Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Checking


  • This topic is locked This topic is locked
14 replies to this topic

#1 Arenlor

Arenlor

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 04 November 2006 - 01:02 AM

I just want to make sure I'm clear, I never trust just my own oppinion. This should come up clear.

Logfile of HijackThis v1.99.1
Scan saved at 12:58:36 AM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Anti-Malware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arenlor Computer Help
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Anti-Malware\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Anti-Malware\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132461784086
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 04 November 2006 - 12:50 PM

Your logs looks clean to me. :thumbsup:
Are you having any problems?

#3 Arenlor

Arenlor
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 04 November 2006 - 10:02 PM

My computer's just really slow recently after a trojan tried to install itself, my anti-vir caught the trojan as did my anti-spyware, but ever since it's been slow. May just be the age of the computer.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 05 November 2006 - 08:33 AM

Hey there,

There are a few steps I want you to complete to try and resolve the slow down on your computer.
A whole host of reasons might account for this slow down, but I will highlight the most prominent ones below.
On most computers malware is the most common cause.
You might like to limit the programs that are loading when your computer starts, you might have unneccessary software loading whn you boot your computer which is eating away at your CPU and ultimatley slowing down your computer. Many programs install a quick launch feature which is not needed; if you want to use the program you can start it up manually. The easiest way to see whether a program is needed at startup, you can use bleeping computer's own list, which gives an indication of whether the program is required/optional etc. Note that essential processes such as those for your anti-virus or your modem must be kept.
So, firstly click on start, then run and type msconfig. Then hit enter.
Click on the startup tab and a list of programs will appear.
You can compare the startup name with those on the startup list., link is below:
www.bleepingcomputer.com/startups

To stop a program loading at boot just remove the tick.
Click "Ok", and choose to restart.

You might like to try and clear clutter off your computer, and free up some space on your harddrive.
Old games, unwanted photos and unused programs could be a starting point.
You can also clear clutter such as temprary files by doing the following:
Go to start and click on the "run" button.
Type the following in the box --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Next you can defragment your hard-drive...when was the last time you did this?
Windows puts new files in any available open space and defragging will cluster files closer together making your harddrive more efficient.
This saves wear and tear while speeding up programs.
1. Open My Computer.
2. Right-click the local disk volume that you want to defragment, and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.
5. This process takes quite a long time, so be patient.

You might also like to read the following tutorial as additional infomation to the above:
These selfhelp instructions can be found here

Then, Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

David

#5 Arenlor

Arenlor
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 06 November 2006 - 01:26 PM

I use CCleaner at startup, PowerDefragmentor every Tuesday, and my anti-vir that I mentioned is Kaspersky. I went to uninstall a program today and saw a strange entry in my add/remove. Public Messenger ver 2.03
I have no clue what that is so I'm getting rid of it (of course saving a backup of the file first if anyone wants it)

Edit: The file doesn't exist nor it's directory, weird.

Edited by Arenlor, 06 November 2006 - 01:29 PM.


#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 06 November 2006 - 02:34 PM

This entry is malware - it's related to the smitfraud family of trojans.
Let's try a specific scanner and see if there are any leftovers.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

#7 Arenlor

Arenlor
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 06 November 2006 - 02:40 PM

SmitFraudFix v2.119

Scan done at 14:35:22.39, Mon 11/06/2006
Run from C:\Documents and Settings\Arenlor\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Arenlor


C:\Documents and Settings\Arenlor\Application Data


Start Menu


C:\DOCUME~1\Arenlor\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End


If I remember learning about smitfraudfix correctly, that's clean.

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 06 November 2006 - 02:51 PM

Yes that log is clean, it looks like the infection has been removed already.
Let's take another look at the computer with these quick scans.

Download and save Blacklight to your desktop.
Double-click blbeta.exe then accept the agreement.
Click on scan then click next,
You'll see a list of all items found.
Do not choose for rename yet! I want to see the log first; legitimate items can also be present.
There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

#9 Arenlor

Arenlor
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 06 November 2006 - 03:21 PM

11/06/06 15:01:31 [Info]: BlackLight Engine 1.0.47 initialized
11/06/06 15:01:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/06/06 15:01:32 [Note]: 7019 4
11/06/06 15:01:32 [Note]: 7005 0
11/06/06 15:01:34 [Note]: 7006 0
11/06/06 15:01:34 [Note]: 7011 3060
11/06/06 15:01:57 [Note]: 7026 0
11/06/06 15:01:57 [Note]: 7026 0
11/06/06 15:03:28 [Note]: FSRAW library version 1.7.1020
11/06/06 15:09:18 [Note]: 7007 0
Arenlor - 06-11-06 15:10:17.82	Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Arenlor\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-10-06 to 2006-11-06  ))))))))))))))))))))))))))))))))))
 
 
2006-11-06	14:35	1,908	--a--c---	C:\WINDOWS\system32\tmp.reg
2006-10-17	12:33	6,049,280	-----c---	C:\WINDOWS\system32\ieframe.dll
2006-10-17	12:33	50,688	-----c---	C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17	12:33	458,752	-----c---	C:\WINDOWS\system32\msfeeds.dll
2006-10-17	12:33	180,736	-----c---	C:\WINDOWS\system32\ieui.dll
2006-10-17	12:05	206,336	-----c---	C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17	11:58	61,952	-----c---	C:\WINDOWS\system32\icardie.dll
2006-10-17	11:58	12,288	-----c---	C:\WINDOWS\system32\msfeedssync.exe
2006-10-17	11:57	266,752	-----c---	C:\WINDOWS\system32\iertutil.dll
2006-10-17	11:27	380,928	-----c---	C:\WINDOWS\system32\ieapfltr.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))	


2006-11-06 13:45	--------	d----c---	C:\Program Files\Mozilla Firefox
2006-11-06 13:15	14713	--a--c---	C:\Documents and Settings\Arenlor\Application Data\phpdesigner2007.xml
2006-11-06 13:15	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\PHP Designer 2007
2006-11-06 12:47	--------	d----c---	C:\Program Files\Mozilla Thunderbird
2006-11-06 01:00	--------	d----c---	C:\Program Files\Trillian
2006-11-04 22:11	--------	d----c---	C:\Program Files\mIRC
2006-11-03 23:15	--------	d----c---	C:\Program Files\7-Zip
2006-10-30 00:15	--------	d----c---	C:\Program Files\OfficeUpdate11
2006-10-27 11:28	--------	d----c---	C:\Program Files\Internet Explorer
2006-10-27 11:09	--------	d----c---	C:\Program Files\Hewlett-Packard
2006-10-27 01:27	--------	d----c---	C:\Program Files\Registry Mechanic
2006-10-27 01:21	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\Uniblue
2006-10-27 00:08	--------	d---sc---	C:\Documents and Settings\Arenlor\Application Data\Microsoft
2006-10-26 22:29	--------	d----c---	C:\Program Files\Mozilla Sunbird
2006-10-24 19:50	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\Adobe
2006-10-17 23:00	--------	d----c---	C:\Program Files\Google
2006-10-17 12:33	413696	--a--c---	C:\WINDOWS\system32\vbscript.dll
2006-10-17 12:33	231424	--a--c---	C:\WINDOWS\system32\webcheck.dll
2006-10-17 12:33	156160	--a--c---	C:\WINDOWS\system32\msls31.dll
2006-10-17 12:06	78336	--a--c---	C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05	40960	--a--c---	C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05	105984	--a--c---	C:\WINDOWS\system32\url.dll
2006-10-17 12:04	101376	--a--c---	C:\WINDOWS\system32\occache.dll
2006-10-17 12:03	17408	--a--c---	C:\WINDOWS\system32\corpol.dll
2006-10-17 12:01	71680	--a--c---	C:\WINDOWS\system32\admparse.dll
2006-10-17 12:01	55296	--a--c---	C:\WINDOWS\system32\iesetup.dll
2006-10-17 12:01	382976	--a--c---	C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 12:01	229376	--a--c---	C:\WINDOWS\system32\ieaksie.dll
2006-10-17 12:01	152064	--a--c---	C:\WINDOWS\system32\ieakeng.dll
2006-10-17 12:01	13312	--a--c---	C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:00	54784	--a--c---	C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 12:00	43008	--a--c---	C:\WINDOWS\system32\iernonce.dll
2006-10-17 12:00	123904	--a--c---	C:\WINDOWS\system32\advpack.dll
2006-10-17 11:57	36352	--a--c---	C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:56	45568	--a--c---	C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28	48128	--a--c---	C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:23	161792	--a--c---	C:\WINDOWS\system32\ieakui.dll
2006-10-15 14:02	--------	d----c---	C:\Program Files\Opera
2006-10-15 13:54	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\Mozilla
2006-10-12 23:53	--------	d----c---	C:\Program Files\Common Files\Adobe Systems Shared
2006-10-12 23:53	--------	d----c---	C:\Program Files\Common Files
2006-10-12 23:52	--------	d----c---	C:\Program Files\Common Files\Adobe
2006-10-12 23:49	--------	d--h-c---	C:\Program Files\InstallShield Installation Information
2006-10-12 23:49	--------	d----c---	C:\Program Files\Adobe
2006-10-12 11:56	61072	--a--c---	C:\WINDOWS\system32\drivers\klick.sys
2006-10-12 11:56	59536	--a--c---	C:\WINDOWS\system32\drivers\klin.sys
2006-10-11 21:46	--------	d----c---	C:\Program Files\Java
2006-10-11 21:43	1226	--a--c---	C:\Documents and Settings\Arenlor\Application Data\AdobeDLM.log
2006-10-11 21:43	0	--a--c---	C:\Documents and Settings\Arenlor\Application Data\dm.ini
2006-10-11 21:27	--------	d----c---	C:\Program Files\Common Files\Microsoft Shared
2006-10-11 21:18	--------	d----c---	C:\Program Files\Microsoft Plus! Digital Media Edition
2006-10-11 21:15	--------	d----c---	C:\Program Files\Microsoft.NET
2006-10-11 11:24	58880	--a--c---	C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 11:24	553984	--a--c---	C:\WINDOWS\system32\p2psvc.dll
2006-10-11 11:24	313344	--a--c---	C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 11:24	153088	--a--c---	C:\WINDOWS\system32\p2p.dll
2006-10-11 11:24	116224	--a--c---	C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 11:24	104960	--a--c---	C:\WINDOWS\system32\p2pgasvc.dll
2006-10-10 23:15	--------	d----c---	C:\Program Files\Microsoft Visual Studio 8
2006-10-10 22:00	--------	d----c---	C:\Program Files\Common Files\Merge Modules
2006-10-10 21:22	--------	d----c---	C:\Program Files\Snapshot Viewer
2006-10-07 19:50	--------	d----c---	C:\Program Files\Microsoft Works
2006-10-07 19:50	--------	d----c---	C:\Program Files\Messenger
2006-10-07 19:50	--------	d----c---	C:\Program Files\IntelliMover Data Transfer Demo
2006-10-07 12:35	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\Apple Computer
2006-10-07 12:34	--------	d----c---	C:\Program Files\iTunes
2006-10-07 12:34	--------	d----c---	C:\Program Files\iPod
2006-10-07 12:32	--------	d----c---	C:\Program Files\QuickTime
2006-10-05 21:24	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\.BitTornado
2006-10-05 21:15	--------	d----c---	C:\Program Files\BitTornado
2006-09-27 22:47	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\Image Zone Express
2006-09-27 11:48	--------	d----c---	C:\Program Files\rpgwo
2006-09-21 21:23	73216	--a--c---	C:\WINDOWS\ST6UNST.EXE
2006-09-21 21:23	249856	-----c---	C:\WINDOWS\Setup1.exe
2006-09-19 21:39	114688	--a--c---	C:\WINDOWS\SeaMonkeyUninstall.exe
2006-09-19 21:38	114688	--a--c---	C:\WINDOWS\GREUninstall.exe
2006-09-19 21:38	--------	d----c---	C:\Program Files\Common Files\mozilla.org
2006-09-19 21:37	--------	d----c---	C:\Program Files\mozilla.org
2006-09-19 11:35	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\zsnesw142
2006-09-14 01:07	--------	d----c---	C:\Documents and Settings\Arenlor\Application Data\Opera
2006-09-13 23:08	23600	--a--c---	C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-09-13 00:01	1084416	--a--c---	C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51	1245184	--a--c---	C:\WINDOWS\system32\msxml4.dll
2006-09-12 16:01	--------	d----c---	C:\Program Files\HPQ
2006-09-12 16:00	--------	d----c---	C:\Program Files\Common Files\InstallShield
2006-09-06 16:43	22752	--a--c---	C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 10:45	617472	--a--c---	C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21	16896	--a--c---	C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14	23040	--a--c---	C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58	100352	--a--c---	C:\WINDOWS\system32\6to4svc.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ccleaner"="\"C:\\Anti-Malware\\CCleaner\\ccleaner.exe\" /AUTO"
"HijackThis startup scan"="\"C:\\Anti-Malware\\hijackthis\\HijackThis.exe\" /startupscan"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WkCalRem.LNK]
"backup"="C:\\WINDOWS\\pss\\WkCalRem.LNKStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\WkCalRem.exe "
"item"="WkCalRem"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="ocraware"
"hkey"="HKCU"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GameChannel"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
 
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

O11 - 
O2 - BH
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PR
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PR
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O2 - BH
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O2 - BH
O2 - BH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O2 - BH
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O2 - BH
O2 - BH
O2 - BH
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Anti-Malware\CCleaner\ccleaner.exe" /AUT
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Anti-Malware\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WIND
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WIND
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WIND
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - 
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard 
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132461784086
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WIND
O20 - Winlogon Notify: klogon - C:\WIND
O20 - Winlogon Notify: WgaLogon - C:\WIND
O20 - Winlogon Notify: WRNotifier - C:\WIND
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WIND
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O4 - HKCU\..\Run: [HijackThis startup scan] "C:\Anti-Malware\hijackthis\HijackThis.exe" /startupscan

 
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Power Defragmenter GUI.job
C:\WINDOWS\tasks\Spybot - Search & Destroy -  Scheduled Task.job
C:\WINDOWS\tasks\wrSpySweeper_8AEDCB88166E4E859CE7BE89E538A730.job
C:\WINDOWS\tasks\wrSpySweeper_CF5ADFFF2F5B4FC48A0C24972DCA7ED1.job
C:\WINDOWS\tasks\{7AE3EC58-0C57-40FE-A95F-E6CA7EF98C6B}_YOUR-C8BH3JAGLT_Owner.job

Completion time: 06-11-06 15:13:28.07 
C:\ComboFix.txt ... 06-11-06 15:13
Logfile of HijackThis v1.99.1
Scan saved at 3:17:43 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Anti-Malware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arenlor Computer Help
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Anti-Malware\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Anti-Malware\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132461784086
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 06 November 2006 - 03:43 PM

Nope I don't see anything wrong here either.
Let's do one last scan...

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

#11 Arenlor

Arenlor
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 06 November 2006 - 06:54 PM

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, November 06, 2006 6:43:51 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.83.0
 Kaspersky Anti-Virus database last update:  6/11/2006
 Kaspersky Anti-Virus database records: 225130
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: standard
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	J:\

Scan Statistics:
	Total number of scanned objects: 97111
	Number of viruses found: 0
	Number of infected objects: 0 / 0
	Number of suspicious objects: 0
	Duration of the scan process: 02:31:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15de_pdm_eventcritlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15de_pdm_eventlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15de_pdm_eventlog_reg.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15e0_File_Monitoring_eventcritlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15e0_File_Monitoring_eventlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15e2_Mail_Monitoring_eventlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\15e4_Web_Monitoring_eventlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Sun\Java\Deployment\log\plugin150_09.trace	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\abook.mab	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\ImapMail\pgsist-2.org\INBOX.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\ImapMail\pgsist-2.org\INBOX.sbd\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\ImapMail\pgsist-2.org.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\arenlor.ulmb.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\arenlor.ulmb.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\Local Folders\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\Local Folders\Templates.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\Local Folders\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-1\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-1\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-10\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-10\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-11\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-11\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-2\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-2\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-4\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-4\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-7\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-7\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-8\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-8\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-9\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\localhost-9\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\mail.doumc.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\mail.doumc.com\Sent.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\mail.doumc.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\mail.nerdshack.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\mail.nerdshack.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\News & Blogs-1\Junk.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\News & Blogs-1\Megatokyo News.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\News & Blogs-1\Penny-Arcade.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\News & Blogs-1\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\News & Blogs-1\Youth Devotions.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\pop.gmail.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\pop.gmail.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\promail.ptd.net\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\promail.ptd.net\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-2.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-2.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-3.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-3.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-4.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-4.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-5.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-5.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-6.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-6.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-7.com\Inbox.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\Mail\ulmb-7.com\Trash.msf	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\panacea.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Application Data\Thunderbird\Profiles\9i1laltp.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Arenlor\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Application Data\Mozilla\Firefox\Profiles\y05hqi01.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\History\History.IE5\MSHist012006110520061106\index.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Temp\hpodvd09.log	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Temp\hsperfdata_Arenlor\1048	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Temp\Perflib_Perfdata_490.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Arenlor\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01AF2C59-7763-455C-AEE8-5E361F971165.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS05B8921F-5967-4661-8A88-EF0697CDD648.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0975A2C0-A52D-409F-B185-F49F661C9246.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AB84A30-C573-4FF5-81CB-17F243D82AD9.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0DE000CF-E244-4BB7-9036-885D278750BB.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E43A887-483E-42DB-BD9E-7259261D93B2.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS152258D1-5EC2-4ABB-89EE-0C6F36738713.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2016EF9D-76EA-4834-80F0-33548C0E2D5B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20FE5CF5-68C5-41EA-9B8F-3BE5696F5C15.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS27AC7F24-65D8-4E7C-AA7B-1869DE177193.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C904E99-49D3-48CA-83DD-934A7E082448.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E058D29-738C-4C94-95B3-8BD00E566A7F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E1D1736-1DEA-4C7D-8441-23FBC59FF8CD.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS33F59A1A-59FE-4E5F-B4B8-DFA67DA26295.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS36F88FF8-155E-4C68-94C3-A5B016445711.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37D12AC3-76E7-428C-B02F-84C11491396B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A34147D-7AD3-4390-8F63-122D574636CD.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B6234DF-F80F-4294-8D15-FA46BD4A728F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C490A7C-B6C7-4CEF-BA7A-5C8EB15A60F8.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS477E64B6-69C1-4642-89C2-B69E0DAF707E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B15E0EF-E087-4802-A092-46D739BB3999.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E722C8A-4E36-4AA5-BF65-5E74E12C539A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F1673B7-97A8-4E3C-BAD4-13A6A33C1A4E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5146164B-878A-425C-AA49-47ECFFD74A29.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS568C64A1-A1DB-4D26-BD03-14FAC1B09400.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C24B505-77F3-4C3D-AE8B-B411E74E73FC.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5E719A2F-BBC3-4251-8F71-83B3992DE5A8.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS60A0CDE8-6028-48CF-9A2E-20575C5FE7E8.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6450E0F6-FFA4-4EA1-AC4D-711C80AA592A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65A61F11-12DA-4095-BFDC-E819F11C18EE.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65B021B6-5BB9-4CEC-82AE-7FDD2B69F5BA.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C26C6B2-3C44-4CE1-9CAF-D3D07CF755E2.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CA45F72-057C-4C2D-9FBB-0667BF33E0A4.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E7789A1-6445-473C-900A-4B7358FC2B36.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS763FDE2D-24D3-403E-824A-B2E1359CA24F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS793D5BDA-21BC-45E0-869C-7E2E9EA8219F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7BDDFFA9-3F67-489C-A7B5-F6D7CA00D049.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D315109-F326-4CAE-9BE1-7AEBE46D46E9.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS868DC423-9CE5-407E-B312-13946DB154E7.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D40F881-7D8E-4556-9347-870E46753EE0.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DCB55DA-399E-4D74-80E8-612652D8305F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94AFD00B-142C-4622-8757-F727CBE0AAD5.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94F1665C-3669-4EB3-ADE9-89F5D71F4B19.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS968D1C82-5C5D-4019-BBD1-B2DBE99497AD.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9737491D-1299-4349-A4FC-76A087AF0001.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9DC60A35-14BE-41F2-BC7A-34EB56A3E135.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA01EFF83-BFB5-4CA1-A14E-6C3A8D593BE9.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1510AC3-31ED-4D7A-9C74-9635E3D4CE72.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6553D4C-3D82-4443-81A2-BDFD44621B3B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA67930B5-A480-42B2-B522-8EC1873D762F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAEB9ABDB-9C0C-4628-A0D2-4994A7E91AC2.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2C3921A-8D0C-4439-A0A3-74DE2731933F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB428EC43-C39B-4F3C-96D9-ACB3F092594E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB786F5B5-FBF1-47AB-8BBB-DC5AECB8BD36.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB96C52A8-1CCE-4D6B-BE84-DB41EEB98C6E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4F49B4B-3B1B-4613-B470-058F4739114B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC573E90D-8B51-455A-9F48-E59428EB9EC5.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC73E3F52-8A8D-4F39-A92A-693A6B6028FD.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9E97A1C-6E95-44F9-8ACA-7F5273D805F6.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCCCEE5E2-2B30-4F91-B02D-5D94B65AF4E3.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEB9E6CA-3B69-44DC-AFAA-9A61AF90E131.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCFFBF5C-1E4D-496A-8D9D-0579A24BED3C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4E5F3F0-16EF-4CA5-9142-61F385E21EEF.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEEC4F5C2-EF45-403A-B46B-EB0A3D9530EF.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF7E0ACD-CCEB-48A4-B495-E20BD7F49756.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF56053DC-C174-443B-8CF6-913BFB78BD0C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF6134A04-7FEF-4BEC-A203-17DDD7A8B2EB.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9CF0BBC-4C2B-46F2-9E56-68F803C6ECBB.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD203635-FB32-48D5-8568-B2B0A1A5C6D3.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base	Object is locked	skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20060511072824.zip	Object is locked	skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat	Object is locked	skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat	Object is locked	skipped
C:\System Volume Information\catalog.wci\00000002.ps1	Object is locked	skipped
C:\System Volume Information\catalog.wci\00000002.ps2	Object is locked	skipped
C:\System Volume Information\catalog.wci\0001000B.ci	Object is locked	skipped
C:\System Volume Information\catalog.wci\cicat.fid	Object is locked	skipped
C:\System Volume Information\catalog.wci\cicat.hsh	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiCL0001.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiP10000.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiP20000.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiPT0000.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiSL0001.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiSP0000.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiST0000.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\CiVP0000.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\INDEX.000	Object is locked	skipped
C:\System Volume Information\catalog.wci\propstor.bk1	Object is locked	skipped
C:\System Volume Information\catalog.wci\propstor.bk2	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP806\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Prefetch\Layout.ini	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{19488D43-D1B4-47D7-9119-682BAC18AD95}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\fidbox.dat	Object is locked	skipped
C:\WINDOWS\system32\drivers\fidbox.idx	Object is locked	skipped
C:\WINDOWS\system32\drivers\fidbox2.dat	Object is locked	skipped
C:\WINDOWS\system32\drivers\fidbox2.idx	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\temp\cch~cde5316032.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~cde531f8b5.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~cde5c70efb.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~cde5c714ca.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~dee5e96ee1.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~dee5e9f5dc.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~dee5ec2539.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~dee5ec3027.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~dee84955f3.htp	Object is locked	skipped
C:\WINDOWS\temp\cch~dee8495cc8.htp	Object is locked	skipped
C:\WINDOWS\temp\~DF3003.tmp	Object is locked	skipped
C:\WINDOWS\temp\~DFFA28.tmp	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 6:50:51 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Anti-Malware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arenlor Computer Help
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Anti-Malware\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Anti-Malware\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132461784086
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 07 November 2006 - 11:58 AM

Absolutely nothing wrong here at all, your system is clean. :thumbsup:

#13 Arenlor

Arenlor
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here
  • Local time:10:23 AM

Posted 07 November 2006 - 12:41 PM

Might sound odd, but that's not the answer I was hoping for, because it's been running slowly. Oh well must be hardware, thanks for your time.

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 07 November 2006 - 12:50 PM

I know what you mean, and I sympathise.
Sometimes you hope there is a problem so it can be fixed.
I now see a clean log here, there are no signs of malware or anything that may cause the problems you are having. I recommend that you post your question in the following forum as you will recieve better help there. Let them know you have had your Hijackthis log checked, and it isn't a security issue.
Web Browsing/Email and Other Internet Applications
You might also like to post in the hardware forum.

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:23 PM

Posted 18 November 2006 - 06:11 PM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users