[tom2340]

Hi people, hope someone can help, and look over some logs for me.
The computer in question has (or had) around ten or sixteen malware as follows:

I ran Search & Destroy, it reported the following

DSS Agent (1)
ABetterInternet.Aurora (1)
Alexa Related (1)
Mirar (10)
NoAware (1)
WildTangent (1)
Avenue A, Inc (1)

I removed these with S&D

I ran Ad-Aware SE Personal, it found "7 New Critical Objects"

Win32.TrojanClicker (2)
Alexa (3)
CoolWebsearch (2)

I have as many logs as I could make so far.

My first HTJ.

Logfile of HijackThis v1.99.1
Scan saved at 9:12:41 PM, on 11/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\anti-malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106697520671
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://software.news...k1/isetupml.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

SpyBot SD Results


--- Search result list ---
Mirar: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-753823785-3823736951-2842692284-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

Mirar: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\http!=W=4

Mirar: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\https!=W=4

Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}

Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}

Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}

Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}

ABetterInternet.Aurora: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}

Mirar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy

Mirar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy.1

Mirar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}

NoAdware: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoAdware_is1

WildTangent: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\Program Files\WildTangent\Apps\DRM0300Java.jar...

Alexa Related: Link (Replace file, nothing done)
C:\WINDOWS\Web\related.htm

DSSAgent: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss

Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-11 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-08 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-08 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-08 Includes\KeyloggersC.sbi (*)
2006-12-08 Includes\Malware.sbi (*)
2006-12-08 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\PUPSC.sbi (*)
2006-12-08 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-12-08 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-08 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329112
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See q329256 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) q329623
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329909
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q331958
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811789


--- Startup entries list ---
Located: HK_LM:Run, AlcxMonitor
command: ALCXMNTR.EXE
file: C:\WINDOWS\ALCXMNTR.EXE
size: 50176
MD5: 2f0a3b80096ac30a3e300cce44cdb5dc

Located: HK_LM:Run, AutoTKit
command: C:\hp\bin\AUTOTKIT.EXE
file: C:\hp\bin\AUTOTKIT.EXE
size: 53248
MD5: 6d013ba4120ab87d8694aaf12bd5d1c1

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ed0163acdb2834ac8f53b3265671fb1a

Located: HK_LM:Run, CamMonitor
command: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
file: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: c0de87745c950f2966394837c3683ae5

Located: HK_LM:Run, EPSON Stylus C45 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
size: 99840
MD5: 059630aea8419531fb52834cbb3cae3e

Located: HK_LM:Run, Home Theater SchSvr
command: "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
file: C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
size: 155648
MD5: 5b3c0e93e30ce60449b6445677ff52c7

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: ee2ac08be7024a781df6f40870ed748d

Located: HK_LM:Run, HP Software Update
command: "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
file: c:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 8c94e9227522092dfd389b070a5ca7b0

Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\System32\hphmon05.exe
file: C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: a36cab365f2942fa8be8658d176311ad

Located: HK_LM:Run, HPHUPD05
command: c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file: c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
size: 49152
MD5: c3b064aa819c684cfec909f16779f836

Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208953
MD5: 90752037d2d633842a47eb9b7ef86be9

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 00d20b701816bdd2cc2445e6c388ef70

Located: HK_LM:Run, mmtask
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
size: 53248
MD5: ef94c44103ab1bd4400f26c12ee443de

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet /keeploaded /nodetect
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: 99b4b415dd1be7325deda3b88df5938a

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: c4c523e78774e05d06efe3e10017cf6d

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864f6543c97a7e1b78505d2f1c

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 212992
MD5: d3cc7a3813123e955b3a497c04b404e2

Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: 2f2bc80803f0638f6738e37f769e4bd0

Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 155648
MD5: 4d04efdcb8548fdb3b29ab9154480b7b

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, WinCinemaMgr
command: "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
file: C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
size: 159744
MD5: 2d2becf428b5085b7a43880a18fac7c8

Located: HK_CU:Run, Acme.PCHButton
command: C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
file: C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
size: 159744
MD5: 959152b06a66c092711a7990f69341c1

Located: HK_CU:Run, BackupNotify
command: c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
file: c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
size: 24576
MD5: d281419c4aa7583a4dc0f66b8fcfac09

Located: HK_CU:Run, EPSON Stylus C45 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
size: 99840
MD5: 059630aea8419531fb52834cbb3cae3e

Located: HK_CU:Run, MoneyAgent
command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
file: C:\Program Files\Microsoft Money\System\mnyexpr.exe
size: 200767
MD5: 346a8b9510141c31ba57ee776a9d6cad

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1e455b08870d4ac3bb6ab5968603e8af

Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
file: C:\WINDOWS\system32\rundll32.exe
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
size: 233472
MD5: 5d0c4e90cdc747ce3adc50d2ffde4968

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Updates from HP.lnk
command: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
file: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
size: 16384
MD5: 708fc5318f6ab059104ffd415f146781

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: bb272e4a58c563ebf40f8cb1173da1da

Located: Startup (user), MailWasherPro.lnk
command: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
file: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
size: 4901376
MD5: 3cecf6a625c352a0a0cf42173ecdf5b3

Located: Startup (user), OpenOffice.org 2.0.lnk
command: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
size: 61440
MD5: 5cb03ee68f33c0bdf5484d36ef7f1212

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyside.dll
info link: http://www.microsoft...ney/default.asp
info source: TonyKlein
Path: C:\Program Files\Microsoft Money\System\
Long name: mnyside.dll
Short name:
Date (created): 17/07/2002 7:00:00 PM
Date (last access): 11/12/2006 11:42:54 PM
Date (last write): 17/07/2002 7:00:00 PM
Filesize: 163906
Attributes: archive
MD5: BEED9AE28E5696C7C2EEA11075E258CE
CRC32: D7C7E8B5
Version: 11.0.0.716

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 2/11/2005 12:28:52 PM
Date (last access): 11/12/2006 11:42:54 PM
Date (last write): 10/02/2004 2:08:58 PM
Filesize: 339968
Attributes: archive
MD5: 230F34EB9C919978C23E6939120DB35C
CRC32: D4C5D89F
Version: 1.0.0.0

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft...ney/default.asp
info source: TonyKlein



--- ActiveX list ---
{24311111-1111-1121-1111-111191113457} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\eied.inf
Codebase: file://c:\eied_s7.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{33331111-1111-1111-1111-611111193457} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\start99.inf
Codebase: file://c:\ex.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{33331111-1111-1111-1111-611111193458} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\start.INF
Codebase: file://c:\ex.cab

{33331111-1111-1111-1111-622221193458} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\start.INF
Codebase: file://c:\ex.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{43331111-1111-1111-1111-611111195622} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\MirarSetup.inf
Codebase: file://c:\ex.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{64311111-1111-1121-1111-111191113457} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\eied.inf
Codebase: file://c:\eied_s7.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 0 ( 0) [System]
PID: 408 ( 4) \SystemRoot\System32\smss.exe
PID: 464 ( 408) \??\C:\WINDOWS\system32\csrss.exe
PID: 488 ( 408) \??\C:\WINDOWS\system32\winlogon.exe
PID: 532 ( 488) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 544 ( 488) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 704 ( 532) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 728 ( 532) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 856 ( 532) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1064 (1044) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1096 ( 532) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1240 ( 532) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1252 ( 532) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 1268 ( 532) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 343552
MD5: DD4DB777D2BA1E475F75015B90557795
PID: 1400 ( 532) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1436 ( 532) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 322560
MD5: 65278B092960662152A7CF1A2693B617
PID: 1504 ( 532) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1808 (1064) C:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 1820 (1064) C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: EE2AC08BE7024A781DF6F40870ED748D
PID: 1848 (1064) C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: C0DE87745C950F2966394837C3683AE5
PID: 1868 (1064) C:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 8C94E9227522092DFD389B070A5CA7B0
PID: 1936 (1064) C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: A36CAB365F2942FA8BE8658D176311AD
PID: 2044 (1064) C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
size: 159744
MD5: 2D2BECF428B5085B7A43880A18FAC7C8
PID: 152 (1064) C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
size: 155648
MD5: 5B3C0E93E30CE60449B6445677FF52C7
PID: 212 (1064) C:\WINDOWS\ALCXMNTR.EXE
size: 50176
MD5: 2F0A3B80096AC30A3E300CCE44CDB5DC
PID: 224 (1064) C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: C4C523E78774E05D06EFE3E10017CF6D
PID: 304 (1064) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
size: 53248
MD5: EF94C44103AB1BD4400F26C12EE443DE
PID: 352 (1064) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: 2F2BC80803F0638F6738E37F769E4BD0
PID: 364 (1064) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
size: 99840
MD5: 059630AEA8419531FB52834CBB3CAE3E
PID: 376 (1064) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 392 ( 704) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
size: 77824
MD5: A302AE354F6A164DB1AE2A778EA48B9D
PID: 436 (1064) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ED0163ACDB2834AC8F53B3265671FB1A
PID: 964 (1064) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 00D20B701816BDD2CC2445E6C388EF70
PID: 980 (1064) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
PID: 1032 ( 532) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 4B532AD0D7614F701F2D29355D6321FB
PID: 1212 (1064) C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
size: 159744
MD5: 959152B06A66C092711A7990F69341C1
PID: 1320 (1064) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
PID: 1496 (1064) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
PID: 1456 (1064) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
size: 233472
MD5: 5D0C4E90CDC747CE3ADC50D2FFDE4968
PID: 1776 (1064) C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
size: 16384
MD5: 708FC5318F6AB059104FFD415F146781
PID: 1880 (1064) C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: BB272E4A58C563EBF40F8CB1173DA1DA
PID: 2016 (1064) C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
size: 4901376
MD5: 3CECF6A625C352A0A0CF42173ECDF5B3
PID: 2132 (2088) C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
size: 2334720
MD5: 437BE7AEA02F15B334F3B318D529343A
PID: 2140 (2132) C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
size: 2478080
MD5: 306A82E4098D7C8928AADC7C1095D704
PID: 2336 ( 728) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 2368 (1064) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7604331
MD5: CB49C8AE9B44535D2B6FCDE74C589AC9
PID: 3056 (3048) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/12/2006 11:50:08 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.optusnet.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://au9.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://au9.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\Documents and Settings\Owner\Local Settings\Temp\pft100~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(BackWeb- Uninstaller)

Updates from HP (BackWeb-137903 Uninstaller)
uninstall cmd: C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903

BJC-4200 (CANONBJ_Deinstall_CNMCP0W.DLL)
uninstall cmd: C:\WINDOWS\System32\CNMCP0W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon BJC-4200 Installer\Inst\DeIsL2.isu" -pCanon BJC-4200-c"C:\BJPrinter\CNMWINDOWS\Canon BJC-4200 Installer\Inst\bjinst.dll

(Connection Manager)

Crossword Forge 4.7.5 (Crossword Forge_is1)
uninstall cmd: "C:\Program Files\Crossword Forge\unins000.exe"
publisher: Sol Robots

D-Link DFM-562E External Modem (CXT0303)
uninstall cmd: C:\WINDOWS\System32\DRIVERS\UIUSETUP.EXE -U -IACFSerSK.INF

(DirectAnimation)

(DirectDrawEx)

e-tax 2005 (e-tax 2005)
uninstall cmd: C:\etax2005\e-tax 2005_uninstall.exe

e-tax 2006 (e-tax 2006)
uninstall cmd: C:\etax2006\e-tax 2006_uninstall.exe

Microsoft Encarta 97 Encyclopedia (Encarta97)
uninstall cmd: C:\WINDOWS\unenc97.exe

EPSON Printer Software (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

ESC45 Reference Guide (ESC45 Reference Guide)
install location: C:\Program Files\EPSON\TPMANUAL\ESC45\REF_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESC45\REF_G\DOCUNINS.EXE

ESC45 Software Guide (ESC45 Software Guide)
install location: C:\Program Files\EPSON\TPMANUAL\ESC45\PQU_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESC45\PQU_G\DOCUNINS.EXE

(Fontcore)

GIMPshop 2.2.8 2.2.8 (GIMPshop)
uninstall cmd: C:\Program Files\GIMPshop\uninst.exe
publisher: The GIMP team (hack by Scott Moschella)

Hemera Products (Hemera Products)
uninstall cmd: C:\PROGRA~1\HEMERA~1\UNWISE.EXE C:\PROGRA~1\HEMERA~1\INSTALL.LOG

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\anti-malware\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

HP Photo & Imaging 3.0 3.0 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support

toolkit (HPTOOLKIT)
uninstall cmd: c:\Windows\HPTK\unhptkit.exe

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Easy Internet Sign-up FE UI-2.1.0.847 (InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927})
version: 33554432
version (major): 2
estimated size: 2896
install date: 20030728
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
publisher: Hewlett-Packard

(InstallShield_{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1})

iTunes 6.0.5.20 (InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4})
version: 100663301
version (major): 6
estimated size: 35350
install date: 20061201
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

iPod for Windows 2006-06-28 4.7.0 (InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE})
version: 67567616
version (major): 4
version (minor): 7
estimated size: 69540
install date: 20061201
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{88709841-CCE6-49D7-94D7-3A2096E694C8}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com
readme: http://www.info.appl.../downloads.html

QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71611
install date: 20061201
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is9A\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

Windows XP Hotfix - KB823980 20030705.121219 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=823980

Windows XP Hotfix - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=842773

LiveReg (Symantec Corporation) 2.2.5.1678 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 1.80 (Symantec Corporation) 1.80.19.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

MailWasher Pro (MailWasher Pro_is1)
uninstall cmd: "C:\Program Files\FireTrust\MailWasher Pro\unins000.exe"
publisher: FireTrust Limited
help link: http://www.firetrust.com/support/

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (2.0) 2.0 (en-US) (Mozilla Firefox (2.0))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

(MsJavaVM)

My HP Pavilion PC (My HP Pavilion PC)
uninstall cmd: C:\PROGRA~1\MYHPPA~1\UNWISE.EXE C:\PROGRA~1\MYHPPA~1\INSTALL.LOG

(NetMeeting)

NoAdware v3.0 (NoAdware_is1)
install location: C:\Program Files\NoAdware3\
uninstall cmd: "C:\Program Files\NoAdware3\unins000.exe"

NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf

Open Clip Art Library 0.18 (openclipart)
install location: C:\Program Files\Open Clip Art Library
uninstall cmd: "C:\Program Files\Open Clip Art Library\Uninstall Open Clip Art Library.exe"

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PS2 (PS2)
uninstall cmd: C:\WINDOWS\system32\ps2.exe uninstall

Python 2.2 combined Win32 extensions (Python 2.2 combined Win32 extensions)
uninstall cmd: C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log

Windows XP Hotfix (SP2) Q327979 20021114.125755 (Q327979)
uninstall cmd: C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q327979 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q329112 20030303.122552 (Q329112)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329112$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=329112

Windows XP Hotfix (SP2) [See q329256 for more information] (q329256)
uninstall cmd: C:\WINDOWS\$NtUninstallq329256$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) q329623 20021126.192002 (q329623)
uninstall cmd: C:\WINDOWS\$NtUninstallq329623$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see q329623 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q329909 20021107.233949 (Q329909)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329909$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329909 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q331958 20021029.122936 (Q331958)
uninstall cmd: C:\WINDOWS\$NtUninstallQ331958$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q331958 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q811789 20030113.170849 (Q811789)
uninstall cmd: C:\WINDOWS\$NtUninstallQ811789$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q811789 at http://support.microsoft.com

(RecordNow.exe)
uninstall cmd: c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

RegAlyzer 1.4 1.4 (RegAlyzer_is1)
install location: C:\Program Files\Safer Networking\RegAlyzer\
uninstall cmd: "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
publisher: Safer Networking Limited Limited

(SchedulingAgent)

(SGTRAY.EXE)
uninstall cmd: C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Where in the World is Carmen Sandiego? (Where in the World is Carmen Sandiego?)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Where in the World is Carmen Sandiego\Uninst.isu"

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

Microsoft Money 11.0.100 ({01A2E33A-8ADA-42D1-9173-8F65149E952F})
version: 184549476
version (major): 11
install date: 20030728
uninstall cmd: MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money
help link: http://support.microsoft.com
help telephone: (800) 936-5700

Microsoft Money System Pack 11.0.120 ({02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7})
version: 184549496
version (major): 11
install date: 20030728
uninstall cmd: MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
publisher: Microsoft
comments: Installs system components used by Microsoft Money.
help link: http://www.microsoft.../support/money/
help telephone: (800) 936-5700

Microsoft Encarta Encyclopedia Standard - WE 2003 2003 ({035A0014-3975-4267-9F39-1DC4745090B7})
version (major): 2003
version (minor): 2003
install date: 20030728
uninstall cmd: MsiExec.exe /I{035A0014-3975-4267-9F39-1DC4745090B7}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

Easy Internet Sign-up FE UI-2.1.0.847 ({0613467F-A45E-4CB1-9ECE-1F3DD79FB927})
version: 33554432
version (major): 2
estimated size: 2896
install date: 20030728
install source: C:\hp\tmp\src\
publisher: Hewlett-Packard

SkinsHP2 5.30.0.136 ({098637A9-C208-4398-8374-853151D35200})
version: 85852160
version (major): 5
version (minor): 30
estimated size: 7961
install date: 20030728
install source: c:\hp\drivers\hpimagezone\Setup\SkinsHP2\
publisher: Hewlett-Packard

Sonic Update Manager 2.80 ({09DA4F91-2A09-4232-AB8C-6BC740096DE3})
version: 38797312
version (major): 2
version (minor): 80
estimated size: 1751
install date: 20030728
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\VIES34AB\UM\
uninstall cmd: MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
publisher: Sonic Solutions

HPImageZone 1.03.00 ({11946FA8-329A-4DDF-B867-A32781FED8EE})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 63873
install date: 20030728
install source: c:\hp\drivers\hpimagezone\Setup\CPC\
uninstall cmd: MsiExec.exe /X{11946FA8-329A-4DDF-B867-A32781FED8EE}
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

InterVideo Home Theater ({12808370-8A8B-4A0A-8A96-385C309A58D6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12808370-8A8B-4A0A-8A96-385C309A58D6}\setup.exe"

Microsoft Visual J# .NET Redistributable Package 1.1 1.1.4322 ({1A655D51-1423-48A3-B748-8F5A0BE294C8})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 13251
install date: 20030728
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Repairjshcore.htm

InterVideo WinDVDX ({1A91D1FA-B9B3-4556-9878-5C61059A19B2})
version (major): 4
install location: C:\Program Files\InterVideo\WinDVDX
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
publisher: InterVideo Inc.

PC-Doctor for Windows ({1F7CCFA3-D926-4882-B2A5-A0217ED25597})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"

EPSON PRINT Image Framer Tool2.1 ({23B59ED4-C360-11D7-875B-0090CC005647})
uninstall cmd: RunDll32 C:\PROGRA~1\COMM

[Advertisements]

I should have said what OS the computer is running, it is running XP.

[tom2340]

I should have said what OS the computer is running, it is running XP.

[Ryan]

Hi there, and welcome to Geekstogo! My name is Ryan, and I'll be helping you clean your computer.

Before we begin, I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

Notepad will open; please paste the contents of it here as a reply.

-Ryan

[tom2340]

Hi there, and welcome to Geekstogo! My name is Ryan, and I'll be helping you clean your computer.

Before we begin, I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

Notepad will open; please paste the contents of it here as a reply.

-Ryan

Ryan,
Thanks for comming to my rescue, here is a copy of the hjt uninstall_list

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Reader 6.0.1
ArcSoft PhotoImpression
AVG Anti-Spyware 7.5
AVG Free Edition
BJC-4200
Crossword Forge 4.7.5
D-Link DFM-562E External Modem
Easy Internet Sign-up
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Web-To-Page
ESC45 Reference Guide
ESC45 Software Guide
e-tax 2005
e-tax 2006
GIMPshop 2.2.8
Hemera Products
HijackThis 1.99.1
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.0
HP Photo and Imaging 1.0 - Scanjet 3500c Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Software Update
HPImageZone
Intel® Extreme Graphics Driver
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVDX
InterVideo WinDVRX
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
MailWasher Pro
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Encarta 97 Encyclopedia
Microsoft Encarta Encyclopedia Standard - WE 2003
Microsoft Money
Microsoft Money System Pack
Microsoft Office Professional Edition 2003
Microsoft Outlook 2002
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (2.0)
MUSICMATCH® Jukebox
My HP Pavilion PC
MyDSC2
NVIDIA Windows 2000/XP Display Drivers
Open Clip Art Library
OpenOffice.org 2.0
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
PIF DESIGNER2.1
PS2
Python 2.2 combined Win32 extensions
QuickTime
RecordNow!
RegAlyzer 1.4
ScanToWeb
Shockwave
Sonic Update Manager
Spybot - Search & Destroy 1.4
toolkit
Updates from HP
Where in the World is Carmen Sandiego?
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
WinRAR archiver
WinScan 2.1

[Ryan]

== Remove Old Java ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_02
Reboot your computer.


== Remove HiJack This Entries ==

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

Close all open windows except for HiJack This and click fix checked.


== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select No.


== Update and run AVG Anti-Spyware ==

Open AVG Anti-Spyware

• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

== Request New Logs ==

Please post the AVG Anti-Spyware report and a new HiJack This log.

-Ryan

[tom2340]

[quote name='Ryan' date='Dec 12 2006, 04:43 PM' post='857794']
== Remove Old Java ==

Ok, be back when these are complete.

Tom

[tom2340]

The following was not found in the hjt results that you asked me to remove, they were not in the results.

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:11:56 PM 12/12/2006

+ Scan result:



Nothing found.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 8:22:40 PM, on 12/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\anti-malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106697520671
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://software.news...k1/isetupml.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

There is a new problem presenting, one in two times when the computer is running the mouse does not work, makes for interesting navigation!

Edited by tom2340, 12 December 2006 - 04:41 AM.

[Ryan]

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report

-Ryan

[tom2340]

Incident Status Location

Dialer:dialer.baj Not disinfected c:\windows\lastgood\downloaded program files\eied.inf
Dialer:dialer.xd Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\shellserviceobjectdelayload\systemcheck2
Adware:Adware/MediaTickets Not disinfected C:\anti-malware\backups\backup-20061212-171049-330.inf
Dialer:Dialer.ABR Not disinfected C:\anti-malware\backups\backup-20061212-171049-827.inf
Adware:Adware/MediaTickets Not disinfected C:\anti-malware\backups\backup-20061212-171050-864.inf
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ADW3AX65\installs[1].htm
Hacktool:Exploit/Mhtredir.gen Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KL0HUJ0T\frodo[1].htm
Hacktool:Exploit/Mhtredir.AA Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MZQZQ9MV\counter[1].gif
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\HP\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\HP\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\HP\bin\Terminator.exe
Possible Virus. Not disinfected C:\Program Files\InterVideo\Home Theater\WindSync.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start.INF
Adware:Adware/WUpd Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ADW3AX65\installs[1].htm
Hacktool:Exploit/Mhtredir.gen Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KL0HUJ0T\frodo[1].htm
Hacktool:Exploit/Mhtredir.AA Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MZQZQ9MV\counter[1].gif

[Ryan]

== Delete Files ==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  

  c:\windows\lastgood\downloaded program files\eied.inf
  C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ADW3AX65\installs[1].htm
  C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KL0HUJ0T\frodo[1].htm
  C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MZQZQ9MV\counter[1].gif

  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


== ComboFix ==

Download ComboFix to your Desktop

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Double click on combofix.exe
Follow the prompts

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall

When finished, it will produce a log for you. Save this log to your desktop, and reboot your computer.

Post contents of the ComboFix log in your next reply.

-Ryan

[tom2340]

Owner - 06-12-16 10:28:46.34 Service Pack 1
ComboFix 06.12.01W - Running from: "C:\anti-malware"

((((((((((((((((((((((((((((((( Files Created from 2006-11-16 to 2006-12-16 ))))))))))))))))))))))))))))))))))


2006-12-14 16:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-12 18:04 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-12 00:01 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-12 00:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-12-11 23:43 <DIR> d-------- C:\Anti-Malware Logs
2006-12-11 22:18 <DIR> d-------- C:\Program Files\Safer Networking
2006-12-11 21:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-11 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-11 21:55 <DIR> d-------- C:\!KillBox
2006-12-11 14:23 <DIR> d-------- C:\anti-malware
2006-12-01 21:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-12-01 21:47 <DIR> d-------- C:\Program Files\iTunes
2006-12-01 21:26 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-12-01 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-12-01 21:25 <DIR> d-------- C:\Program Files\iPod
2006-12-01 21:12 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-12-01 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Crossword Forge
2006-12-01 14:56 <DIR> d-------- C:\Documents and Settings\Owner\.gimp-2.2
2006-12-01 14:53 <DIR> d-------- C:\Program Files\GIMPshop
2006-12-01 14:21 7,708,988 --a------ C:\gimpshop_2.2.8_setup.exe
2006-12-01 14:20 33 --a------ C:\gimpshop_2.2.8_fix1_setup.exe
2006-11-28 15:16 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-11-28 15:15 86,016 -ra------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-28 15:15 72,192 -ra------ C:\WINDOWS\system32\drivers\acfva.sys
2006-11-28 15:15 536,576 -ra------ C:\WINDOWS\system32\drivers\UIUSetup.exe
2006-11-28 15:15 13,059 -ra------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-28 15:15 12,074 -ra------ C:\WINDOWS\system32\hsfinst.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-16 09:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-16 09:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2006-12-16 09:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\MailWasherPro
2006-12-14 17:50 -------- d-------- C:\Program Files\WinZip
2006-12-14 17:50 -------- d-------- C:\Program Files\WinRAR
2006-12-14 17:49 -------- d-------- C:\Program Files\QuickTime
2006-12-14 17:40 -------- d-------- C:\Program Files\Messenger
2006-12-14 17:38 -------- d-------- C:\Program Files\Internet Explorer
2006-12-14 17:33 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 15:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-12-12 18:04 -------- d-------- C:\Program Files\Java
2006-12-12 18:04 -------- d-------- C:\Program Files\Common Files
2006-12-11 18:56 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-12-11 13:33 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-12-09 18:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-09 18:02 -------- d-------- C:\Program Files\mIRC
2006-12-02 18:50 -------- d-------- C:\Program Files\Crossword Forge
2006-11-29 15:30 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-15 16:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun
2006-11-08 17:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2006-11-08 15:51 5900416 --a------ C:\Firefox Setup 2.0.exe
2006-10-21 19:56 -------- d-------- C:\Program Files\Grisoft
2006-10-21 19:55 6469352 --a------ C:\avgas-setup-7.5.0.50.exe
2006-10-21 19:18 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-21 19:18 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-21 19:18 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-21 19:18 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-21 18:53 17207032 --a------ C:\avg75free_428a818.exe
2006-10-18 19:45 -------- d-------- C:\Program Files\Open Clip Art Library
2006-10-18 19:16 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-09-23 18:07 5127800 --a------ C:\Firefox Setup 1.5.0.7.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Acme.PCHButton"="C:\\PROGRA~1\\MYHPPA~1\\Pavilion\\XPHAPBF3EN\\plugin\\bin\\PCHButton.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"EPSON Stylus C45 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE /P23 \"EPSON Stylus C45 Series\" /M \"Stylus C45\" /EF \"HKCU\""
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"HP Software Update"="\"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"WinCinemaMgr"="\"C:\\Program Files\\InterVideo\\Common\\bin\\WinCinemaMgr.exe\""
"Home Theater SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"EPSON Stylus C45 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE /P23 \"EPSON Stylus C45 Series\" /O6 \"USB001\" /M \"Stylus C45\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"SystemCheck2"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061212-171050-864
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
backup-20061212-171050-632
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
backup-20061212-171050-118
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
backup-20061212-171050-976
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
backup-20061212-171049-827
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
backup-20061212-171049-330
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
backup-20061212-171049-873
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
backup-20061212-171049-612
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20050410195056.job

Completion time: 06-12-16 10:40:22.07
C:\ComboFix.txt ... 06-12-16 10:40

[Ryan]

Sorry for the delay; there was some trouble with the email notifications being sent out.

Please let me know how the computer is running now, and please post a new HiJack This log.

-Ryan

[tom2340]

Logfile of HijackThis v1.99.1
Scan saved at 2:37:41 PM, on 18/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\anti-malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au9.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106697520671
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://software.news...k1/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

There is a problem, one in two times when the computer is turned on the mouse does not work, it never did this before.

It seems to be working ok at the moment, are there some more scans I should do on it? I really want to be clear that it is clear and back to normal.

(computer isn't actually mine, working on it for someone else)

Thankyou!

[Ryan]

Congratulations, your log is CLEAN

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 2 free ones available for personal use:

• Kerio Personal Firewall
• ZoneAlarm

and a good antivirus (these are also free for personal use):

• AVG Anti-Virus
• Avast Home Edition

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• AdAware SE Personal
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

We highly recommend installing SP2 (if you haven't already). Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx


To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.

-Ryan

[tom2340]

This computer does not have My Computer on the desktop, I suspect it may have been caught up with malware.
Did locate the System Properties, System Restore, it is restarting as I type this (using different box).

I am about to load the new mvps file.

If there are websites I wish to block, I can just add them to the host file and it will block them?

There is a problem, one in two times when the computer is turned on and booted the mouse does not work, it never did this before. The way I have been getting around this is with a reboot if it is not working, but this is not a good outcome, I need it working on all boots. This computer needs to go back to its owner in good condition with all problems corrected.

Another problem is the address bar never shows up automaticaly in Windows Explorer, until the problems with mal ware etc it always did appear, since the mal ware it never automaticaly shows, how do I rectify this??