36 0 d-------- C:\Program Files\Common
2008-07-06 21:07:02 0 d-------- C:\Program Files\PSOBBSS
2008-07-04 02:06:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE Creature Creator
2008-07-03 03:28:49 0 d-------- C:\Program Files\Electronic Arts
2008-07-03 03:28:42 0 d-------- C:\ProgramData
2008-06-23 20:19:56 6680 --a------ C:\WINDOWS\system32\iehlpr32.dll
2008-06-22 15:57:13 658 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-12 04:26:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-11 01:11:03 4096 --a------ C:\WINDOWS\d3dx.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-10 05:52:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files
2008-07-03 04:15:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 03:13:26 0 d-------- C:\Program Files\DriftCity
2008-06-07 23:48:53 0 d-------- C:\Program Files\RADVideo
2008-06-06 23:47:56 0 d-------- C:\Program Files\DivX
2008-06-04 09:21:48 512 --a------ C:\drmHeader.bin
2008-06-02 05:44:41 0 d-------- C:\Program Files\Sun
2008-06-02 05:44:11 0 d-------- C:\Program Files\Java
2008-06-02 05:29:34 0 d-------- C:\Program Files\Viewpoint
2008-05-31 22:04:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-05-31 22:04:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 22:03:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 05:07:53 0 d-------- C:\Program Files\Trend Micro
2008-05-25 05:51:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-20 03:00:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 18:37:24 532 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
07/08/2008 03:56 PM 118796 --a------ C:\Program Files\Common\helper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"ftutil2"="ftutil2.dll" [06/07/2004 05:05 PM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 11:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 06:50 PM]
"nwiz"="nwiz.exe" [05/09/2006 06:50 PM C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [04/13/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 05:23 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 07:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/07/2007 01:38 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/06/2008 10:37 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2007 03:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"CinemaNowMediaManagerApp"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Registration Myst V [1/3/2007 1:20:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [1/2/2007 10:18:37 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
AutoRun\command- N:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1c31d30-5101-11dc-91e3-806d6172696f}]
AutoRun\command- E:\Installer.exe




-- End of Deckard's System Scanner: finished at 2008-07-11 13:20:26 ------------




extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 958.48 MiB / 504.87 MiB
Pagefile Memory (total/avail): 2312.33 MiB / 1786.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.78 MiB

C: is Fixed (NTFS) - 177.45 GiB total, 20.3 GiB free.
D: is Fixed (FAT32) - 8.84 GiB total, 0.55 GiB free.
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 111.79 GiB total, 0.97 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (CDFS)
L: is Fixed (NTFS) - 74.52 GiB total, 1.46 GiB free.
M: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.

\\.\PHYSICALDRIVE1 - ST3120026A - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - F:

\\.\PHYSICALDRIVE2 - ST3200820AS - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 177.45 GiB - C:
\PARTITION1 - Unknown - 8.85 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00FSA0 - 74.53 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 74.53 GiB - L: - M:

\\.\PHYSICALDRIVE3 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE6 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE5 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE4 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"F:\\My Documents\\utorrent.exe"="F:\\My Documents\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"="C:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NICK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\NICK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=NICK
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
MCX1
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> MsiExec /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adventure Game Studio 3.0 --> "C:\Program Files\Adventure Game Studio 3.0\unins000.exe"
AGEIA PhysX v7.07.24 --> MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Arty Flash Ripper 1.31 --> "C:\Program Files\Softdigger\FlashRipper\unins000.exe"
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Civilization III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Collectorz.com Game Collector --> C:\PROGRA~1\COLLEC~1.COM\GAMECO~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\GAMECO~1\install.log
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
D-Fend v2 --> "C:\Program Files\D-Fend\uninstall.exe"
D-Link AirPlus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Gunbound Revolution --> "C:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Board Games --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HCBG2\Uninst.isu
Hoyle Casino 4 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CASINO4\Uninst.isu
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Inform 7 --> "C:\Program Files\Inform 7\Uninstall.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LucasArts' Curse of Monkey Island --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Curse\DeIsL1.isu"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manhunt --> MsiExec.exe /X{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Media Center Extender --> c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 60 days trial --> c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
MyHeritage Family Tree Builder --> C:\Program Files\MyHeritage\Bin\Uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PSOBB 1.1 --> "C:\Program Files\PSOBBSS\unins000.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
realMYST Interactive 3D Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Interactive\realMYST Interactive 3D Edition\Uninst.isu"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
ScummVM 0.9.1 --> "C:\Program Files\ScummVM\unins000.exe"
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shareaza version 2.2.3.0 --> "F:\Shareaza\Uninstall\unins000.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Silent Hill --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Silent Hill\irunin.ini"
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Space Quest Collection™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9354DD0-C69A-469A-8A48-B9AA15A74174}\setup.exe" -l0x9 -removeonly
SPORE™ Creature Creator --> "C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Swiff Player 1.1 --> "C:\Program Files\GlobFX Technologies\Swiff Player\unins000.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Voyage Century Online 1.21 --> "C:\Program Files\Voyage Century Online\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type16349 / Error
Event Submitted/Written: 07/10/2008 11:32:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type16348 / Error
Event Submitted/Written: 07/10/2008 10:42:00 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126906962.

Event Record #/Type16347 / Error
Event Submitted/Written: 07/10/2008 10:41:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msimn.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type16346 / Error
Event Submitted/Written: 07/10/2008 10:41:19 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 00733296.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type16345 / Error
Event Submitted/Written: 07/10/2008 10:41:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38545 / Warning
Event Submitted/Written: 07/11/2008 05:29:01 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38542 / Warning
Event Submitted/Written: 07/11/2008 05:28:57 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38541 / Warning
Event Submitted/Written: 07/11/2008 05:28:49 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38530 / Error
Event Submitted/Written: 07/11/2008 04:41:17 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type38523 / Warning
Event Submitted/Written: 07/11/2008 04:40:41 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-11 13:20:26 ------------

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 12 July 2008 - 03:52 AM

Hi Amedeus,
  • One or more of the identified infections is a backdoor trojan.

    A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    When Should I Format, How Should I Reinstall

    We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to remove the infection please go on with the following steps.


    Removal Instructions

  • Some of the e-mails in Outlook Express are infected. Open Outlook Express. Delete all the items in Inbox folder without opening them. Then go to Deleted Items folder and delete all the items without opening them. Inform the people in your Addresses not to open your e-mails as they might get infected.

  • To remove Norton please download and run the Norton Removal Tool.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
    How to see hidden files in Windows

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the folder in bold (if present):

    L:\Documents and Settings\All Users\Application Data\Symantec

  • Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • Click Exit on the Main menu to close the program.

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please copy and paste to your reply:
    • The log of MBAM.
    • A fresh DSS log.


#6 Amedeus

Amedeus
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 15 July 2008 - 10:50 PM

MBAM:

Malwarebytes' Anti-Malware 1.20
Database version: 957
Windows 5.1.2600 Service Pack 2

11:32:17 PM 7/15/2008
mbam-log-7-15-2008 (23-32-17).txt

Scan type: Quick Scan
Objects scanned: 45862
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DSS:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-15 23:33:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.27 GiB (less than 15%) free.


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:40 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\divxsm.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11263 bytes

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-12 01:51:16 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-07-12 01:08:42 0 d-------- C:\Program Files\Postal2STP
2008-07-11 00:21:28 0 d-------- C:\Logs
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-08 17:45:30 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 15:56:36 0 d-------- C:\Program Files\Common
2008-07-06 21:07:02 0 d-------- C:\Program Files\PSOBBSS
2008-07-04 02:06:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE Creature Creator
2008-07-03 03:28:49 0 d-------- C:\Program Files\Electronic Arts
2008-07-03 03:28:42 0 d-------- C:\ProgramData
2008-06-23 20:19:56 6680 --a------ C:\WINDOWS\system32\iehlpr32.dll
2008-06-22 15:57:13 658 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg


-- Find3M Report ---------------------------------------------------------------

2008-07-15 22:48:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 22:39:54 0 d-------- C:\Program Files\McAfee
2008-07-15 22:30:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 15:16:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files
2008-07-03 04:15:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 03:13:26 0 d-------- C:\Program Files\DriftCity
2008-06-11 01:11:03 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-07 23:48:53 0 d-------- C:\Program Files\RADVideo
2008-06-06 23:47:56 0 d-------- C:\Program Files\DivX
2008-06-04 09:21:48 512 --a------ C:\drmHeader.bin
2008-06-02 05:44:41 0 d-------- C:\Program Files\Sun
2008-06-02 05:44:11 0 d-------- C:\Program Files\Java
2008-06-02 05:29:34 0 d-------- C:\Program Files\Viewpoint
2008-05-31 22:04:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-05-31 22:03:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 05:07:53 0 d-------- C:\Program Files\Trend Micro
2008-05-25 05:51:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-20 03:00:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 18:37:24 532 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"ftutil2"="ftutil2.dll" [06/07/2004 05:05 PM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 11:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 06:50 PM]
"nwiz"="nwiz.exe" [05/09/2006 06:50 PM C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [04/13/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 05:23 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 07:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/07/2007 01:38 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/06/2008 10:37 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2007 03:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"CinemaNowMediaManagerApp"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Registration Myst V [1/3/2007 1:20:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [1/2/2007 10:18:37 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
AutoRun\command- N:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1c31d30-5101-11dc-91e3-806d6172696f}]
AutoRun\command- E:\Installer.exe




-- End of Deckard's System Scanner: finished at 2008-07-15 23:34:08 ------------

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 16 July 2008 - 01:14 PM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Removal Instructions

Please refrain from any system changes as log as we are not finished with cleaning procedure
  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program now.
    Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:
    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Also remove the folder in bold (if present): C:\Program Files\Viewpoint\

  • eMusic is a program related to adware/spyware. More information: http://www.bleepingcomputer.com

    Remove the file in bold: L:\WINDOWS\eMusicSetup.exe

  • Your log shows that PeoplePC was installed on your computer, but it is not listed on Add/Remove programs. PeoplePC is an Internet Service Provider (ISP) which is associated with adware/spyware. More information:http://www.bleepingcomputer.com/uninstall/...ePC-Online.html
    If PeoplePC is not your ISP please remove the following folder:

    C:\Program Files\Online Services\PeoplePC\

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows

  • Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.
  • Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the file(s) and folder(s) in bold (if present):

    C:\WINDOWS\system32\iehlpr32.dll
    C:\WINDOWS\system32\fontvieww.exe

  • Click on this link--> virustotal

    Click the browse button and navigate to the file below in bold, then click Send File.

    C:\Program Files\Adventure Game Studio 3.0\unins000.exe

  • Please copy and paste to your reply:
    • A fresh DSS log.
Please tell me how is your PC running now.

Edited by farbar, 16 July 2008 - 01:34 PM.


#8 Amedeus

Amedeus
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 17 July 2008 - 01:28 AM

I did download Limewire, but I never could get it to actually connect anyways. It always said there was a firewall it couldn't get past, so I left it alone from there.

Both times I went into Program Files, Windows Explorer itself stopped working and sent an error report. I switched the view from Thumbnail to Details, and it worked fine after that. So I'm guessing there's some picture in there that, when loaded or when attempting to load it, causes Windows Explorer to crash.

Also, after I fixed the O18 problem, I scanned again on a whim and it was still there. I tried this a couple times, and it still didn't go away. I'm guessing this isn't natural?

As for my computer itself, it hasn't acted up yet. Although I have made the mistake of saying that it's better before, only to have it break down on me again a week later. McAfee will let me open Internet Explorer again, so something's working better. I'll probably keep using Firefox for awhile though anyways, just in case. The computer appears fine at the moment. I'll have to wait and see if McAfee finds another bad file tomorrow morning like it did the last two, though. But the computer's definitely working better, so we know something's helped - thanks for that, by the way.


DSS:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-17 02:08:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.12 GiB (less than 15%) free.


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:09 AM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11123 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 01:52:54 0 d-------- C:\WINDOWS\CSC
2008-07-12 01:51:16 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-07-12 01:08:42 0 d-------- C:\Program Files\Postal2STP
2008-07-11 00:21:28 0 d-------- C:\Logs
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-08 17:45:30 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 15:56:36 0 d-------- C:\Program Files\Common
2008-07-06 21:07:02 0 d-------- C:\Program Files\PSOBBSS
2008-07-04 02:06:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE Creature Creator
2008-07-03 03:28:49 0 d-------- C:\Program Files\Electronic Arts
2008-07-03 03:28:42 0 d-------- C:\ProgramData
2008-06-22 15:57:13 658 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg


-- Find3M Report ---------------------------------------------------------------

2008-07-17 01:38:48 0 d-------- C:\Program Files\Online Services
2008-07-17 01:26:40 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-07-16 05:21:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-07-16 04:12:29 0 d-------- C:\Program Files\McAfee
2008-07-15 22:48:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 22:30:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files
2008-07-03 04:15:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 03:13:26 0 d-------- C:\Program Files\DriftCity
2008-06-11 01:11:03 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-07 23:48:53 0 d-------- C:\Program Files\RADVideo
2008-06-06 23:47:56 0 d-------- C:\Program Files\DivX
2008-06-04 09:21:48 512 --a------ C:\drmHeader.bin
2008-06-02 05:44:41 0 d-------- C:\Program Files\Sun
2008-06-02 05:44:11 0 d-------- C:\Program Files\Java
2008-05-31 22:04:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-05-31 22:03:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 05:07:53 0 d-------- C:\Program Files\Trend Micro
2008-05-25 05:51:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-20 03:00:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 18:37:24 532 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"ftutil2"="ftutil2.dll" [06/07/2004 05:05 PM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 11:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 06:50 PM]
"nwiz"="nwiz.exe" [05/09/2006 06:50 PM C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [04/13/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 05:23 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 07:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/07/2007 01:38 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/06/2008 10:37 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2007 03:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"CinemaNowMediaManagerApp"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Registration Myst V [1/3/2007 1:20:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [1/2/2007 10:18:37 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1c31d30-5101-11dc-91e3-806d6172696f}]
AutoRun\command- E:\Installer.exe




-- End of Deckard's System Scanner: finished at 2008-07-17 02:08:33 ------------

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 17 July 2008 - 10:01 AM

Hi,
  • Use the F8 method again to enter Safe Mode as you did before.

  • Please open HijackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll

    Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please make sure iehlpr32.dll is removed, both manually and by going to start > Search > select All Files and Folders > select C drive to Search in > Fill in the file name:iehlpr32
    Tell me your findings.

  • Please run Deckard's System Scanner again, this time using these instructions:

    Click the Windows 'Start' button > Select 'Run' - then copy/paste the following into the Run box & click OK.

    "%userprofile%\desktop\dss.exe" /config

    Put checks by these options and uncheck the others:

    System Restore
    Temp Cleanup
    HijackThis
    :thumbsup: Ignored
    :) Fixed
    File Associations
    Drivers
    Services
    Process Modules
    Scheduled Tasks
    Files Created/Modified
    Registry Dump
    Hosts File
    Security Center
    DOS Environment
    Whitelist Output
    Backup Registry Hives
    Event Logs
    Device Manager


    Click Scan!
    When finished, it shall produce a log for you. Copy and paste that log in your next reply.


#10 Amedeus

Amedeus
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 19 July 2008 - 03:53 AM

The search didn't find anything, but the O18 kept coming back again.


DSS:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-19 04:41:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2008-07-19 08:41:16 UTC - RP552 - Deckard's System Scanner Restore Point
45: 2008-07-18 20:08:41 UTC - RP551 - System Checkpoint
44: 2008-07-17 19:54:02 UTC - RP550 - System Checkpoint
43: 2008-07-16 19:42:17 UTC - RP549 - System Checkpoint
42: 2008-07-15 19:16:38 UTC - RP548 - System Checkpoint


-- First Restore Point --
1: 2008-06-03 20:03:41 UTC - RP507 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.18 GiB (less than 15%) free.


-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:25 AM, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11178 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080531-215516-141 O2 - BHO: (no name) - {C2FCC2C1-C122-4481-9B32-FBDA17FF848F} - C:\WINDOWS\system32\asferrorj.dll
backup-20080531-215516-361 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080531-215516-975 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080531-215517-451 O4 - Startup: PowerReg Scheduler.exe
backup-20080531-215517-860 O2 - BHO: (no name) - {C4A451B2-1970-4D71-8BFA-252EE42A0FAA} - C:\WINDOWS\system32\asferrorj.dll
backup-20080717-014808-261 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
backup-20080717-014831-891 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
backup-20080717-014846-698 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
backup-20080717-014905-547 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
backup-20080717-014915-675 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
backup-20080719-042736-208 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll
backup-20080719-042744-539 O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFP - c:\windows\system32\drivers\mpfp.sys <Not Verified; McAfee, Inc.; McAfee Personal Firewall Plus>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 X4HSX32 - c:\program files\gametap\bin\release\x4hsx32.sys <Not Verified; Exent Technologies Ltd.; Exent EXETender® for Win2K>
R3 AIRPLUS (D-Link AirPlus Wireless Adapter) - c:\windows\system32\drivers\airplus.sys <Not Verified; D-Link; D-Link AirPlus 22M Wireless LAN Adapter>
R3 aracpi - c:\windows\system32\drivers\aracpi.sys <Not Verified; Microsoft Corporation; Microsoft AR ACPI Driver>
R3 arkbcfltr (Microsoft PS2 Keyboard Filter) - c:\windows\system32\drivers\arkbcfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR PS/2 Keyboard Filter Driver>
R3 armoucfltr (Microsoft PS2 Mouse Filter) - c:\windows\system32\drivers\armoucfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR PS/2 Mouse Filter Driver>
R3 ARPolicy - c:\windows\system32\drivers\arpolicy.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 HSX_DP - c:\windows\system32\drivers\hsx_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSXHWBS2 - c:\windows\system32\drivers\hsxhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 Ps2 - c:\windows\system32\drivers\ps2.sys <Not Verified; Hewlett-Packard Company; Hewlett-Packard Company PS2 SYS>
R3 winachsx - c:\windows\system32\drivers\hsx_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 arhidfltr (MS Ar HID Filter Driver) - c:\windows\system32\drivers\arhidfltr.sys <Not Verified; Microsoft Corporation; Microsoft AR Human Interface Device Filter Driver>
S3 catchme - c:\docume~1\hp_adm~1\locals~1\temp\catchme.sys (file missing)
S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; LogMeIn, Inc.; Hamachi Virtual Network Interface Driver>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys <Not Verified; Alcohol Soft Co., Ltd.; Alcohol>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ARSVC - c:\windows\arservice.exe <Not Verified; Microsoft; ARSVC Application>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 996)
2004-08-10 07:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 11:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 616960 -----n--- C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 09:09:42 584192 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 55808 -----n--- C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 14:09:29 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 343040 -----n--- C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 597504 -----n--- C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57344 -----n--- C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 17920 -----n--- C:\WINDOWS\system32\nddeapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 27648 -----n--- C:\WINDOWS\system32\profmap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 08:28:27 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 723456 -----n--- C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 23040 -----n--- C:\WINDOWS\system32\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 49664 -----n--- C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 983552 -----n--- C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 144384 -----n--- C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 110080 -----n--- C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22016 -----n--- C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 406528 -----n--- C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2004-08-10 00:00:00 994304 -----n--- C:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 23:34:01 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:58 617472 -----n--- C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 276992 -----n--- C:\WINDOWS\system32\comdlg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 17:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 5120 -----n--- C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 140288 -----n--- C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 126976 -----n--- C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 177152 -----n--- C:\WINDOWS\system32\MSCTFIME.IME <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 09:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 218624 -----n--- C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 101888 -----n--- C:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 92672 --a------ C:\WINDOWS\system32\wlnotify.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 59904 -----n--- C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 152576 -----n--- C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 64000 -----n--- C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 129536 -----n--- C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 08:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 326656 -----n--- C:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 118784 -----n--- C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 10:56:58 23552 --a------ C:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 20480 -----n--- C:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 71680 -----n--- C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 792064 -----n--- C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2007-12-04 14:38:13 550912 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2005-07-26 07:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>

C:\WINDOWS\system32\svchost.exe (pid 1212)
2004-08-10 07:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 11:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 616960 -----n--- C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 09:09:42 584192 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 55808 -----n--- C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 65536 -----n--- C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 1852416 -----n--- C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 343040 -----n--- C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 14:38:13 550912 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-10 00:00:00 71680 -----n--- C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 23:34:01 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 723456 -----n--- C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 218624 -----n--- C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 110080 -----n--- C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22016 -----n--- C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 406528 -----n--- C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:58 617472 -----n--- C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 118784 -----n--- C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 64000 -----n--- C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:49 397824 --a------ C:\WINDOWS\system32\rpcss.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 792064 -----n--- C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 08:28:27 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 129536 -----n--- C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 08:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 126976 -----n--- C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-10 10:49:51 295424 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 11264 -----n--- C:\WINDOWS\system32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 983552 -----n--- C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 597504 -----n--- C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57344 -----n--- C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 144384 -----n--- C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 14:09:29 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 115712 -----n--- C:\WINDOWS\system32\mstlsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 194048 -----n--- C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 143360 -----n--- C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 49664 -----n--- C:\WINDOWS\system32\regapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 152576 -----n--- C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 87176 -----n--- C:\WINDOWS\system32\rdpwsx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1348)
2004-08-10 07:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 11:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 616960 -----n--- C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 09:09:42 584192 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 55808 -----n--- C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 65536 -----n--- C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 1852416 -----n--- C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 343040 -----n--- C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 14:38:13 550912 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-10 00:00:00 71680 -----n--- C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 23:34:01 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 723456 -----n--- C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 218624 -----n--- C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 110080 -----n--- C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22016 -----n--- C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 406528 -----n--- C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:58 617472 -----n--- C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 118784 -----n--- C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 64000 -----n--- C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 17:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 08:28:27 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 08:59:41 111616 -----n--- C:\WINDOWS\system32\dhcpcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-20 13:41:10 148992 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 08:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-22 01:00:18 474624 --a------ C:\WINDOWS\system32\wzcsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 44032 -----n--- C:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 5632 --a------ C:\WINDOWS\system32\wmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 597504 -----n--- C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57344 -----n--- C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-20 18:20:03 1082368 --a------ C:\WINDOWS\system32\esent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 152576 -----n--- C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 112128 -----n--- C:\WINDOWS\system32\rastls.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 512512 -----n--- C:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 144384 -----n--- C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:59 666624 --a------ C:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 87040 -----n--- C:\WINDOWS\system32\mprapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 194048 -----n--- C:\WINDOWS\system32\activeds.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 143360 -----n--- C:\WINDOWS\system32\adsldpc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 983552 -----n--- C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 236544 -----n--- C:\WINDOWS\system32\rasapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 61440 -----n--- C:\WINDOWS\system32\rasman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 181760 -----n--- C:\WINDOWS\system32\tapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-25 10:21:15 144896 -----n--- C:\WINDOWS\system32\schannel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 99328 --a------ C:\WINDOWS\system32\winscard.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 792064 -----n--- C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 69632 -----n--- C:\WINDOWS\system32\raschap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 129536 -----n--- C:\WINDOWS\system32\msv1_0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-22 01:00:18 52736 --a------ C:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 190976 -----n--- C:\WINDOWS\system32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 67072 -----n--- C:\WINDOWS\system32\ntdsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 6656 -----n--- C:\WINDOWS\system32\msidle.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 42496 -----n--- C:\WINDOWS\system32\audiosrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 08:28:27 132096 --a------ C:\WINDOWS\system32\wkssvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 382464 -----n--- C:\WINDOWS\system32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 59904 -----n--- C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 25088 -----n--- C:\WINDOWS\system32\shfolder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-20 13:41:10 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 344064 -----n--- C:\WINDOWS\system32\hnetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 19968 --a------ C:\WINDOWS\system32\wshtcpip.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 60416 -----n--- C:\WINDOWS\system32\cryptsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 194560 -----n--- C:\WINDOWS\system32\certcli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 23552 -----n--- C:\WINDOWS\system32\dmserver.dll <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2004-08-10 00:00:00 23040 -----n--- C:\WINDOWS\system32\ersvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:45 243200 --a------ C:\WINDOWS\system32\es.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 38912 -----n--- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 04:56:44 21504 --a------ C:\WINDOWS\system32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 20992 -----n--- C:\WINDOWS\system32\hid.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-12-07 15:32:34 96768 -----n--- C:\WINDOWS\system32\srvsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-22 14:29:46 197632 --a------ C:\WINDOWS\system32\netman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-22 01:00:18 1705472 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 163840 -----n--- C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 132608 -----n--- C:\WINDOWS\system32\upnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 34816 -----n--- C:\WINDOWS\system32\ssdpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\seclogon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 38912 -----n--- C:\WINDOWS\system32\sens.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 170496 -----n--- C:\WINDOWS\system32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 17408 -----n--- C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-19 09:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 90624 -----n--- C:\WINDOWS\system32\trkwks.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 174592 -----n--- C:\WINDOWS\system32\w32time.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 144896 -----n--- C:\WINDOWS\system32\wbem\wmisvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 430592 -----n--- C:\WINDOWS\system32\vssapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 6656 --a------ C:\WINDOWS\system32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:42 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 59904 -----n--- C:\WINDOWS\system32\cabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 30208 -----n--- C:\WINDOWS\system32\mspatcha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 77312 -----n--- C:\WINDOWS\system32\browser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 331264 -----n--- C:\WINDOWS\system32\ipnathlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-02 14:09:29 56832 --a------ C:\WINDOWS\system32\authz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 5120 -----n--- C:\WINDOWS\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 140288 -----n--- C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 81408 --a------ C:\WINDOWS\system32\wscsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 12:12:23 2854400 --a------ C:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2005-07-26 07:39:44 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-26 07:39:43 60416 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2006-03-01 15:42:42 66560 --a------ C:\WINDOWS\system32\mtxclu.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 22528 --a------ C:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57856 -----n--- C:\WINDOWS\system32\clusapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 58880 -----n--- C:\WINDOWS\system32\resutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 214528 -----n--- C:\WINDOWS\system32\wbem\wbemcomn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 530944 -----n--- C:\WINDOWS\system32\wbem\wbemcore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 247808 -----n--- C:\WINDOWS\system32\wbem\esscli.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 472064 -----n--- C:\WINDOWS\system32\wbem\fastprox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 43520 -----n--- C:\WINDOWS\system32\wbem\wbemsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 95232 -----n--- C:\WINDOWS\system32\wbem\wmiutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 177152 -----n--- C:\WINDOWS\system32\wbem\repdrvfs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 437248 -----n--- C:\WINDOWS\system32\wbem\wmiprvsd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 36352 -----n--- C:\WINDOWS\system32\ncobjapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 273920 -----n--- C:\WINDOWS\system32\wbem\wbemess.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 47104 -----n--- C:\WINDOWS\system32\wbem\ncprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 16896 --a------ C:\WINDOWS\system32\winrnr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-02-28 13:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>
2004-08-10 00:00:00 126976 -----n--- C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 13:37:10 8192 --a------ C:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 657920 -----n--- C:\WINDOWS\system32\rasdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-26 02:08:16 1104896 --a------ C:\WINDOWS\system32\msxml3.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 3.0 SP9>
2007-07-30 19:19:12 43352 --a------ C:\WINDOWS\system32\wups2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 137216 -----n--- C:\WINDOWS\system32\dssenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 622080 -----n--- C:\WINDOWS\system32\netcfgx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:43 625152 --a------ C:\WINDOWS\system32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2005-07-26 07:39:42 225792 --a------ C:\WINDOWS\system32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 22528 -----n--- C:\WINDOWS\system32\mfcsubs.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-21 02:56:58 618496 --a------ C:\WINDOWS\system32\urlmon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 586240 -----n--- C:\WINDOWS\system32\mlang.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 50176 --a------ C:\WINDOWS\system32\xmlprovi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 2036)
2004-08-10 07:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 11:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 616960 -----n--- C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 09:09:42 584192 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 55808 -----n--- C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:54 1024000 --a------ C:\WINDOWS\system32\browseui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 343040 -----n--- C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 14:38:13 550912 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2008-04-21 02:56:58 1499136 --a------ C:\WINDOWS\system32\shdocvw.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 597504 -----n--- C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57344 -----n--- C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 512512 -----n--- C:\WINDOWS\system32\cryptui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 144384 -----n--- C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 08:28:27 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:59 666624 --a------ C:\WINDOWS\system32\wininet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 23:34:01 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 218624 -----n--- C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 65536 -----n--- C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 1852416 -----n--- C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 71680 -----n--- C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 723456 -----n--- C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 110080 -----n--- C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22016 -----n--- C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 406528 -----n--- C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:58 617472 -----n--- C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 177152 -----n--- C:\WINDOWS\system32\MSCTFIME.IME <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 126976 -----n--- C:\WINDOWS\system32\apphelp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 792064 -----n--- C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 326656 -----n--- C:\WINDOWS\system32\cscui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 101888 -----n--- C:\WINDOWS\system32\cscdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 385536 -----n--- C:\WINDOWS\system32\themeui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 4608 -----n--- C:\WINDOWS\system32\msimg32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 101888 -----n--- C:\WINDOWS\system32\actxprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 64000 -----n--- C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 143872 -----n--- C:\WINDOWS\system32\ntshrui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 983552 -----n--- C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-08-31 21:41:53 19968 --a------ C:\WINDOWS\system32\linkinfo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-22 01:00:18 1705472 --a------ C:\WINDOWS\system32\netshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 163840 -----n--- C:\WINDOWS\system32\credui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-05-19 08:59:41 94720 --a------ C:\WINDOWS\system32\iphlpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 44032 -----n--- C:\WINDOWS\system32\rtutils.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 618496 --a------ C:\WINDOWS\system32\urlmon.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 152576 -----n--- C:\WINDOWS\system32\rsaenh.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-18 12:12:23 2854400 --a------ C:\WINDOWS\system32\msi.dll <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2004-08-10 00:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 276480 --a------ C:\WINDOWS\system32\webcheck.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22528 --a------ C:\WINDOWS\system32\wsock32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 121856 -----n--- C:\WINDOWS\system32\stobject.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 28672 -----n--- C:\WINDOWS\system32\batmeter.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 17408 -----n--- C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18432 --a------ C:\WINDOWS\system32\wtsapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-04 10:56:58 23552 --a------ C:\WINDOWS\system32\wdmaud.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 20480 -----n--- C:\WINDOWS\system32\msacm32.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\midimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 63488 -----n--- C:\WINDOWS\system32\browselc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-09-24 06:12:08 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <Not Verified; Adobe Systems Incorporated; AcroIEHelper Library>
2007-10-24 06:51:28 58688 --a------ C:\Program Files\McAfee\VirusScan\scriptsn.dll <Not Verified; McAfee, Inc.; VSCORE.14.0.0.366.x86>
2007-12-18 10:40:58 450560 --a------ C:\WINDOWS\system32\jscript.dll <Not Verified; Microsoft Corporation; Microsoft ® JScript>
2007-12-18 10:40:58 417792 --a------ C:\WINDOWS\system32\vbscript.dll <Not Verified; Microsoft Corporation; Microsoft ® VBScript>
2006-10-19 09:56:32 713216 --a------ C:\WINDOWS\system32\sxs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 304128 -----n--- C:\WINDOWS\system32\duser.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 562176 --a------ C:\WINDOWS\system32\fxsst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 452096 --a------ C:\WINDOWS\system32\fxsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-22 01:00:18 52736 --a------ C:\WINDOWS\system32\wzcsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 118784 -----n--- C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 59904 -----n--- C:\WINDOWS\system32\mpr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 14336 -----n--- C:\WINDOWS\system32\drprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 43520 -----n--- C:\WINDOWS\system32\ntlanman.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 80896 -----n--- C:\WINDOWS\system32\netui0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 245760 -----n--- C:\WINDOWS\system32\netui1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 12288 -----n--- C:\WINDOWS\system32\netrap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 24576 -----n--- C:\WINDOWS\system32\davclnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-22 01:00:18 383488 --a------ C:\WINDOWS\system32\wzcdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 351232 --a------ C:\WINDOWS\system32\winhttp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-17 06:37:04 351744 --a------ C:\WINDOWS\system32\xpsp3res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 13312 -----n--- C:\WINDOWS\system32\msswch.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 549376 -----n--- C:\WINDOWS\system32\shdoclc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1656)
2004-08-10 07:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 11:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 616960 -----n--- C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 09:09:42 584192 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 55808 -----n--- C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 65536 -----n--- C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 1852416 -----n--- C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 343040 -----n--- C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 14:38:13 550912 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-10 00:00:00 71680 -----n--- C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 23:34:01 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 723456 -----n--- C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 218624 -----n--- C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 110080 -----n--- C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22016 -----n--- C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 406528 -----n--- C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:58 617472 -----n--- C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 118784 -----n--- C:\WINDOWS\system32\ntmarta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 172032 --a------ C:\WINDOWS\system32\wldap32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 64000 -----n--- C:\WINDOWS\system32\samlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2004-08-10 00:00:00 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll <Not Verified; Microsoft Corporation; Internet Information Services>
2004-08-10 00:00:00 597504 -----n--- C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57344 -----n--- C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 24576 -----n--- C:\WINDOWS\system32\httpapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 82944 --a------ C:\WINDOWS\system32\ws2_32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 19968 --a------ C:\WINDOWS\system32\ws2help.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 2492)
2004-08-10 07:00:00 708096 -----n--- C:\WINDOWS\system32\ntdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-16 11:52:53 984576 -----n--- C:\WINDOWS\system32\kernel32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 616960 -----n--- C:\WINDOWS\system32\advapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-09 09:09:42 584192 --a------ C:\WINDOWS\system32\rpcrt4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 55808 -----n--- C:\WINDOWS\system32\secur32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 65536 -----n--- C:\WINDOWS\system32\shimeng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 1852416 -----n--- C:\WINDOWS\AppPatch\AcGenral.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 176128 --a------ C:\WINDOWS\system32\winmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:48 1285120 --a------ C:\WINDOWS\system32\ole32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 343040 -----n--- C:\WINDOWS\system32\msvcrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-04 14:38:13 550912 -----n--- C:\WINDOWS\system32\oleaut32.dll <Not Verified; Microsoft Corporation; >
2004-08-10 00:00:00 71680 -----n--- C:\WINDOWS\system32\msacm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 18944 -----n--- C:\WINDOWS\system32\version.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 23:34:01 8460288 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 02:56:58 474112 --a------ C:\WINDOWS\system32\shlwapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 723456 -----n--- C:\WINDOWS\system32\userenv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 218624 -----n--- C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 110080 -----n--- C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 22016 -----n--- C:\WINDOWS\system32\lpk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 406528 -----n--- C:\WINDOWS\system32\usp10.dll <Not Verified; Microsoft Corporation; Microsoft® Uniscribe Unicode script processor>
2006-08-25 11:45:55 1054208 --a------ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-25 11:45:58 617472 -----n--- C:\WINDOWS\system32\comctl32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-12-19 14:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 16896 -----n--- C:\WINDOWS\system32\cfgmgr32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 983552 -----n--- C:\WINDOWS\system32\setupapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-06-29 04:46:00 74240 -----n--- C:\WINDOWS\system32\mscms.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 146432 --a------ C:\WINDOWS\system32\winspool.drv <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 53760 --a------ C:\WINDOWS\system32\winsta.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-08-17 08:28:27 332288 --a------ C:\WINDOWS\system32\netapi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 2897920 --a------ C:\WINDOWS\system32\xpsp2res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-07-26 07:39:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 792064 -----n--- C:\WINDOWS\system32\comres.dll <Not Verified; Microsoft Corporation; COM Services>
2004-08-10 00:00:00 176640 --a------ C:\WINDOWS\system32\wintrust.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 597504 -----n--- C:\WINDOWS\system32\crypt32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 57344 -----n--- C:\WINDOWS\system32\msasn1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 07:00:00 144384 -----n--- C:\WINDOWS\system32\imagehlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-08-10 00:00:00 101888 -----n--- C:\WINDOWS\system32\actxprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 01:37:58 372 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-01 01:00:30 374 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-17 01:52:54 0 d-------- C:\WINDOWS\CSC
2008-07-12 01:51:16 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-07-12 01:08:42 0 d-------- C:\Program Files\Postal2STP
2008-07-11 00:21:28 0 d-------- C:\Logs
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-08 17:45:30 0 d-------- C:\Program Files\World of Warcraft
2008-07-08 15:56:36 0 d-------- C:\Program Files\Common
2008-07-06 21:07:02 0 d-------- C:\Program Files\PSOBBSS
2008-07-04 02:06:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE Creature Creator
2008-07-03 03:28:49 0 d-------- C:\Program Files\Electronic Arts
2008-07-03 03:28:42 0 d-------- C:\ProgramData
2008-06-22 15:57:13 658 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg


-- Find3M Report ---------------------------------------------------------------

2008-07-19 04:22:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-07-17 01:38:48 0 d-------- C:\Program Files\Online Services
2008-07-17 01:26:40 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-07-16 04:12:29 0 d-------- C:\Program Files\McAfee
2008-07-15 22:48:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 22:30:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-08 17:45:33 0 d-------- C:\Program Files\Common Files
2008-07-03 04:15:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-27 03:13:26 0 d-------- C:\Program Files\DriftCity
2008-06-22 16:01:47 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-06-20 13:41:10 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 01:11:03 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-07 23:48:53 0 d-------- C:\Program Files\RADVideo
2008-06-06 23:47:56 0 d-------- C:\Program Files\DivX
2008-06-04 09:21:48 512 --a------ C:\drmHeader.bin
2008-06-02 05:44:41 0 d-------- C:\Program Files\Sun
2008-06-02 05:44:11 0 d-------- C:\Program Files\Java
2008-05-31 22:04:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-05-31 22:03:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 05:07:53 0 d-------- C:\Program Files\Trend Micro
2008-05-25 05:51:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:19:12 161096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe <Not Verified; DivX, Inc.; DivX Codec Version Checker>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-20 03:00:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-07 00:55:40 1288192 --a------ C:\WINDOWS\system32\quartz.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"ftutil2"="ftutil2.dll" [06/07/2004 05:05 PM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 11:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 06:50 PM]
"nwiz"="nwiz.exe" [05/09/2006 06:50 PM C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [04/13/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 05:23 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 07:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/07/2007 01:38 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/06/2008 10:37 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2007 03:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"CinemaNowMediaManagerApp"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Registration Myst V [1/3/2007 1:20:02 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [1/2/2007 10:18:37 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1c31d30-5101-11dc-91e3-806d6172696f}]
AutoRun\command- E:\Installer.exe




-- End of Deckard's System Scanner: finished at 2008-07-19 04:42:55 ------------



Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"F:\\My Documents\\utorrent.exe"="F:\\My Documents\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"="C:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NICK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\NICK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=NICK
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- Application Event Log -------------------------------------------------------

Event Record #/Type16517 / Error
Event Submitted/Written: 07/17/2008 01:40:29 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 00733296.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type16516 / Error
Event Submitted/Written: 07/17/2008 01:40:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type16515 / Error
Event Submitted/Written: 07/17/2008 01:40:24 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 495669887.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type16514 / Error
Event Submitted/Written: 07/17/2008 01:40:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ad2mpegin.dll, version 1.4.0.13715, fault address 0x00016a5e.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type16512 / Error
Event Submitted/Written: 07/17/2008 01:38:26 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 495669887.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39215 / Warning
Event Submitted/Written: 07/19/2008 04:36:31 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type39212 / Warning
Event Submitted/Written: 07/19/2008 04:36:21 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type39210 / Warning
Event Submitted/Written: 07/19/2008 04:36:18 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type39208 / Warning
Event Submitted/Written: 07/19/2008 04:36:11 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type39205 / Warning
Event Submitted/Written: 07/19/2008 04:35:45 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040055559FC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-19 04:42:55 ------------

Edited by Amedeus, 19 July 2008 - 03:55 AM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 19 July 2008 - 07:26 AM

Hi,

I'm currently reviewing the logs, get back to you as soon as possible.

Edited by farbar, 19 July 2008 - 08:04 AM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 19 July 2008 - 08:44 AM

Hi,
  • Download an old version of HijackThis to your desktop from https://ssl.perfora.net/tools.radiosplace.com/HijackThis.exe

    Please open HijackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O18 - Filter hijack: text/html - {ff97ebfb-124c-4973-beb8-328ee79480f8} - C:\WINDOWS\system32\iehlpr32.dll

    Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    HijackThis makes a backup folder on your desktop. Remove both the Hijackthis.exe and its backup folder from your desktop.

  • Please run the F-Secure Online Scanner
    Note: This Scanner is for Internet Explorer Only!
    Follow the Instruction here for installation.
    Accept the License Agreement.
    Once the ActiveX installs,Click Full System Scan
    Once the download completes, the scan will begin automatically.
    The scan will take some time to finish, so please be patient.
    When the scan completes, click the Automatic cleaning (recommended) button.
    Click the Show Report button and Copy&Paste the entire report in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.

  • Please tell me about the result of the Virustotal scan in in post #7 step 8

  • Let me know if you are still having problem with Windows explorer? And if you have Windows installation CD in case it is needed.


#13 Amedeus

Amedeus
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 24 July 2008 - 04:48 AM

The only problems I was really having with Windows Explorer was in Program Files, and then only when it was on Thumbnail View. Aside from that, I haven't had any troubles with it.

And the Virustotal scan hadn't found anything. It gave me a "0/33 0.00%", so according to that, it's clean.


F-Secure:

Scanning Report
Wednesday, July 23, 2008 23:48:45 - 05:04:25
Computer name: NICK
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ F:\ L:\ M:\


--------------------------------------------------------------------------------

Result: 5 malware found
Delf.ATBB (virus)
L:\DOCUMENTS AND SETTINGS\NICK\MY DOCUMENTS\AP\KEYGEN.EXE (Submitted)
Suspicious_F.gen (virus)
F:\MY DOCUMENTS\CHOPPER\STARCRAFT\SCBW0_111\SCBW0_111.EXE (Submitted)
L:\PROGRAM FILES\STARCRAFT\SCBW0_111.EXE (Submitted)
L:\DOCUMENTS AND SETTINGS\NICK\MY DOCUMENTS\DOWNLOAD\KEYGEN\KEYGEN.EXE (Submitted)
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 135955
System: 6801
Not scanned: 111
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 4
Files not scanned:
?Ҁx@IBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\MCAFEE_HXH9NFAAF3VLS5C
C:\WINDOWS\TEMP\MCMSC_4UUB9JBGW2FR022
C:\WINDOWS\TEMP\MCMSC_MFQF3CUEE84KZQU
C:\WINDOWS\TEMP\MCMSC_RV2RIFJCUR4WEPH
C:\WINDOWS\TEMP\MCMSC_YKUT6JU2OHWMNP4
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMP\~ROMFN_00000260
L:\WINDOWS\SYSTEM32\MSEXNPFI.EXE
L:\WINDOWS\PREFETCH\LAYOUT.INI
L:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
L:\WINDOWS\$NTUNINSTALLQ828026$\WMPCORE.DLL
L:\WINDOWS\$NTUNINSTALLQ328940$\REG00003
L:\WINDOWS\$NTUNINSTALLQ323172$\REG00003
L:\WINDOWS\$NTUNINSTALLQ323172$\REG00005
L:\WINDOWS\$NTUNINSTALLQ323172$\REG00008
L:\WINDOWS\$NTUNINSTALLQ323172$\REG00009
L:\WINDOWS\$NTUNINSTALLQ323172$\REG00010
L:\WINDOWS\$NTUNINSTALLQ323172$\REG00011
L:\WINDOWS\$NTUNINSTALLQ315000$\NETSETUP.EXE
L:\WINDOWS\$NTUNINSTALLQ315000$\SSDPAPI.DLL
L:\WINDOWS\$NTUNINSTALLQ315000$\SSDPSRV.DLL
L:\WINDOWS\$NTUNINSTALLQ315000$\UPNP.DLL
L:\WINDOWS\$NTUNINSTALLQ315000$\SPUNINST\SPUNINST.EXE
L:\WINDOWS\$NTUNINSTALLQ315000$\SPUNINST\SPUNINST.INF
L:\WINDOWS\$NTUNINSTALLQ309521$\DXMASF.DLL
L:\WINDOWS\$NTUNINSTALLQ309521$\HTTPOD51.DLL
L:\WINDOWS\$NTUNINSTALLQ309521$\MSDXM.OCX
L:\WINDOWS\$NTUNINSTALLQ309521$\SFCFILES.DLL
L:\WINDOWS\$NTUNINSTALLQ309521$\SSINC51.DLL
L:\WINDOWS\$NTUNINSTALLQ309521$\URL.DLL
L:\WINDOWS\$NTUNINSTALLQ309521$\WININET.DLL
L:\WINDOWS\$NTUNINSTALLQ309521$\SPUNINST\SPUNINST.EXE
L:\WINDOWS\$NTUNINSTALLQ309521$\SPUNINST\SPUNINST.INF
L:\WINDOWS\$NTUNINSTALLKB839645$\SHELL32.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\EXPSRV.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSEXCH40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSEXCL40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSJET40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSJETOL1.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSJETOLEDB40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSJINT40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSJTER40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSJTES40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSLTUS40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSPBDE40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSRD2X40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSRD3X40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSREPL40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSTEXT40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSWDAT10.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSWSTR10.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\MSXBDE40.DLL
L:\WINDOWS\$NTUNINSTALLKB837001$\VBAJET32.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\BROWSER.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\CMDEVTGPROV.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\EVTGPROV.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP
L:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE
L:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
L:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL
L:\WINDOWS\$NTUNINSTALLKB833987$\SXS.DLL
L:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
L:\WINDOWS\$NTUNINSTALLKB828741ׁ큃

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-07-24
F-Secure AVP: 7.0.171, 2008-07-24
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics



HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:13 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11024 bytes

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:37 PM

Posted 24 July 2008 - 09:24 AM

Hello,

A few things to take care of:
  • Delete the file and folder in bold:

    L:\DOCUMENTS AND SETTINGS\NICK\MY DOCUMENTS\AP\KEYGEN.EXE
    L:\DOCUMENTS AND SETTINGS\NICK\MY DOCUMENTS\DOWNLOAD\KEYGEN

  • F-Secure has flagged the following file as suspicious. Follow the instruction in previous posts to send one of these files to Virustotal for a scan. Please copy and paste the scan result to your reply except if it is all clean.

    F:\MY DOCUMENTS\CHOPPER\STARCRAFT\SCBW0_111\SCBW0_111.EXE
    L:\PROGRAM FILES\STARCRAFT\SCBW0_111.EXE

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • Please copy and paste a fresh Hijackthis log to your reply.


#15 Amedeus

Amedeus
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 28 July 2008 - 02:08 AM

Ah, sorry for taking so long. I've been busier and busier lately.


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:56 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smbhq.com/nc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Registration Myst V
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10538 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users