Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help


  • Please log in to reply
8 replies to this topic

#1 Ninix

Ninix

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 13 August 2008 - 03:32 PM

Recently my computer has been running so slow with so many problems. Everytime I start my PC, it doesn't load the task bar or anything but the wallpaper. It also give me alot of error message when it begins to load. Another problem is that I have this stupid Virus Scanner thing that just wouldn't stop scanning!! I tried to remove it many times but I can't find the uninstall file. So please help me out.

Posted Image

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:46 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\xpupdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {225118BA-642C-4794-9A86-A9701FC052DD} - C:\WINDOWS\system32\fccaXNFU.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\fcccdDts.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: {386a7632-d358-85e8-ce24-2d0bdf5c51ad} - {da15c5fd-b0d2-42ec-8e58-853d2367a683} - C:\WINDOWS\system32\ingzjk.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [7c132161] rundll32.exe "C:\WINDOWS\system32\cultpddp.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [A00F152A75.exe] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\_A00F152A75.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [A00F4C6911C.exe] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\_A00F4C6911C.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [A00F9AD55A1.exe] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\_A00F9AD55A1.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm801NWUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scanner.com/setup/setup.cab
O20 - AppInit_DLLs: ingzjk.dll
O20 - Winlogon Notify: fcccdDts - C:\WINDOWS\SYSTEM32\fcccdDts.dll
O20 - Winlogon Notify: __c00B243E - C:\WINDOWS\system32\__c00B243E.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12521 bytes



BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 13 August 2008 - 04:41 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Ninix

Ninix
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 14 August 2008 - 11:58 AM

Combo log

ComboFix 08-08-13.05 - HP_Administrator 2008-08-14 9:35:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1402 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Application Data\install.dat
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\J9AQAV4W\interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\J9AQAV4W\interclick.com\ud.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@2o7[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@2o7[4].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@a.musicnotes[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@adc.aavalue[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@adopt.specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@ads.pointroll[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@adserver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@adtrgt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@adtrgt[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@advertising[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@afy11[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@asiafriendfinder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@barnesandnoble[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@bizrate[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@casalemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@contextweb[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@crwdcntrl[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@cts.metricsdirect[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@cts.metricsdirect[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@ehg-dig.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@etology[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@ezradio.aavalue[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@eztracks.aavalue[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@facebook[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@freeze[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@freeze[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@getmusicfree.aavalue[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@grouplotto.aavalue[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@hotbar[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@imatchup.aavalue[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@imiclk[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@insightexpressai[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@insightexpressai[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@luyenchuong[4].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@myspace[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@neopets[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@neopets[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@phim68[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@trafficmp[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@tremor.adbureau[3].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@yahoo[5].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@zango[1].txt
C:\Documents and Settings\HP_Administrator\Cookies.\hp_administrator@zedo[1].txt
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\screensavers.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller3.exe
C:\Program Files\screensavers.com\SSSUninst.exe
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\__c003825B.dat
C:\WINDOWS\system32\__c0050210.exe
C:\WINDOWS\system32\__c009CF84.dat
C:\WINDOWS\system32\__c00B243E.dat
C:\WINDOWS\system32\__c00CB100.exe
C:\WINDOWS\system32\__c00D97F9.exe
C:\WINDOWS\system32\__c00F7E9A.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\ahktwjvx.dll
C:\WINDOWS\system32\ahkulieu.ini
C:\WINDOWS\system32\ahnmreue.dll
C:\WINDOWS\system32\akntulbm.ini
C:\WINDOWS\system32\aqskljex.ini
C:\WINDOWS\system32\awtqnkhe.dll
C:\WINDOWS\system32\awtutqNh.dll
C:\WINDOWS\system32\bbetbawu.ini
C:\WINDOWS\system32\bfqjjwyi.dll
C:\WINDOWS\system32\bgccioxd.dll
C:\WINDOWS\system32\botczr.dll
C:\WINDOWS\system32\bqdfqj.dll
C:\WINDOWS\system32\brqemaqe.dll
C:\WINDOWS\system32\brsmrxgy.dll
C:\WINDOWS\system32\bwcylw.dll
C:\WINDOWS\system32\cahmylnp.ini
C:\WINDOWS\system32\cbXnlJBt.dll
C:\WINDOWS\system32\ccvajmpf.ini
C:\WINDOWS\system32\cjglit.dll
C:\WINDOWS\system32\ckopiqun.ini
C:\WINDOWS\system32\cmiontgt.dll
C:\WINDOWS\system32\cpejuquv.dll
C:\WINDOWS\system32\cpwrhsrh.ini
C:\WINDOWS\system32\cqicdheh.dll
C:\WINDOWS\system32\cultpddp.dll
C:\WINDOWS\system32\cwhwtikk.ini
C:\WINDOWS\system32\cwjdbvfd.ini
C:\WINDOWS\system32\cwtjoapi.dll
C:\WINDOWS\system32\dbdnlmyj.ini
C:\WINDOWS\system32\dbjksw.dll
C:\WINDOWS\system32\ddcBQgEV.dll
C:\WINDOWS\system32\dmufndex.ini
C:\WINDOWS\system32\dslutgol.dll
C:\WINDOWS\system32\edxgepgs.dll
C:\WINDOWS\system32\eebjplbt.dll
C:\WINDOWS\system32\eeukmntj.dll
C:\WINDOWS\system32\ehlhsdij.dll
C:\WINDOWS\system32\eqoonnia.dll
C:\WINDOWS\system32\euermnha.ini
C:\WINDOWS\system32\ewchby.dll
C:\WINDOWS\system32\ewhlgesc.dll
C:\WINDOWS\system32\falwpeow.dll
C:\WINDOWS\system32\fccaXNFU.dll
C:\WINDOWS\system32\fcccdDts.dll
C:\WINDOWS\system32\ffjnggfg.ini
C:\WINDOWS\system32\fgtkdn.dll
C:\WINDOWS\system32\fipxqops.dll
C:\WINDOWS\system32\fiqmwabn.ini
C:\WINDOWS\system32\frdcxo.dll
C:\WINDOWS\system32\frqqbfkr.dll
C:\WINDOWS\system32\fswiggpm.dll
C:\WINDOWS\system32\fxdxma.dll
C:\WINDOWS\system32\fycvehqe.dll
C:\WINDOWS\system32\gfljikdd.dll
C:\WINDOWS\system32\gngenr.dll
C:\WINDOWS\system32\gtmcdbcn.ini
C:\WINDOWS\system32\gtoossfn.ini
C:\WINDOWS\system32\heababjc.dll
C:\WINDOWS\system32\hehdciqc.ini
C:\WINDOWS\system32\hgGaBSIb.dll
C:\WINDOWS\system32\hhabifte.ini
C:\WINDOWS\system32\hiumrcib.dll
C:\WINDOWS\system32\hkdvaqvy.dll
C:\WINDOWS\system32\hkrcigpi.dll
C:\WINDOWS\system32\hkyyhocw.ini
C:\WINDOWS\system32\hnertfyp.dll
C:\WINDOWS\system32\hoxqxj.dll
C:\WINDOWS\system32\hyclum.dll
C:\WINDOWS\system32\ijdwmoet.dll
C:\WINDOWS\system32\ingzjk.dll
C:\WINDOWS\system32\ipwkcpfj.dll
C:\WINDOWS\system32\itjsiixh.dll
C:\WINDOWS\system32\ixgvfbmk.ini
C:\WINDOWS\system32\ixwcvyoy.dll
C:\WINDOWS\system32\jbfxxrve.dll
C:\WINDOWS\system32\jdhkbsnb.ini
C:\WINDOWS\system32\jedqrdmq.ini
C:\WINDOWS\system32\jmclrgrv.ini
C:\WINDOWS\system32\judhxxrf.ini
C:\WINDOWS\system32\kfatiibh.dll
C:\WINDOWS\system32\khfCvSLf.dll
C:\WINDOWS\system32\khfGaaaA.dll
C:\WINDOWS\system32\kiwxsuge.ini
C:\WINDOWS\system32\kkatwtry.ini
C:\WINDOWS\system32\kkceouhd.dll
C:\WINDOWS\system32\kkycidus.ini
C:\WINDOWS\system32\kmbfvgxi.dll
C:\WINDOWS\system32\koywbnsq.dll
C:\WINDOWS\system32\kpnkbatj.ini
C:\WINDOWS\system32\kptescsx.ini
C:\WINDOWS\system32\kwqoohqg.ini
C:\WINDOWS\system32\lebapqkq.ini
C:\WINDOWS\system32\ljJBQijg.dll
C:\WINDOWS\system32\lovdnuvj.dll
C:\WINDOWS\system32\lrolht.dll
C:\WINDOWS\system32\ltnykd.dll
C:\WINDOWS\system32\lwcrpenl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdugolfi.ini
C:\WINDOWS\system32\mhrvmgad.dll
C:\WINDOWS\system32\mlbymuxr.ini
C:\WINDOWS\system32\mwaunu.dll
C:\WINDOWS\system32\mybycmav.ini
C:\WINDOWS\system32\ncwobe.dll
C:\WINDOWS\system32\nfzdgb.dll
C:\WINDOWS\system32\niybvedy.ini
C:\WINDOWS\system32\nnsnjbtd.dll
C:\WINDOWS\system32\nqwfwdqc.dll
C:\WINDOWS\system32\nrehvr.dll
C:\WINDOWS\system32\nuqipokc.dll
C:\WINDOWS\system32\obqmklrs.ini
C:\WINDOWS\system32\ofetvbcr.ini
C:\WINDOWS\system32\ojcibe.dll
C:\WINDOWS\system32\ondkueab.dll
C:\WINDOWS\system32\oomakp.dll
C:\WINDOWS\system32\opcasmua.ini
C:\WINDOWS\system32\opnnlKeC.dll
C:\WINDOWS\system32\oreqntlu.dll
C:\WINDOWS\system32\osjmihto.ini
C:\WINDOWS\system32\otppmftf.ini
C:\WINDOWS\system32\ovfsyuhc.dll
C:\WINDOWS\system32\owbeqwnp.ini
C:\WINDOWS\system32\oxevcijc.dll
C:\WINDOWS\system32\paixkhxj.ini
C:\WINDOWS\system32\pbkkcyht.dll
C:\WINDOWS\system32\pcjkngbb.dll
C:\WINDOWS\system32\pddptluc.ini
C:\WINDOWS\system32\pnlymhac.dll
C:\WINDOWS\system32\pxthrofv.ini
C:\WINDOWS\system32\qnxqpjid.dll
C:\WINDOWS\system32\qoasie.dll
C:\WINDOWS\system32\qoMdCUll.dll
C:\WINDOWS\system32\qqdilf.dll
C:\WINDOWS\system32\qsxrobcv.dll
C:\WINDOWS\system32\qsyuhvbs.ini
C:\WINDOWS\system32\qtuiyx.dll
C:\WINDOWS\system32\qyfqxrmh.ini
C:\WINDOWS\system32\reizfo.dll
C:\WINDOWS\system32\rnyexn.dll
C:\WINDOWS\system32\roimcrbl.ini
C:\WINDOWS\system32\rxrpyfsx.ini
C:\WINDOWS\system32\rygsrsnw.dll
C:\WINDOWS\system32\sdsqvd.dll
C:\WINDOWS\system32\smjltvbe.ini
C:\WINDOWS\system32\svvylaer.ini
C:\WINDOWS\system32\synauwnw.dll
C:\WINDOWS\system32\tavtvp.dll
C:\WINDOWS\system32\tfmlwoli.dll
C:\WINDOWS\system32\tijbub.dll
C:\WINDOWS\system32\tkdjlxww.ini
C:\WINDOWS\system32\tldjip.dll
C:\WINDOWS\system32\tqnvvgfs.ini
C:\WINDOWS\system32\tuqdkofr.ini
C:\WINDOWS\system32\uabyyf.dll
C:\WINDOWS\system32\uchakqmu.ini
C:\WINDOWS\system32\uegcwoit.ini
C:\WINDOWS\system32\UFNXaccf.ini
C:\WINDOWS\system32\UFNXaccf.ini2
C:\WINDOWS\system32\uleodmfq.dll
C:\WINDOWS\system32\unomdwxy.ini
C:\WINDOWS\system32\uqrshk.dll
C:\WINDOWS\system32\uyitrmhm.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\vbcjdfpo.ini
C:\WINDOWS\system32\vjvrlbpl.dll
C:\WINDOWS\system32\vptlksuj.dll
C:\WINDOWS\system32\vsxuks.dll
C:\WINDOWS\system32\vtUklkJd.dll
C:\WINDOWS\system32\vwstflji.dll
C:\WINDOWS\system32\wbelfdhb.ini
C:\WINDOWS\system32\wcngcwld.ini
C:\WINDOWS\system32\wcqsfqhk.ini
C:\WINDOWS\system32\wnntdknq.dll
C:\WINDOWS\system32\wyurfnau.dll
C:\WINDOWS\system32\wzpucz.dll
C:\WINDOWS\system32\xejlksqa.dll
C:\WINDOWS\system32\xexocthx.ini
C:\WINDOWS\system32\xggcqvul.dll
C:\WINDOWS\system32\xholicjb.dll
C:\WINDOWS\system32\xijtxc.dll
C:\WINDOWS\system32\xisbvorn.dll
C:\WINDOWS\system32\xotfrlma.ini
C:\WINDOWS\system32\xpgdmcqr.ini
C:\WINDOWS\system32\xqlacjuv.ini
C:\WINDOWS\system32\xrswdicg.dll
C:\WINDOWS\system32\xsxpphna.dll
C:\WINDOWS\system32\xxyXQgHa.dll
C:\WINDOWS\system32\yaxfyvkl.ini
C:\WINDOWS\system32\ydevbyin.dll
C:\WINDOWS\system32\yfcweo.dll
C:\WINDOWS\system32\ymqospdq.ini
C:\WINDOWS\system32\ypqlolek.dll
C:\WINDOWS\system32\yptwjcys.dll
C:\WINDOWS\system32\yqdsdy.dll
C:\WINDOWS\system32\yrbylhra.dll
C:\WINDOWS\system32\ywflqbhm.dll
C:\WINDOWS\system32\yzdjxp.dll
C:\WINDOWS\system32\zphxsm.dll
C:\WINDOWS\system32\zzxijr.dll
C:\xcrashdump.dat
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-13 13:24 . 2008-08-13 13:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 12:58 . 2008-08-13 12:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-13 12:58 . 2008-08-13 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 11:12 . 2008-08-13 11:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-13 11:12 . 2008-08-13 11:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 11:12 . 2008-08-13 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-24 12:39 . 2008-07-24 12:39 <DIR> d--hs---- C:\found.002

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 22:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-26 19:36 --------- d-----w C:\Program Files\Google
2008-06-24 18:29 --------- d-----w C:\Program Files\Yahoo!
2008-06-24 18:26 --------- d-----w C:\Program Files\Rhapsody
2008-06-24 18:26 --------- d-----w C:\Program Files\Real
2008-06-24 18:24 --------- d-----w C:\Program Files\Quicken
2008-06-24 18:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-24 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 18:15 --------- d-----w C:\Program Files\muvee Technologies
2008-06-24 18:15 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-06-24 18:15 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WildTangent
2008-06-24 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-24 18:14 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2008-06-24 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-06-24 17:59 --------- d-----w C:\Program Files\DivX
2008-06-24 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-06-24 17:46 --------- d-----w C:\Program Files\LiveAntispy
2008-06-24 17:45 --------- d-----w C:\Program Files\Symantec
2008-05-08 01:58 11,830 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 21:01 67584]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 14:15 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-20 17:06 7622656]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27 52848]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-29 22:33 120464]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 15:59 218240]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-20 23:47 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 20:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-06-20 17:06 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-07-21 00:01:45 36903]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ingzjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 10:44]
S3 npkycryp;npkycryp;C:\Nexon\MapleStory\npkycryp.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-30 22:42]

2008-02-18 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat [2008-02-18 16:49]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-7c132161 - C:\WINDOWS\system32\cultpddp.dll
HKLM-Run-PCDrProfiler - (no file)
HKU-Default-Run-CSmileys - C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe
Notify-__c00B243E - C:\WINDOWS\system32\__c00B243E.dat


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\77glia7c.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 09:41:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
.
**************************************************************************
.
Completion time: 2008-08-14 9:55:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 16:55:19

Pre-Run: 222,090,547,200 bytes free
Post-Run: 222,079,082,496 bytes free

447




HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:24 AM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm801NWUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: ingzjk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10347 bytes



#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 15 August 2008 - 03:16 PM

Scan again with HijackThis and put a checkmark next to the following entries (if present):

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm801NWUS
O20 - AppInit_DLLs: ingzjk.dll


Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button.

Reboot: important.

Download Silent Runners and extract it to a new folder on your Desktop.
Run the Silent Runners.vbs file.
You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
This script is not malicious so please allow it.
A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Ninix

Ninix
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 15 August 2008 - 06:19 PM

edit: nvm

Edited by Ninix, 15 August 2008 - 06:20 PM.


#6 Ninix

Ninix
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 15 August 2008 - 06:32 PM

hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:13 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9913 bytes



Silent Runners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"EasyLinkAdvisor" = ""C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup" ["Linksys, a Division of Cisco Systems, Inc."]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"ftutil2" = "rundll32.exe ftutil2.dll,SetWriteCacheMode" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" ["Intel Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"DMAScheduler" = ""c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"" ["Sonic Solutions"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" ["Hewlett-Packard Company"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "hpWebHelper Class"
\InProcServer32\(Default) = "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll" ["Hewlett-Packard"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\HP\Digital Imaging\wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\wallpaper.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDPlayPlayDVDMovieOnArrival\
"Provider" = "HP DVD Play"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithDVDPlay"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithDVDPlay\Command\(Default) = ""C:\Program Files\HP\DVDPlay\DVDPlay.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

EHomeMusicDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}"
-> {HKLM...CLSID} = "EHomeMusicDropTarget Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomePhotosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}"
-> {HKLM...CLSID} = "EHomePhotosHandler Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideoDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}"
-> {HKLM...CLSID} = "EHomeVideoDropTarget Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}"
-> {HKLM...CLSID} = "EHomeVideosHandler Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

HPAutoplayExpress\
"Provider" = "HP Photosmart Express Software"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Express"
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Express\DropTarget\CLSID = "{57FA3F08-E36E-4820-9CC4-122D46114993}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "c:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]

HPUnloadAutoplay\
"Provider" = "HP Photosmart Transfer Software"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "c:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

SonicSCAudioCDTask\
"Provider" = "Sonic RecordNow Audio"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\AudioCDTask\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {EBD22732-1CC3-4CD7-9A45-B8D98DA0E784}" [null data]

SonicSCCopyCD\
"Provider" = "Sonic RecordNow Copy"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]

SonicSCCopyDisc\
"Provider" = "Sonic RecordNow Copy"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]

SonicSCDataProject\
"Provider" = "Sonic RecordNow Data"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataGuide\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch Data" [null data]

SonicSCDataTask\
"Provider" = "Sonic RecordNow Data"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataTask\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {0BAC5C34-DF45-4C0F-8D64-8E92DCCF007D}" [null data]

SonicVideoCameraArrival\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = "new"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
-> {HKLM...CLSID} = "MyDVDAPHandler Class"
\LocalServer32\(Default) = "c:\PROGRA~1\Sonic\MyDVD\MyDVD.EXE -autoplay" ["Sonic Solutions"]

SonicVideoCameraArrivalDirect\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = "direct"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
-> {HKLM...CLSID} = "MyDVDAPHandler Class"
\LocalServer32\(Default) = "c:\PROGRA~1\Sonic\MyDVD\MyDVD.EXE -autoplay" ["Sonic Solutions"]

YMPEncodeCDAudioOnArrival\
"Provider" = "Yahoo! Music Jukebox"
"InvokeProgID" = "YMP.EncodeCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\YMP.EncodeCD\shell\Play\command\(Default) = ""C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -encodecd "%1"" ["Yahoo! Inc."]

YMPHandleCDBurningOnArrival\
"Provider" = "Yahoo! Music Jukebox"
"InvokeProgID" = "YMP.BurnCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\YMP.BurnCD\shell\Play\command\(Default) = ""C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -burncd "%1"" ["Yahoo! Inc."]

YMPHandleDVDBurningOnArrival\
"Provider" = "Yahoo! Music Jukebox"
"InvokeProgID" = "YMP.BurnDVD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\YMP.BurnDVD\shell\Play\command\(Default) = ""C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -burndvd "%1"" ["Yahoo! Inc."]

YMPMTPMediaPlayerArrivalHandler\
"Provider" = "Yahoo! Music Jukebox"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -mtpdevice"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

YMPPlayCDAudioOnArrival\
"Provider" = "Yahoo! Music Jukebox"
"InvokeProgID" = "YMP.PlayCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\YMP.PlayCD\shell\Play\command\(Default) = ""C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -playcd "%1"" ["Yahoo! Inc."]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

E:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\HP\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\HP_RECOVERY (D)\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\HP_RECOVERY (D)\HP\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]


Startup items in "HP_Administrator" & "All Users" startup folders:
------------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]
"Updates From HP" -> shortcut to: "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe -startup" ["Hewlett-Packard"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Run Full System Scan - HP_Administrator" -> launches: "c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Warranty Reminder 11 month" -> launches: "c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{C4069E3A-68F1-403E-B40E-20066696354B}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Internet Connection Help"
"MenuText" = "Internet Connection Help"
"Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"]
Intel® Quick Resume technology, ELService, "C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe" ["Intel Corporation"]
Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "ELkbd" ["Intel Corporation"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
Language Monitor\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2008-08-15 16:27:47)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 86 seconds.
---------- (total run time: 152 seconds)



#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 16 August 2008 - 03:57 PM

Things are starting to look much better now, how is it running for you?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 Ninix

Ninix
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 16 August 2008 - 05:59 PM

Its running better then before but its still a bit slow. I'm thinking that maybe I have too many unnecessary programs, can you take a look at it and tell me what I don't need? So I can uninstall it.

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 18 August 2008 - 04:41 AM

I have a couple of things to suggest that may help you to speed up the running of things, especially startup times.

You might like to limit the programs that are loading when your computer starts; you have have unnecessary software loading when you boot your computer which is eating away at your CPU and ultimately slowing down your computer. Many programmess install a quick launch feature which is not needed; if you want to use the programme you can start it up manually. The easiest way to see whether a programme is needed at startup, you can use BleepingComputer's own list, which gives an indication of whether the programme is required/optional, etc. Note that essential processes such as those for your anti-virus or your modem must be kept.
Firstly click on Start | Run and type msconfig. Then hit enter.
Click on the 'Startup' tab and a list of programmes will appear.
You can compare the startup name with those on the Startup List. The link is below:
www.bleepingcomputer.com/startups
To stop a programme loading at boot, just remove the tick next to its name.
Click OK, and choose to restart once you have worked your way through them.

You can also try to clear clutter off your computer, and free up some space on your hard drive. Old games, unwanted photos and unused programmes could be a starting point.

Next, go to Start | Run.
Type the following in the box: cleanmgr and click OK.
Let it scan your system for files to remove.
Make sure only 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are checked.
Press OK to remove them.

Windows puts new files in any available open space and defragging will cluster files closer together making your hard drive more efficient. This saves wear and tear while speeding up programmes.
1. Open My Computer.
2. Right-click the local disk volume that you want to defragment, and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.
5. This process takes quite a long time, so be patient.

You can also read the following tutorial as additional information to the above; it goes into much more detail than I have, but if you are still experiencing problems with slowdown it's a good idea to take a look:
These self-help instructions can be found here

Let me know this this helps at all.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users