Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Anti Virus 2008 Infection? Help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 computerbeginner13

computerbeginner13

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 21 July 2008 - 12:12 PM

I have a HP Windows XP computer and I have norton anti-virus and I have two user accounts I can choose from, I only log in from one of them, but today I accidentally logged into the other account and there was a blue screen saying windows XP Virus. It hasnt done anything only attached itself to my OTHER user account which I dont use and will not uninstall. I did not want to take a hijackthis log on the other account for fear of logging on and it spreading to my good account. So I took a hijackthis log of my good account.

I am not sure if My good accounts hijackthis log will do anything , If you need a hijackthis log from the other account just let me know.

Would it be easier to delete that other account??? If so I will. It seems ONLY to be infecting my other account, any new account i create when logging onto it It has the problem..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:58 AM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphc7lrj0elu7] C:\WINDOWS\system32\lphc7lrj0elu7.exe
O4 - HKLM\..\Run: [SMrhc3lrj0elu7] C:\Program Files\rhc3lrj0elu7\rhc3lrj0elu7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10355 bytes

Edited by computerbeginner13, 21 July 2008 - 03:00 PM.


BC AdBot (Login to Remove)

 


m

#2 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 21 July 2008 - 03:01 PM

Does anyone have anything???

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2008 - 07:14 AM

Hello, my name is fenzodahl512 and welcome to BC..


Does anyone have anything???



Please be patience.. We are all volunteers and we do have our own real-life outside forum..


Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 22 July 2008 - 12:42 PM

heye is the deckard's system scanner... Remember I ran it on my good, non-virus accoutn since Im afraid the virus might jump over...

main.txt


Deckard's System Scanner v20071014.68
Run by Tom on 2008-07-22 10:22:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-22 17:23:02 UTC - RP20 - Deckard's System Scanner Restore Point
3: 2008-07-21 23:17:44 UTC - RP19 - Installed Adobe Reader 7.1.0
2: 2008-07-21 17:23:36 UTC - RP18 - Last good restore point
1: 2008-07-21 17:23:28 UTC - RP17 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:11 AM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Tom\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphc7lrj0elu7] C:\WINDOWS\system32\lphc7lrj0elu7.exe
O4 - HKLM\..\Run: [SMrhc3lrj0elu7] C:\Program Files\rhc3lrj0elu7\rhc3lrj0elu7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10616 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080101-095051-957 O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
backup-20080101-163823-224 O3 - Toolbar: (no name) - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - (no file)
backup-20080101-163823-244 O2 - BHO: XBTB05988 Class - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - C:\PROGRA~1\FURLTO~1\toolbar.dll (file missing)
backup-20080103-140415-658 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Matt Slagle\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
backup-20080103-140415-679 O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
backup-20080104-130546-259 O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
backup-20080104-130546-291 O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
backup-20080104-130546-863 O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
backup-20080104-130546-895 O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
backup-20080415-184232-138 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080415-184232-421 O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll (file missing)
backup-20080415-184232-742 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080415-184232-963 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
backup-20080415-184232-983 O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 10:25:00 380 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-21 20:00:00 644 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
2008-07-21 12:48:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-18 21:08:50 544 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Tom.job
2008-07-13 15:21:03 338 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-21 16:18:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-21 16:17:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-21 07:31:01 94208 --a------ C:\WINDOWS\system32\pphc7lrj0elu7.exe
2008-07-21 07:31:01 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7
2008-07-21 07:30:39 0 d-------- C:\Program Files\rhc3lrj0elu7
2008-07-21 07:30:20 60928 --a------ C:\WINDOWS\system32\blphc7lrj0elu7.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-21 07:30:19 10240 --a------ C:\3f6uu5.exe
2008-07-21 07:30:18 110080 --a------ C:\WINDOWS\system32\lphc7lrj0elu7.exe
2008-07-21 06:09:20 0 d-------- C:\Documents and Settings\Tom\Application Data\Sun
2008-07-16 17:25:45 0 d-------- C:\Documents and Settings\Tom\Application Data\Move Networks
2008-07-15 17:23:19 0 d-------- C:\Documents and Settings\Tom\Application Data\AdobeUM
2008-07-15 09:56:10 0 d-------- C:\Program Files\Paint.NET
2008-07-15 09:54:16 0 d-------- C:\Program Files\MSBuild
2008-07-15 09:54:10 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-15 09:54:02 0 d-------- C:\Program Files\Reference Assemblies
2008-07-15 09:49:50 0 d-------- C:\Program Files\MSXML 6.0
2008-07-14 12:08:34 0 d-------- C:\Documents and Settings\Tom\Application Data\ICAClient
2008-07-14 12:04:14 0 d-------- C:\Program Files\Citrix Download
2008-07-14 12:03:43 0 d-------- C:\Program Files\New Folder
2008-07-14 10:25:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-07-14 09:46:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore
2008-07-14 09:44:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2008-07-14 09:44:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-07-13 22:35:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-13 22:35:56 0 d-------- C:\Program Files\Viewpoint
2008-07-13 22:32:38 0 d-------- C:\Documents and Settings\Tom\Application Data\acccore
2008-07-13 21:41:16 0 d-------- C:\Documents and Settings\Tom\Application Data\Adobe
2008-07-13 21:17:30 0 d-------- C:\Program Files\Bonjour
2008-07-13 21:14:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-13 20:07:08 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-13 19:09:30 0 d-------- C:\Program Files\MSXML 4.0
2008-07-13 18:39:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-13 18:02:06 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-13 17:48:20 0 d---s---- C:\Documents and Settings\Tom\UserData
2008-07-13 17:42:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-13 17:31:35 0 d-------- C:\Documents and Settings\Tom\Application Data\Macromedia
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\WINDOWS
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\Templates
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\Start Menu
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\SendTo
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\Recent
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\PrintHood
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\NetHood
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\My Documents
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\Local Settings
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\Favorites
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Desktop
2008-07-13 15:58:07 0 d---s---- C:\Documents and Settings\Tom\Cookies
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\Application Data
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Symantec
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\SampleView
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Real
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Intuit
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Identities
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Apple Computer
2008-07-13 15:58:06 2359296 --ah----- C:\Documents and Settings\Tom\NTUSER.DAT
2008-07-13 15:56:55 0 dr-hs---- C:\cmdcons
2008-07-13 15:26:43 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2008-07-13 15:18:07 0 dr-h----- C:\Documents and Settings\HP_Administrator\SendTo
2008-07-13 15:18:07 0 d--h----- C:\Documents and Settings\HP_Administrator\PrintHood
2008-07-13 15:18:07 0 d--h----- C:\Documents and Settings\HP_Administrator\NetHood
2008-07-13 15:18:07 0 dr------- C:\Documents and Settings\HP_Administrator\My Documents
2008-07-13 15:18:07 0 d--h----- C:\Documents and Settings\HP_Administrator\Local Settings
2008-07-13 15:18:07 0 dr------- C:\Documents and Settings\HP_Administrator\Favorites
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Desktop
2008-07-13 15:18:07 0 d---s---- C:\Documents and Settings\HP_Administrator\Cookies
2008-07-13 15:18:07 0 dr-h----- C:\Documents and Settings\HP_Administrator\Application Data
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-07-13 15:18:07 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-07-13 15:18:06 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-07-13 15:18:06 0 d--h----- C:\Documents and Settings\HP_Administrator\Templates
2008-07-13 15:18:06 0 dr------- C:\Documents and Settings\HP_Administrator\Start Menu
2008-07-13 15:18:06 1572864 --ah----- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2008-07-13 14:38:59 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 12:45:49 0 d-------- C:\Program Files\TrainPlayer 3.1


-- Find3M Report ---------------------------------------------------------------

2008-07-22 10:13:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 16:17:58 0 d-------- C:\Program Files\Common Files
2008-07-13 22:36:09 0 d-------- C:\Program Files\AIM6
2008-07-13 21:19:09 0 d-------- C:\Program Files\iTunes
2008-07-13 21:17:16 0 d-------- C:\Program Files\QuickTime
2008-07-13 15:21:06 0 d-------- C:\Program Files\Easy Internet signup
2008-06-09 15:09:25 0 d-------- C:\Program Files\THQ
2008-06-07 12:25:07 0 d-------- C:\Program Files\The Creative Assembly
2008-06-01 17:52:15 0 d-------- C:\Program Files\Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 07:04 PM]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/04/2005 09:40 AM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [03/29/2005 05:03 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 10:34 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/10/2005 05:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 06:12 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/09/2005 04:36 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"lphc7lrj0elu7"="C:\WINDOWS\system32\lphc7lrj0elu7.exe" [07/21/2008 07:30 AM]
"SMrhc3lrj0elu7"="C:\Program Files\rhc3lrj0elu7\rhc3lrj0elu7.exe" [07/21/2008 04:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 6:23:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme




-- End of Deckard's System Scanner: finished at 2008-07-22 10:26:35 ------------





Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1022.48 MiB / 493.67 MiB
Pagefile Memory (total/avail): 2458.47 MiB / 1979.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.17 MiB

C: is Fixed (NTFS) - 178.29 GiB total, 143.6 GiB free.
D: is Fixed (FAT32) - 8 GiB total, 0.88 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200826A - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB - D:
\PARTITION1 (bootable) - Installable File System - 178.29 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tom\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SLAGLECOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tom
LOGONSERVER=\\SLAGLECOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Tom\LOCALS~1\Temp
TMP=C:\DOCUME~1\Tom\LOCALS~1\Temp
USERDOMAIN=SLAGLECOMPUTER
USERNAME=Tom
USERPROFILE=C:\Documents and Settings\Tom
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Tom (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AntivirXP08 --> "C:\Program Files\rhc3lrj0elu7\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barnyard Invasion from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Big Kahuna Reef from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D77E8A46-BEB4-49ED-B2D3-B77180169FA3\Uninstall.exe"
Blackhawk Striker 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Holidays from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1B497FAA-E53E-420D-8408-FFDD3278CD50\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Citrix Presentation Server Client --> MsiExec.exe /I{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}
Crystal Maze from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Digby's Donuts from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A51671BD-9BE5-4944-AC62-A2A0B6FF5E54\Uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
FATE Demo from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B68BB501-10CD-46E2-BB45-075A2ABFD242\Uninstall.exe"
Flip Words from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1280194E-E9D5-4253-95E7-40169E2A4848\Uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Tunes --> MsiExec.exe /X{3076D235-59F2-448E-889F-D04F985B4CF1}
Insaniquarium Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Jewel Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A73FAC36-8925-465D-8FA2-4DA98BD9B441\Uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Tom\Application Data\Move Networks\ie_bin\Uninst.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.1 - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}\setup.exe" -l0x9
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Paint.NET v3.35 --> MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ricochet Lost Worlds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE Blast from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2BA80327-9385-4EC8-9796-47C49BD73352\Uninstall.exe"
SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
SCRABBLE Rack Attack from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EC03679F-C9F0-46E8-864D-FCCF83F4EB86\Uninstall.exe"
Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
Slyder from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\600C800C-5985-4E74-AFE7-571001AC3FA4\Uninstall.exe"
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
Swarm from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\133F647D-B454-42BC-ADBE-387482A29B88\Uninstall.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) --> C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type437 / Error
Event Submitted/Written: 07/22/2008 10:25:04 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type436 / Error
Event Submitted/Written: 07/22/2008 10:25:04 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type435 / Error
Event Submitted/Written: 07/22/2008 10:25:03 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type371 / Error
Event Submitted/Written: 07/19/2008 11:09:40 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2668, fault address 0x0013b79a.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type354 / Warning
Event Submitted/Written: 07/18/2008 05:24:28 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1115 / Error
Event Submitted/Written: 07/21/2008 04:47:53 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type1114 / Error
Event Submitted/Written: 07/21/2008 04:47:53 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Event Record #/Type1113 / Error
Event Submitted/Written: 07/21/2008 04:47:53 PM
Event ID/Source: 34 / SideBySide
Event Description:
Component identity found in manifest does not match the identity of the component requested

Event Record #/Type1112 / Error
Event Submitted/Written: 07/21/2008 04:47:46 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type1111 / Error
Event Submitted/Written: 07/21/2008 04:47:46 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.



-- End of Deckard's System Scanner: finished at 2008-07-22 10:26:35 ------------

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2008 - 01:49 PM

I'd prefer you do this on your infected account., But lets do it on your clean one and then we'll check that infected account later.. Do below:



Please uninstall the following programs from your computer..

AntivirXP08
Viewpoint Media Player





NEXT


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.





NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\pphc7lrj0elu7.exe
    C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7
    C:\Program Files\rhc3lrj0elu7
    C:\WINDOWS\system32\blphc7lrj0elu7.scr
    C:\3f6uu5.exe
    C:\WINDOWS\system32\lphc7lrj0elu7.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc7lrj0elu7
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhc3lrj0elu7
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply..

1. OTMoveIt2
2. Malwarebytes'
3. A fresh DSS log (after Malwarebytes' step)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 22 July 2008 - 03:32 PM

srry it took so long to reply The scan took a while... I will not be on until tomorrow morning just giving a heads up. No problems faced.

here are the logs in order

OTMoveit
Malwarebytes
DSS




Explorer killed successfully
C:\WINDOWS\system32\pphc7lrj0elu7.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Packages moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine\Autorun moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7\Quarantine moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc3lrj0elu7 moved successfully.
File/Folder C:\Program Files\rhc3lrj0elu7 not found.
C:\WINDOWS\system32\blphc7lrj0elu7.scr moved successfully.
C:\3f6uu5.exe moved successfully.
C:\WINDOWS\system32\lphc7lrj0elu7.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc7lrj0elu7 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc7lrj0elu7 deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhc3lrj0elu7 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhc3lrj0elu7 deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\AcrA215.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\AcrA216.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07222008_120441

Files moved on Reboot...
File C:\DOCUME~1\Tom\LOCALS~1\Temp\AcrA215.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\AcrA216.tmp not found!
C:\DOCUME~1\Tom\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\Tom\LOCALS~1\Temp\_hphtra07.log moved successfully.










Malwarebytes' Anti-Malware 1.22
Database version: 979
Windows 5.1.2600 Service Pack 2

1:27:48 PM 7/22/2008
mbam-log-7-22-2008 (13-27-48).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 167640
Time elapsed: 1 hour(s), 10 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3lrj0elu7 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom\Application Data\rhc3lrj0elu7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\_OTMoveIt\MovedFiles\07222008_120441\WINDOWS\system32\pphc7lrj0elu7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc7lrj0elu7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nick Slagle\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.















Deckard's System Scanner v20071014.68
Run by Tom on 2008-07-22 13:31:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Tom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:48 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Documents and Settings\Tom\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10169 bytes

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 12:15:23 0 d-------- C:\Documents and Settings\Tom\Application Data\Malwarebytes
2008-07-22 12:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 12:15:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 16:18:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-21 16:17:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-21 06:09:20 0 d-------- C:\Documents and Settings\Tom\Application Data\Sun
2008-07-16 17:25:45 0 d-------- C:\Documents and Settings\Tom\Application Data\Move Networks
2008-07-15 17:23:19 0 d-------- C:\Documents and Settings\Tom\Application Data\AdobeUM
2008-07-15 09:56:10 0 d-------- C:\Program Files\Paint.NET
2008-07-15 09:54:16 0 d-------- C:\Program Files\MSBuild
2008-07-15 09:54:10 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-15 09:54:02 0 d-------- C:\Program Files\Reference Assemblies
2008-07-15 09:49:50 0 d-------- C:\Program Files\MSXML 6.0
2008-07-14 12:08:34 0 d-------- C:\Documents and Settings\Tom\Application Data\ICAClient
2008-07-14 12:04:14 0 d-------- C:\Program Files\Citrix Download
2008-07-14 12:03:43 0 d-------- C:\Program Files\New Folder
2008-07-14 10:25:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-07-14 09:46:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore
2008-07-14 09:44:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2008-07-14 09:44:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-07-13 22:35:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-13 22:32:38 0 d-------- C:\Documents and Settings\Tom\Application Data\acccore
2008-07-13 21:41:16 0 d-------- C:\Documents and Settings\Tom\Application Data\Adobe
2008-07-13 21:17:30 0 d-------- C:\Program Files\Bonjour
2008-07-13 21:14:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-13 20:07:08 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-13 19:09:30 0 d-------- C:\Program Files\MSXML 4.0
2008-07-13 18:39:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-13 18:02:06 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-13 17:48:20 0 d---s---- C:\Documents and Settings\Tom\UserData
2008-07-13 17:42:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-13 17:31:35 0 d-------- C:\Documents and Settings\Tom\Application Data\Macromedia
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\WINDOWS
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\Templates
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\Start Menu
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\SendTo
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\Recent
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\PrintHood
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\NetHood
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\My Documents
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\Local Settings
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\Favorites
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Desktop
2008-07-13 15:58:07 0 d---s---- C:\Documents and Settings\Tom\Cookies
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\Application Data
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Symantec
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\SampleView
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Real
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Intuit
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Identities
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Apple Computer
2008-07-13 15:58:06 2359296 --ah----- C:\Documents and Settings\Tom\NTUSER.DAT
2008-07-13 15:56:55 0 dr-hs---- C:\cmdcons
2008-07-13 15:26:43 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2008-07-13 15:18:07 0 dr-h----- C:\Documents and Settings\HP_Administrator\SendTo
2008-07-13 15:18:07 0 d--h----- C:\Documents and Settings\HP_Administrator\PrintHood
2008-07-13 15:18:07 0 d--h----- C:\Documents and Settings\HP_Administrator\NetHood
2008-07-13 15:18:07 0 dr------- C:\Documents and Settings\HP_Administrator\My Documents
2008-07-13 15:18:07 0 d--h----- C:\Documents and Settings\HP_Administrator\Local Settings
2008-07-13 15:18:07 0 dr------- C:\Documents and Settings\HP_Administrator\Favorites
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Desktop
2008-07-13 15:18:07 0 d---s---- C:\Documents and Settings\HP_Administrator\Cookies
2008-07-13 15:18:07 0 dr-h----- C:\Documents and Settings\HP_Administrator\Application Data
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-07-13 15:18:07 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2008-07-13 15:18:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-07-13 15:18:06 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-07-13 15:18:06 0 d--h----- C:\Documents and Settings\HP_Administrator\Templates
2008-07-13 15:18:06 0 dr------- C:\Documents and Settings\HP_Administrator\Start Menu
2008-07-13 15:18:06 1572864 --ah----- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2008-07-13 14:38:59 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 12:45:49 0 d-------- C:\Program Files\TrainPlayer 3.1


-- Find3M Report ---------------------------------------------------------------

2008-07-22 12:15:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 16:17:58 0 d-------- C:\Program Files\Common Files
2008-07-13 22:36:09 0 d-------- C:\Program Files\AIM6
2008-07-13 21:19:09 0 d-------- C:\Program Files\iTunes
2008-07-13 21:17:16 0 d-------- C:\Program Files\QuickTime
2008-07-13 15:21:06 0 d-------- C:\Program Files\Easy Internet signup
2008-06-09 15:09:25 0 d-------- C:\Program Files\THQ
2008-06-07 12:25:07 0 d-------- C:\Program Files\The Creative Assembly
2008-06-01 17:52:15 0 d-------- C:\Program Files\Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 07:04 PM]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/04/2005 09:40 AM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [03/29/2005 05:03 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 10:34 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/10/2005 05:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 06:12 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/09/2005 04:36 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 6:23:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-07-22 13:32:25 ------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2008 - 03:40 PM

Log looks good... Lets do another scan before I can set you free...


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then tell me about your computer behaviour..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 22 July 2008 - 03:49 PM

I am doign the scan right now but After it is complete and I have my log would You like me to log onto the (previously infected account) and see if it has any symptoms like before??? Or can I just assume everything is ok and delete the account???

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2008 - 03:55 PM

I am doign the scan right now but After it is complete and I have my log would You like me to log onto the (previously infected account) and see if it has any symptoms like before??? Or can I just assume everything is ok and delete the account???



If you don't want the account you can freely delete it if you wish.. If not, we're going to check that account later.. Don't worry about it will infect your clean account..



I'm going to sleep.. It's near 5am in Malaysia and I'm working from 9.30 am tomorrow.. So.. see you tomorrow..

Edited by fenzodahl512, 22 July 2008 - 03:57 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 23 July 2008 - 01:01 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 23, 2008 11:00:25 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/07/2008
Kaspersky Anti-Virus database records: 997789
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 138256
Number of viruses found: 4
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 02:28:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f573ca913eeed5fb1ef373ee34209287_afe1cb9f-aa6d-4098-9815-6023e0c1e6ce Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E4DF818C.TMP Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\History\History.IE5\MSHist012008072320080724\index.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tom\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\advheur0.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\advheur1.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\archs0.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\archs1.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\archs2.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\charon0.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\charon1.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\charon2.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\engine0.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\engine1.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\engine2.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\pwscan0.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\pwscan1.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\pwscan2.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\utilmod0.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\utilmod1.nup Object is locked skipped
C:\Program Files\EsetOnlineScanner\nup\utilmod2.nup Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0132NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0956NAV~.TMP Object is locked skipped
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.SearchIt.t skipped
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE WiseSFX: infected - 1 skipped
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE WiseSFXDropper: infected - 1 skipped
C:\RECYCLER\S-1-5-21-515684213-2329983865-366209038-1008\Dc2.lnk Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP20\A0004862.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.mf skipped
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP20\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\2303c.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\2303c.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\2303c.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\2303c.msi Embedded: infected - 3 skipped
C:\WINDOWS\Installer\230c5.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\230c5.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\230c5.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\230c5.msi Embedded: infected - 3 skipped
C:\WINDOWS\Installer\2314f.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\2314f.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\2314f.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infected: Trojan-Downloader.Win32.CWS.fp skipped
C:\WINDOWS\Installer\2314f.msi Embedded: infected - 3 skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{889DDCEE-0EF7-4108-9C55-3B7073ABFC27}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B430D874-3548-4A67-B80B-851FDC710FC1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\07222008_120441\WINDOWS\system32\lphc7lrj0elu7.exe Infected: Trojan-Downloader.Win32.Small.yrd skipped
D:\I386\Apps\APP32566\src\SC_AUDIO_202\AUDIO.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_AUDIO_202\AUDIO.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_AUDIO_202\AUDIO.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_AUDIO_202\AUDIO.msi Embedded: infected - 3 skipped
D:\I386\Apps\APP32566\src\SC_COPY_202\COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_COPY_202\COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_COPY_202\COPY.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_COPY_202\COPY.msi Embedded: infected - 3 skipped
D:\I386\Apps\APP32566\src\SC_DATA_202\BMPLE.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab/common/update.exe Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_DATA_202\BMPLE.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA/CAB-file.cab Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_DATA_202\BMPLE.msi/q329112WXP.exe.1EE2E474_D9B7_4034_99F6_E94B368FF7BA Infected: Trojan-Downloader.Win32.CWS.fp skipped
D:\I386\Apps\APP32566\src\SC_DATA_202\BMPLE.msi Embedded: infected - 3 skipped

Scan process completed.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 July 2008 - 01:39 PM

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE
    C:\WINDOWS\Installer\2303c.msi
    C:\WINDOWS\Installer\230c5.msi
    C:\WINDOWS\Installer\2314f.msi
    D:\I386\Apps\APP32566\src\SC_AUDIO_202\AUDIO.msi
    D:\I386\Apps\APP32566\src\SC_COPY_202\COPY.msi
    D:\I386\Apps\APP32566\src\SC_DATA_202\BMPLE.msi
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Also post me a fresh DSS log in your next reply.. Tell me about another account.. Do you want to delete it or do you want me to have a look at it?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 23 July 2008 - 02:13 PM

I am just going to delete theo ther account.. i went on to it today and there was not 1 single problem..... thxs

Explorer killed successfully
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE moved successfully.
C:\WINDOWS\Installer\2303c.msi moved successfully.
C:\WINDOWS\Installer\230c5.msi moved successfully.
C:\WINDOWS\Installer\2314f.msi moved successfully.
D:\I386\Apps\APP32566\src\SC_AUDIO_202\AUDIO.msi moved successfully.
D:\I386\Apps\APP32566\src\SC_COPY_202\COPY.msi moved successfully.
D:\I386\Apps\APP32566\src\SC_DATA_202\BMPLE.msi moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_114806

Files moved on Reboot...
C:\DOCUME~1\Tom\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\Tom\LOCALS~1\Temp\_hphtra07.log moved successfully.


















Deckard's System Scanner v20071014.68
Run by Tom on 2008-07-23 12:11:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Tom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:27 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom\Desktop\Dc5.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10374 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 09:48:40 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Macromedia
2008-07-23 09:48:38 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Adobe
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\WINDOWS
2008-07-22 16:29:19 0 d--h----- C:\Documents and Settings\HP Administrator X\Templates
2008-07-22 16:29:19 0 dr------- C:\Documents and Settings\HP Administrator X\Start Menu
2008-07-22 16:29:19 0 dr-h----- C:\Documents and Settings\HP Administrator X\SendTo
2008-07-22 16:29:19 0 dr-h----- C:\Documents and Settings\HP Administrator X\Recent
2008-07-22 16:29:19 0 d--h----- C:\Documents and Settings\HP Administrator X\PrintHood
2008-07-22 16:29:19 0 d--h----- C:\Documents and Settings\HP Administrator X\NetHood
2008-07-22 16:29:19 0 dr------- C:\Documents and Settings\HP Administrator X\My Documents
2008-07-22 16:29:19 0 d--h----- C:\Documents and Settings\HP Administrator X\Local Settings
2008-07-22 16:29:19 0 dr------- C:\Documents and Settings\HP Administrator X\Favorites
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Desktop
2008-07-22 16:29:19 0 d---s---- C:\Documents and Settings\HP Administrator X\Cookies
2008-07-22 16:29:19 0 dr-h----- C:\Documents and Settings\HP Administrator X\Application Data
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Symantec
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\SampleView
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Real
2008-07-22 16:29:19 0 d---s---- C:\Documents and Settings\HP Administrator X\Application Data\Microsoft
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Intuit
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Identities
2008-07-22 16:29:19 0 d-------- C:\Documents and Settings\HP Administrator X\Application Data\Apple Computer
2008-07-22 16:29:18 1048576 --ah----- C:\Documents and Settings\HP Administrator X\NTUSER.DAT
2008-07-22 16:23:22 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-22 13:46:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 13:46:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-22 12:15:23 0 d-------- C:\Documents and Settings\Tom\Application Data\Malwarebytes
2008-07-22 12:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 12:15:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 16:18:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-21 16:17:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-21 06:09:20 0 d-------- C:\Documents and Settings\Tom\Application Data\Sun
2008-07-16 17:25:45 0 d-------- C:\Documents and Settings\Tom\Application Data\Move Networks
2008-07-15 17:23:19 0 d-------- C:\Documents and Settings\Tom\Application Data\AdobeUM
2008-07-15 09:56:10 0 d-------- C:\Program Files\Paint.NET
2008-07-15 09:54:16 0 d-------- C:\Program Files\MSBuild
2008-07-15 09:54:10 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-15 09:54:02 0 d-------- C:\Program Files\Reference Assemblies
2008-07-15 09:49:50 0 d-------- C:\Program Files\MSXML 6.0
2008-07-14 12:08:34 0 d-------- C:\Documents and Settings\Tom\Application Data\ICAClient
2008-07-14 12:04:14 0 d-------- C:\Program Files\Citrix Download
2008-07-14 12:03:43 0 d-------- C:\Program Files\New Folder
2008-07-13 22:35:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-13 22:32:38 0 d-------- C:\Documents and Settings\Tom\Application Data\acccore
2008-07-13 21:41:16 0 d-------- C:\Documents and Settings\Tom\Application Data\Adobe
2008-07-13 21:17:30 0 d-------- C:\Program Files\Bonjour
2008-07-13 21:14:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-13 20:07:08 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-13 19:09:30 0 d-------- C:\Program Files\MSXML 4.0
2008-07-13 18:39:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-13 18:02:06 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-13 17:48:20 0 d---s---- C:\Documents and Settings\Tom\UserData
2008-07-13 17:42:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-13 17:31:35 0 d-------- C:\Documents and Settings\Tom\Application Data\Macromedia
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\WINDOWS
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\Templates
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\Start Menu
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\SendTo
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\Recent
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\PrintHood
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\NetHood
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\My Documents
2008-07-13 15:58:07 0 d--h----- C:\Documents and Settings\Tom\Local Settings
2008-07-13 15:58:07 0 dr------- C:\Documents and Settings\Tom\Favorites
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Desktop
2008-07-13 15:58:07 0 d---s---- C:\Documents and Settings\Tom\Cookies
2008-07-13 15:58:07 0 dr-h----- C:\Documents and Settings\Tom\Application Data
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Symantec
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\SampleView
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Real
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Intuit
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Identities
2008-07-13 15:58:07 0 d-------- C:\Documents and Settings\Tom\Application Data\Apple Computer
2008-07-13 15:58:06 2883584 --ah----- C:\Documents and Settings\Tom\NTUSER.DAT
2008-07-13 15:56:55 0 dr-hs---- C:\cmdcons
2008-07-13 14:38:59 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 12:45:49 0 d-------- C:\Program Files\TrainPlayer 3.1


-- Find3M Report ---------------------------------------------------------------

2008-07-22 12:15:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 16:17:58 0 d-------- C:\Program Files\Common Files
2008-07-13 22:36:09 0 d-------- C:\Program Files\AIM6
2008-07-13 21:19:09 0 d-------- C:\Program Files\iTunes
2008-07-13 21:17:16 0 d-------- C:\Program Files\QuickTime
2008-07-13 15:21:06 0 d-------- C:\Program Files\Easy Internet signup
2008-06-09 15:09:25 0 d-------- C:\Program Files\THQ
2008-06-07 12:25:07 0 d-------- C:\Program Files\The Creative Assembly
2008-06-01 17:52:15 0 d-------- C:\Program Files\Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 07:04 PM]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/04/2005 09:40 AM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [03/29/2005 05:03 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 10:34 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/10/2005 05:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 06:12 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/09/2005 04:36 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 6:23:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-07-23 12:11:44 ------------

Edited by computerbeginner13, 23 July 2008 - 02:14 PM.


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 July 2008 - 02:53 PM

Your log looks clean to my eyes..


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Lastly, to keep your operating system up to date please visit the link below monthlyTo learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Reply to this thread once more and tell us about the computer behaviour before we can close this thread

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 computerbeginner13

computerbeginner13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 24 July 2008 - 09:08 AM

thank you so very much, I know I have been slow with my replys and I am very sorry I have been extremely busy with work and family.

IF I ever have another problem is there any way I am able to ask for YOU instead of soemone else on this forum??? Not to sound rude, but I am just very happy with my outcome.Thank you again so much for your help.

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 24 July 2008 - 10:00 AM

Any HJT Team here is qualify to help you.. They have great knowledge and vast experiences with computers to help you.. I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users