Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Your Privacy is in Danger" Red Screen [RESOLVED]

Started by JuanLikesChopin , Jul 02 2008 12:30 PM

  • This topic is locked This topic is locked

#1
JuanLikesChopin
Posted 02 July 2008 - 12:30 PM

JuanLikesChopin

    Member

  • Member
  • PipPip
  • 15 posts
Hello, I am new here and this is my first post.
My desktop was suddenly taken over by a red screen with a symbol on it and it said "your Privacy Is In Danger". I was able to close the red desktop background but whenever I restarted my computer it would reappear. My antivirus would also popup messages saying it detected something.
I read and tried to follow the "You Must Read This Before Posting A Hijackthis Log" post before posting this message but I didn't get very far before encountering problems. I am writing this on a laptop because my infected desktop won't even let me open Mozilla and it won't let me access geekstogo so I am using my laptop to download all of the programs and then using a flashdrive to pass them to my problematic computer.
I have ran ATF Cleaner and created the System Restore Point. I downloaded the Malwarebytes' Anti-Malware setup but every time I tried to run this setup nothing would happen as if my computer won't let me open this setup. I had no choice but to skip this step.
Next, I was able to run SUPERAntiSpyware and after the scan I was able to save the log file (which I'll post here). I just tried to move on to the next step of doing the Online Panda Activescan but I wasn't able to do it because my Mozilla won't open at all and Internet Explorer now began to close itself as soon as I open it saying it encountered an error and had to close. The only browser that works is Netscape but it said that I have to use Mozilla or IE for the Panda Activescan. This was the last thing I did but since I was encountering these problems I had to stop there. I have the setups for the other programs that I haven't used in a flashdrive. I would really appreciate some help. :)
Here is the log for SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 07/02/2008 at 07:44 AM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1486

Scan type : Complete Scan
Total Scan Time : 02:13:35

Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 9179
Registry threats detected : 3
File items scanned : 145764
File threats detected : 7

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
  • 0

Advertisements

#2
Rorschach112
Posted 02 July 2008 - 02:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
JuanLikesChopin
Posted 02 July 2008 - 06:11 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, I downloaded SmitFraudFix and ran my computer on safe mode. However, when I tried to open the setup on my computer nothing happens. It doesn't open and nothing happens. It's as if something is blocking it from running but I don't know what's going on. What should I do?
Thank you.
  • 0

#4
Rorschach112
Posted 03 July 2008 - 12:28 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run DSS
  • 0

#5
JuanLikesChopin
Posted 03 July 2008 - 03:34 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I ran DSS and here is main.txt log:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-03 17:23:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-07-03 21:23:20 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2008-07-02 09:25:50 UTC - RP50 - Installed SUPERAntiSpyware Free Edition
49: 2008-07-02 09:12:12 UTC - RP49 - redscreen virus time
48: 2008-07-01 22:31:07 UTC - RP48 - System Checkpoint
47: 2008-06-30 22:00:18 UTC - RP47 - System Checkpoint


-- First Restore Point --
1: 2008-06-03 20:10:26 UTC - RP1 - Installed Java™ 6 Update 5


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-03 17:25:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\arpwrmsg.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DISCUpdMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: gxvpsafm - {01DC360B-6DEB-4B33-9329-F12E9CD8FB24} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://trymedia.com (HKLM)
O15 - Trusted Zone: https://trymedia.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14447 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
S2 SSPORT - c:\windows\system32\drivers\ssport.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S2 SessionLauncher - c:\docume~1\hp_adm~1\locals~1\temp\dx9\sessionlauncher.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-02 05:26:01 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 05:25:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 05:25:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-07-02 04:15:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2008-07-01 04:19:18 27776 --a------ C:\WINDOWS\system32\khfCtUKD.dll
2008-07-01 04:18:54 81920 --a------ C:\WINDOWS\tovafrnm.exe
2008-07-01 04:18:54 180224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-07-01 04:18:54 229376 --a------ C:\WINDOWS\pntqkflv.dll
2008-07-01 04:18:54 151552 --a------ C:\WINDOWS\gxvpsafm.dll
2008-07-01 04:18:54 139264 --a------ C:\WINDOWS\eqwt.exe
2008-06-16 04:30:29 0 d-------- C:\Program Files\Virtual Earth 3D
2008-06-15 21:19:38 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-11 00:36:55 0 dr------- C:\liliana
2008-06-10 01:27:58 479232 --a------ C:\WINDOWS\ssndii.exe <Not Verified; ; Non-Device INF Installer>
2008-06-10 01:27:54 49152 --a------ C:\WINDOWS\system32\ssusbpn.dll <Not Verified; Samsung Electronics; Samsung MFP>
2008-06-10 01:27:54 57344 --a------ C:\WINDOWS\system32\ssdevm.dll <Not Verified; Samsung Electronics; Samsung MFP>
2008-06-10 01:27:53 0 d-------- C:\WINDOWS\Samsung
2008-06-10 01:25:56 0 d-------- C:\WINDOWS\system32\drivers\Samsung
2008-06-10 01:25:55 41984 -----n--- C:\WINDOWS\system32\drivers\DGIVECP.SYS <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
2008-06-06 10:44:33 0 d-------- C:\Program Files\Bonjour
2008-06-06 10:42:43 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-06 10:38:56 4 --a------ C:\WINDOWS\system32\1E1B92
2008-06-04 11:48:07 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-04 10:26:46 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-03 22:50:39 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-03 21:28:35 0 d-------- C:\Program Files\InterActual
2008-06-03 21:11:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-03 21:11:07 0 d-------- C:\Program Files\SmartSound Software
2008-06-03 21:01:58 251664 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-03 21:01:58 1039360 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-03 21:01:57 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 21:01:57 24336 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-03 21:01:57 37136 --a------ C:\WINDOWS\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-03 21:01:39 195968 --a------ C:\WINDOWS\system32\QCONNECT.DLL <Not Verified; Intuit Inc.; Quicken 99 for Windows>
2008-06-03 21:01:39 193024 --a------ C:\WINDOWS\system32\QCON3216.EXE <Not Verified; Intuit; Quicken for Windows>
2008-06-03 21:01:39 259584 --a------ C:\WINDOWS\system32\QCON32.DLL <Not Verified; Intuit Inc.; Quicken 99 for Windows>
2008-06-03 21:01:39 41472 --a------ C:\WINDOWS\system32\IPROF32.DLL <Not Verified; Intuit; Intuit Family of Products>
2008-06-03 21:01:39 48640 --a------ C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>
2008-06-03 21:01:39 5856 --a------ C:\WINDOWS\system32\INET16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-06-03 21:01:27 51200 --a------ C:\WINDOWS\system32\Q_ENCUTL.DLL <Not Verified; Intuit; Online Services>
2008-06-03 21:01:27 73728 --a------ C:\WINDOWS\system32\Q_ENCLIB.DLL <Not Verified; Intuit; Online Services>
2008-06-03 18:10:31 44096 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-03 18:05:37 0 d---s---- C:\Documents and Settings\HP_Administrator\UserData
2008-06-03 17:42:55 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-03 17:42:55 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-03 17:41:03 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
2008-06-03 17:17:27 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-06-03 16:12:51 0 d-------- C:\Program Files\Sun
2008-06-03 16:11:13 0 dr-hs---- C:\cmdcons
2008-06-03 16:10:53 0 d-------- C:\WINDOWS\setupupd
2008-06-03 16:05:37 0 dr-h----- C:\Documents and Settings\HP_Administrator\SendTo
2008-06-03 16:05:37 0 d--h----- C:\Documents and Settings\HP_Administrator\PrintHood
2008-06-03 16:05:37 0 d--h----- C:\Documents and Settings\HP_Administrator\NetHood
2008-06-03 16:05:37 0 dr------- C:\Documents and Settings\HP_Administrator\My Documents
2008-06-03 16:05:37 0 d--h----- C:\Documents and Settings\HP_Administrator\Local Settings
2008-06-03 16:05:37 0 dr------- C:\Documents and Settings\HP_Administrator\Favorites
2008-06-03 16:05:37 0 d-------- C:\Documents and Settings\HP_Administrator\Desktop
2008-06-03 16:05:37 0 d--hs---- C:\Documents and Settings\HP_Administrator\Cookies
2008-06-03 16:05:37 0 d--h----- C:\Documents and Settings\HP_Administrator\Application Data
2008-06-03 16:05:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-06-03 16:05:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-06-03 16:05:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2008-06-03 16:05:36 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-06-03 16:05:36 0 d--h----- C:\Documents and Settings\HP_Administrator\Templates
2008-06-03 16:05:36 0 dr------- C:\Documents and Settings\HP_Administrator\Start Menu
2008-06-03 16:05:36 3932160 --a------ C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2008-06-03 16:02:17 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2008-07-03 17:13:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-07-03 17:02:51 5071 --a------ C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
2008-07-03 16:59:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-07-02 05:25:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 14:23:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 19:26:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-06-15 21:19:38 0 d-------- C:\Program Files\Common Files
2008-06-15 21:19:31 0 d-------- C:\Program Files\Common Files\Real
2008-06-14 14:04:40 0 d-------- C:\Program Files\Finale NotePad 2008
2008-06-11 23:03:11 0 d-------- C:\Program Files\Google
2008-06-10 14:58:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-06-10 01:24:43 0 d-------- C:\Program Files\SAMSUNG
2008-06-07 13:05:01 0 d-------- C:\Program Files\LimeWire
2008-06-06 10:44:08 0 d-------- C:\Program Files\QuickTime
2008-06-06 10:42:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-04 11:50:35 0 d-------- C:\Program Files\Quicken
2008-06-04 11:47:28 0 d-------- C:\Program Files\Common Files\Skype
2008-06-04 10:30:23 40 --ahs---- C:\Documents and Settings\HP_Administrator\Application Data\.zreglib
2008-06-03 21:45:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Roxio
2008-06-03 21:18:47 0 d-------- C:\Program Files\Roxio
2008-06-03 21:17:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-03 21:14:00 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-03 21:10:45 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 20:59:31 0 d-------- C:\Program Files\eMule
2008-06-03 18:00:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 17:40:30 0 d-------- C:\Program Files\Rhapsody
2008-06-03 16:12:37 0 d-------- C:\Program Files\Java
2008-05-30 19:05:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Longman_DAE
2008-05-30 18:10:31 0 d-------- C:\Program Files\Longman
2008-05-25 00:55:49 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-05-25 00:51:27 0 d-------- C:\Program Files\Pinnacle
2008-05-25 00:18:28 0 d-------- C:\Program Files\NeroInstall.bak
2008-05-25 00:16:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-05-25 00:15:06 0 d-------- C:\Program Files\Common Files\Nero
2008-05-25 00:13:03 0 d-------- C:\Program Files\Nero
2008-05-25 00:05:08 0 d-------- C:\Program Files\Ahead
2008-05-25 00:03:26 0 d-------- C:\Program Files\AskTBar
2008-05-16 12:58:22 0 d-------- C:\Program Files\BrowsingEnhancer
2008-04-15 17:11:09 1426 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/08/2006 07:54 AM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 10:15 PM]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" []
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [02/21/2008 02:17 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [08/24/2007 03:52 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"PCDrProfiler"="" []
"nwiz"="nwiz.exe" [01/24/2006 10:15 PM C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [06/15/2008 09:19 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" []
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/15/2005 09:18 PM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [08/14/2007 03:44 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 12:05 PM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/16/2006 05:11 AM]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [03/16/2006 05:12 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/24/2007 11:11 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 1:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [8/22/2007 3:19:28 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 9:40:44 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE [8/22/2007 3:19:34 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 10:24:38 PM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [5/25/2006 6:02:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a8bafd-31b8-11dd-ac5d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-07-03 17:27:00 ------------
  • 0

#6
JuanLikesChopin
Posted 03 July 2008 - 03:37 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the DSS extra.txt log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1982.48 MiB / 1196.55 MiB
Pagefile Memory (total/avail): 3876.63 MiB / 3274.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.06 MiB

C: is Fixed (NTFS) - 224.07 GiB total, 95.86 GiB free.
D: is Fixed (FAT32) - 8.79 GiB total, 0.76 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.07 GiB - C:
\PARTITION1 - Unknown - 8.81 GiB - D:

\\.\PHYSICALDRIVE5 - USB Flash Memory USB Device - 3.84 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 3.84 GiB - J:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"J:\\virusfix\\Download_mbam-setup.exe"="J:\\virusfix\\Download_mbam-setup.exe:*:Enabled:Download_mbam-setup"
"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GERMAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\GERMAN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=GERMAN
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Alien Outbreak 2 --> "C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe"
Ancient Sudoku --> "C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bejeweled 2 Deluxe --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Big Kahuna Reef --> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
Blackhawk Striker 2 --> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Remix --> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
Blasterball 2 Revolution --> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bookworm Deluxe --> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
Bounce Symphony --> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
Chuzzle Deluxe --> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DAO 3.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intuit\DAO 3.5\Uninst.isu"
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Diner Dash --> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DISCover --> "C:\Program Files\DISC\uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EMC 10 Content --> MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /remove
Fairies --> "C:\Program Files\HP Games\Fairies\Uninstall.exe"
Family Feud --> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FATE --> "C:\Program Files\HP Games\FATE\Uninstall.exe"
Finale NotePad 2008 --> C:\Program Files\Finale NotePad 2008\uninstallNP.exe
Flip Words --> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console --> "C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Insaniquarium Deluxe --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest --> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Mah Jong Quest --> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
Microsoft Away Mode -->
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Mystery Case Files --> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Poker Superstars --> "C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler --> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer --> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
Quicken Basic 99 --> C:\WINDOWS\IsUninst.exe -fC:\QUICKENW\Uninst.isu
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Ricochet Lost Worlds --> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack --> MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer --> MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio Disc Gallery --> MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}
Roxio Easy Media Creator 10 Suite --> MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio File Backup --> MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio MediaShare --> MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung CLP-300 Series --> C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R
SCRABBLE --> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe --> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Snowy The Bears Adventure --> "C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Super Granny --> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tennis Titans --> "C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
Tornado Jockey --> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type825 / Error
Event Submitted/Written: 07/02/2008 01:53:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type824 / Error
Event Submitted/Written: 07/02/2008 01:32:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application notepad.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a6000a.
Processing media-specific event for [notepad.exe!ws!]

Event Record #/Type823 / Error
Event Submitted/Written: 07/02/2008 01:31:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application notepad.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a6000a.
Processing media-specific event for [notepad.exe!ws!]

Event Record #/Type822 / Error
Event Submitted/Written: 07/02/2008 01:27:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application notepad.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a6000a.
Processing media-specific event for [notepad.exe!ws!]

Event Record #/Type821 / Error
Event Submitted/Written: 07/02/2008 01:24:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application notepad.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00a6000a.
Processing media-specific event for [notepad.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3003 / Error
Event Submitted/Written: 07/03/2008 05:26:16 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type2980 / Error
Event Submitted/Written: 07/03/2008 05:11:11 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type2977 / Error
Event Submitted/Written: 07/03/2008 05:10:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SSPORT service failed to start due to the following error:
%%2

Event Record #/Type2976 / Error
Event Submitted/Written: 07/03/2008 05:10:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SessionLauncher service failed to start due to the following error:
%%3

Event Record #/Type2975 / Error
Event Submitted/Written: 07/03/2008 05:10:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DgiVecp service failed to start due to the following error:
%%20



-- End of Deckard's System Scanner: finished at 2008-07-03 17:27:00 ------------
  • 0

#7
Rorschach112
Posted 04 July 2008 - 06:12 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: gxvpsafm - {01DC360B-6DEB-4B33-9329-F12E9CD8FB24} - C:\WINDOWS\gxvpsafm.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\khfCtUKD.dll
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\eqwt.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a8bafd-31b8-11dd-ac5d-806d6172696f}
C:\WINDOWS\privacy_danger
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




You have two firewalls, so you need to disable Windows firewall

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Also post a new DSS log
  • 0

#8
JuanLikesChopin
Posted 04 July 2008 - 03:27 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The program I ran before was DSS. This is the first time i tried to open HiJackThis but when I tried to run the HJTInstall.exe it won't work. Nothing opens. I disabled my firewalls to see if they were blocking it but nothing happens. What do I do?
  • 0

#9
Rorschach112
Posted 04 July 2008 - 03:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this then try it

Run DSS again, using these instructions:

Click START> Run - then copy the following bold blue text and paste it into the Run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.

Click on Scan.

Place a checkmark next to the entries displayed when the scan is finished then Click on Fix.

Repeat the scan; you should get a message "All Associations OK!"

Next, click Save Log, and post this log in your next reply.


If it fails go and run MBAM
  • 0

#10
JuanLikesChopin
Posted 04 July 2008 - 04:30 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, when I tried to open "%userprofile%\desktop\dss.exe" /daft in RUN it didn't work but when I took off "/daft" it ran dss.exe and it installed HijackThis on my desktop. Then it automatically loaded as if it was doing some sort of scan and then it automatically opened a new log file in notepad called main.txt. Now I have a HijackThis icon on my desktop and have main.txt opened. I can run HijackThis now if you want me to.

Edited by JuanLikesChopin, 04 July 2008 - 04:33 PM.

  • 0

Advertisements

#11
Rorschach112
Posted 04 July 2008 - 05:06 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes do the HJT step I told you about

Then run MBAM

Then post a new DSS log
  • 0

#12
JuanLikesChopin
Posted 04 July 2008 - 06:07 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I did the previous HijackThis step and I fixed those two files and then my desktop screen became blue. It was all good until then but when I tried to run OTMoveIt2.exe and mbam-setup.exe neither of them worked. They won't open and this is the same problem I've been having before.
I'll still post a new DSS log even though I'm not sure if it will help you any since I was unable to do those previous steps.
I clicked on the dss.exe icon and it loaded and opened this log file main.txt:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-04 20:04:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:26 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccUpdUI.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 13182 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-02 05:26:01 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 05:25:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 05:25:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-07-02 04:15:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2008-07-01 04:19:18 27776 --a------ C:\WINDOWS\system32\khfCtUKD.dll
2008-07-01 04:18:54 81920 --a------ C:\WINDOWS\tovafrnm.exe
2008-07-01 04:18:54 180224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-07-01 04:18:54 229376 --a------ C:\WINDOWS\pntqkflv.dll
2008-07-01 04:18:54 151552 --a------ C:\WINDOWS\gxvpsafm.dll
2008-07-01 04:18:54 139264 --a------ C:\WINDOWS\eqwt.exe
2008-06-16 04:30:29 0 d-------- C:\Program Files\Virtual Earth 3D
2008-06-15 21:19:38 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-11 00:36:55 0 dr------- C:\liliana
2008-06-10 01:27:58 479232 --a------ C:\WINDOWS\ssndii.exe <Not Verified; ; Non-Device INF Installer>
2008-06-10 01:27:54 49152 --a------ C:\WINDOWS\system32\ssusbpn.dll <Not Verified; Samsung Electronics; Samsung MFP>
2008-06-10 01:27:54 57344 --a------ C:\WINDOWS\system32\ssdevm.dll <Not Verified; Samsung Electronics; Samsung MFP>
2008-06-10 01:27:53 0 d-------- C:\WINDOWS\Samsung
2008-06-10 01:25:56 0 d-------- C:\WINDOWS\system32\drivers\Samsung
2008-06-10 01:25:55 41984 -----n--- C:\WINDOWS\system32\drivers\DGIVECP.SYS <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
2008-06-06 10:44:33 0 d-------- C:\Program Files\Bonjour
2008-06-06 10:42:43 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-06 10:38:56 4 --a------ C:\WINDOWS\system32\1E1B92
2008-06-04 11:48:07 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-04 10:26:46 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-07-04 19:49:01 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-07-04 18:22:16 0 d-------- C:\Program Files\Trend Micro
2008-07-04 17:12:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-07-03 19:41:32 5071 --a------ C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
2008-07-02 05:25:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 14:23:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 19:26:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-06-15 21:19:38 0 d-------- C:\Program Files\Common Files
2008-06-15 21:19:31 0 d-------- C:\Program Files\Common Files\Real
2008-06-14 14:04:40 0 d-------- C:\Program Files\Finale NotePad 2008
2008-06-11 23:03:11 0 d-------- C:\Program Files\Google
2008-06-10 14:58:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-06-10 01:24:43 0 d-------- C:\Program Files\SAMSUNG
2008-06-07 13:05:01 0 d-------- C:\Program Files\LimeWire
2008-06-06 10:44:08 0 d-------- C:\Program Files\QuickTime
2008-06-06 10:42:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-04 11:50:35 0 d-------- C:\Program Files\Quicken
2008-06-04 11:47:28 0 d-------- C:\Program Files\Common Files\Skype
2008-06-04 10:30:23 40 --ahs---- C:\Documents and Settings\HP_Administrator\Application Data\.zreglib
2008-06-03 21:45:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Roxio
2008-06-03 21:29:02 0 d-------- C:\Program Files\InterActual
2008-06-03 21:18:47 0 d-------- C:\Program Files\Roxio
2008-06-03 21:17:59 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-03 21:14:00 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-03 21:11:07 0 d-------- C:\Program Files\SmartSound Software
2008-06-03 21:10:45 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 20:59:31 0 d-------- C:\Program Files\eMule
2008-06-03 18:00:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 17:40:30 0 d-------- C:\Program Files\Rhapsody
2008-06-03 16:12:51 0 d-------- C:\Program Files\Sun
2008-06-03 16:12:37 0 d-------- C:\Program Files\Java
2008-06-03 16:09:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-05-30 19:05:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Longman_DAE
2008-05-30 18:10:31 0 d-------- C:\Program Files\Longman
2008-05-25 00:55:49 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-05-25 00:51:27 0 d-------- C:\Program Files\Pinnacle
2008-05-25 00:18:28 0 d-------- C:\Program Files\NeroInstall.bak
2008-05-25 00:16:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-05-25 00:15:06 0 d-------- C:\Program Files\Common Files\Nero
2008-05-25 00:13:03 0 d-------- C:\Program Files\Nero
2008-05-25 00:05:08 0 d-------- C:\Program Files\Ahead
2008-05-25 00:03:26 0 d-------- C:\Program Files\AskTBar
2008-05-16 12:58:22 0 d-------- C:\Program Files\BrowsingEnhancer
2008-04-15 17:11:09 1426 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/08/2006 07:54 AM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 10:15 PM]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" []
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [02/21/2008 02:17 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [08/24/2007 03:52 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"PCDrProfiler"="" []
"nwiz"="nwiz.exe" [01/24/2006 10:15 PM C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [06/15/2008 09:19 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" []
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/15/2005 09:18 PM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [08/14/2007 03:44 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 12:05 PM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/16/2006 05:11 AM]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [03/16/2006 05:12 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/24/2007 11:11 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 1:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [8/22/2007 3:19:28 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 9:40:44 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE [8/22/2007 3:19:34 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 10:24:38 PM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [5/25/2006 6:02:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a8bafd-31b8-11dd-ac5d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-07-04 20:05:12 ------------
  • 0

#13
Rorschach112
Posted 05 July 2008 - 08:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try this

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#14
JuanLikesChopin
Posted 05 July 2008 - 11:25 AM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Since my internet browsers are not opening on the infected computer I have been downloading all the programs you've told me on a separate laptop and then copying them to the other computer with a flashdrive. I was follwing the tutorial on how to use comboFix and after i downloaded the setups for ComboFix and Windows XP Recovery Console I tried to open them the way they told me to but ComboFix won't open. I disabled my firewall and my Antivirus expired yesterday so it is already disabled. What could it be that keeps me from running all of these setups?

Edited by JuanLikesChopin, 05 July 2008 - 11:26 AM.

  • 0

#15
JuanLikesChopin
Posted 05 July 2008 - 12:15 PM

JuanLikesChopin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I had downloaded the Windows XP Recovery Console from the microsoft website but they said that I could also do it if I had a Windows xp cd. I got my recovery cds and was able to install Windows XP Recovery Console from the cd. I still can't run ComboFix.exe so I can't post the ComboFix log.
I'm not sure if this is relevant, but when I first started with this post of my problem I had gone into msconfig in run and checked on all of the startup items available. Is there something that shouldn't be checked as a startup item?
I'll post a HikackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:49 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 12480 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP