Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Error Message: Ox8DDD0003 might caused by Trojans [RESOLVED]

Started by jing2 , Jan 05 2008 10:18 PM

  • This topic is locked This topic is locked

#1
jing2
Posted 05 January 2008 - 10:18 PM

jing2

    Member

  • Member
  • PipPip
  • 22 posts
Hi experts, I am new here. I tried to do the list in "You must read this before posting a Hijackthis log". I have been trying to self help for the past 2 weeks but couldn't do it. I would appreciate any helps. This looks like a very informative website. Hope the viruses are killed with your assistance.

Here are the few things I have done:

1. ATF

2. System Restore, Couldn't do it, as no matter what time point I set, it will always be today's time.

3. AVG Anti-Spyware, did as instructed, found one threat "TrackingCookie.Webtrends, Risk Medium", and saved report, but when opened it later, it says "nothing found".

4. SUPERAntiSpyware Home Edition, did as instructed, found 3 threats, reports as following:

SUPERAntiSpyware Scan Log
Generated 01/05/2008 at 11:13 AM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 00:57:47

Memory items scanned : 444
Memory threats detected : 0
Registry items scanned : 6031
Registry threats detected : 0
File items scanned : 67922
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cracked[2].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt

5. Online Panda Activescan, the home page doesn't look right, can only see part of the text, did the scan anyway, after detected on threat, a window poped out ask if want to pay 12.95 for 6 months to kill the infection. As I didn't read this in the instructions on this forum, then I stopped the Panda scan.

6. Windows Updates. Still couldn't do it. It is the main reason brought me to this forum to ask for help after struggle by myself for a few days.

7. I also did the Smitfraudfix after reading other posts, not sure if the right thing to do. Here is the log:

SmitFraudFix v2.274

Scan done at 10:26:10.85, Sun 01/06/2008
Run from C:\Documents and Settings\Wife\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D3F79ED-D689-40AB-B569-3D7A2F08AEF5}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D3F79ED-D689-40AB-B569-3D7A2F08AEF5}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D3F79ED-D689-40AB-B569-3D7A2F08AEF5}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


I haven't downloaded the Hijack This yet. I am not sure if it is safe to do it since I could't complete the first few steps. I also noticed another problem: I couldn't uninstall some software I want to get ride of, like quicktime. I get the message when I try to remove it from control panel:
"The following file does not exit or is not a valid uninstallation log file"

I am an amateur here. Please, any expert help me. Thanks first!

Jing

Edited by jing, 07 January 2008 - 01:08 PM.

  • 0

Advertisements

#2
Essexboy
Posted 09 January 2008 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi and sorry for the delay lets see if I can help

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
jing2
Posted 09 January 2008 - 04:44 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you so much for your reply. No problems about the delay. I understand you guys are pretty busy. Here are the logs:

1. from main.txt

Deckard's System Scanner v20071014.68
Run by Wife on 2008-01-09 14:29:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-01-09 22:30:16 UTC - RP678 - Deckard's System Scanner Restore Point
8: 2008-01-08 20:10:10 UTC - RP677 - System Checkpoint
7: 2008-01-06 19:11:46 UTC - RP676 - Installed Ad-Aware 2007
6: 2008-01-06 00:47:34 UTC - RP675 - Tuesday, December 11, 2007
5: 2008-01-05 18:09:23 UTC - RP674 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-01-05 00:57:38 UTC - RP670 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Wife.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:13 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Wife\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wife.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f517.mail....d=5odhnlb41omqq
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web ????? - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1199053659359
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199165303125
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://zhangtongle.s...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://confirma.web...ort/ieatgpc.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,37
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ??????????? 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10531 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 PRISM_A02 (D-Link Wireless 802.11b/g Driver (USB)) - c:\windows\system32\drivers\prisma02.sys <Not Verified; Conexant Systems, Inc.; PRISM 802.11 Wireless LAN>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 wwEngineSvc (Window Washer Engine) - c:\program files\webroot\washer\washersvc.exe

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-09 14:30:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-01-09 14:14:00 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-06 13:34:31 0 d-------- C:\Program Files\Trend Micro
2008-01-06 11:11:49 0 d-------- C:\Program Files\Lavasoft
2008-01-06 11:11:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 10:15:53 5588 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-06 10:15:05 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-06 10:15:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-06 10:15:05 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-06 10:15:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-06 10:15:05 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-06 10:15:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 15:02:03 8576 --a------ C:\WINDOWS\system32\drivers\qaqufnoxjvps.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-05 14:44:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-05 10:10:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 10:09:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 10:09:24 0 d-------- C:\Documents and Settings\Wife\Application Data\SUPERAntiSpyware.com
2008-01-05 10:08:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 19:18:34 0 d-------- C:\Documents and Settings\Wife\Application Data\Grisoft
2008-01-04 19:17:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 17:07:23 4456448 --a------ C:\Documents and Settings\Wife\ntuser.dat
2008-01-04 10:17:04 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-04 09:27:03 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


-- Find3M Report ---------------------------------------------------------------

2008-01-06 10:43:16 0 d-------- C:\Program Files\PPLive
2008-01-05 16:35:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-05 16:24:58 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-01-05 15:19:36 0 d-------- C:\Program Files\Windows Defender
2008-01-05 14:58:57 0 d-------- C:\Program Files\FinePixViewer
2008-01-05 10:08:32 0 d-------- C:\Program Files\Common Files
2007-12-30 10:08:45 0 d-------- C:\Program Files\Messenger
2007-11-28 13:04:31 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
2007-11-25 17:18:07 0 d-------- C:\Documents and Settings\Wife\Application Data\MRTalk
2007-11-25 17:11:47 0 d-------- C:\Program Files\MediaRing
2007-11-18 19:35:59 0 d-------- C:\Documents and Settings\Wife\Application Data\PPMate
2007-11-18 19:35:56 0 d-------- C:\Program Files\Common Files\Synacast
2007-11-18 19:30:52 0 d-------- C:\Program Files\PPStream
2007-11-13 19:08:17 0 d-------- C:\Program Files\IPRO Tech
2007-11-10 14:33:12 2528 --a------ C:\Documents and Settings\Wife\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [01/03/2005 08:11 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 01:04 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 07:51 AM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 02:06 AM C:\WINDOWS\AGRSMMSG.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 05:02 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/03/2005 08:34 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 05:43 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [04/17/2004 12:41 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [04/13/2004 06:07 AM]
"SoundMan"="SOUNDMAN.EXE" [07/28/2004 09:40 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [07/28/2004 10:34 AM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/20/2004 02:22 AM C:\WINDOWS\ALCMTR.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 06:54 AM]
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 01:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [03/21/2002 08:41 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 08:00 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/03/2004 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 08:00 PM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [10/27/2005 07:47 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/03/2005 08:40 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 08:00 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [12/31/2006 2:20:46 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 10:31:38 PM]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [10/27/2005 7:34:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0029C368-9758-4887-9755-C8761F5FDE61}"=  [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-01-09 14:37:44 ------------


2. extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 503.3 MiB / 116.92 MiB
Pagefile Memory (total/avail): 1228.27 MiB / 797.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.66 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 101.26 GiB free.
D: is Fixed (FAT32) - 6.97 GiB total, 1.97 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1614C/R - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.98 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - HP psc 2175 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: ??????????? v7.0.0.125 (???????)
AV: ??????????? v7.0.0.125 (???????)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wife\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HPA815N
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wife
LOGONSERVER=\\HPA815N
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wife\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wife\LOCALS~1\Temp
USERDOMAIN=HPA815N
USERNAME=Wife
USERPROFILE=C:\Documents and Settings\Wife
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Wife (admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\VERIZO~1\Uninstall.exe Verizon
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B785F89C-FD1A-466F-9AF3-32A060A1099A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
??????????? 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
??????????? 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-705000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Greeting Card Factory Premier --> MsiExec.exe /X{3D46ED0F-5950-408A-B6EB-1D8B62C2D1DC}
GTOneCare --> MsiExec.exe /X{EE7C954E-2356-491D-9188-D1852ADF41FE}
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2.3 --> C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ423 --> MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
MailWasher Free --> "C:\Program Files\MailWasher\unins000.exe"
MediaRing Talk --> "C:\Program Files\MediaRing\MediaRing Talk\Uninstall.exe" "C:\Program Files\MediaRing\MediaRing Talk\install.log" -u
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
muvee autoProducer 3.5 magicMoments - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SureTrak 3.0a --> C:\WINDOWS\IsUninst.exe -f"C:\Documents and Settings\HP_Owner\My Documents\surtrak3.0\Uninst.isu"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Verizon Online --> C:\WINDOWS\system32\VerizonUninstaller.exe
Verizon Online Support Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type28983 / Warning
Event Submitted/Written: 01/09/2008 09:47:18 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type28961 / Warning
Event Submitted/Written: 01/08/2008 02:31:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type28955 / Warning
Event Submitted/Written: 01/08/2008 11:36:36 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type28945 / Warning
Event Submitted/Written: 01/08/2008 08:27:22 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type28935 / Warning
Event Submitted/Written: 01/07/2008 03:13:28 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type71177 / Warning
Event Submitted/Written: 01/09/2008 02:34:26 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%HPA815N27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HPA815N27 can't undo changes that you allow.

For more information please see the following:
%HPA815N275

Scan ID: {0AD47370-544A-4F91-A321-D3A785C19F61}

User: HPA815N\Wife

Name: %HPA815N271

ID: %HPA815N272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HPA815N276

Alert Type: %HPA815N278

Detection Type: 1.1.1593.02

Event Record #/Type71176 / Warning
Event Submitted/Written: 01/09/2008 02:34:26 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%HPA815N27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HPA815N27 can't undo changes that you allow.

For more information please see the following:
%HPA815N275

Scan ID: {14844285-DC9B-4D4F-B20F-4167D5637117}

User: HPA815N\Wife

Name: %HPA815N271

ID: %HPA815N272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HPA815N276

Alert Type: %HPA815N278

Detection Type: 1.1.1593.02

Event Record #/Type71175 / Warning
Event Submitted/Written: 01/09/2008 02:34:26 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%HPA815N27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HPA815N27 can't undo changes that you allow.

For more information please see the following:
%HPA815N275

Scan ID: {5DD26ADA-1BE9-4000-AC38-5418CAC699C3}

User: HPA815N\Wife

Name: %HPA815N271

ID: %HPA815N272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HPA815N276

Alert Type: %HPA815N278

Detection Type: 1.1.1593.02

Event Record #/Type71174 / Warning
Event Submitted/Written: 01/09/2008 02:34:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%HPA815N27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HPA815N27 can't undo changes that you allow.

For more information please see the following:
%HPA815N275

Scan ID: {3858121F-E702-48C5-A1F7-682A96615628}

User: HPA815N\Wife

Name: %HPA815N271

ID: %HPA815N272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HPA815N276

Alert Type: %HPA815N278

Detection Type: 1.1.1593.02

Event Record #/Type71173 / Warning
Event Submitted/Written: 01/09/2008 02:34:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%HPA815N27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HPA815N27 can't undo changes that you allow.

For more information please see the following:
%HPA815N275

Scan ID: {E03805A9-EF8A-479D-A802-EAB89A21E955}

User: HPA815N\Wife

Name: %HPA815N271

ID: %HPA815N272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HPA815N276

Alert Type: %HPA815N278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-01-09 14:37:44 ------------
  • 0

#4
Essexboy
Posted 09 January 2008 - 04:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First thing I have noticed is that you have 2 Antivirus programmes and neither appear to be working properly

Which one do you believe to be the one you have running, once you let me know we will remove totally the one not in use and see if that helps

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  • 0

#5
jing2
Posted 09 January 2008 - 06:33 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I don't use Symantec any more. It expired. I just installed the Kaspersky recently to kill the Trojans.

Thank you for your fast reply! Please advise me what to do next.

Jing
  • 0

#6
Essexboy
Posted 10 January 2008 - 05:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Firstly download the Norton removal tool from here http://service1.syma...005033108162039 do not run it yet

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Panda ActiveScan

Please note any other programs that you dont recognize in that list in your next response

Now run the Norton removal tool and reboot

Finaly for now

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in.
  • 0

#7
jing2
Posted 10 January 2008 - 12:27 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for the instructions. Here is my report and the log I attached:

1. By the end of removing LiveUpdate Notice (Symantec Corporation), I got a message" fatal error during installation", I don't if it matters, but the program was removed. I think I better report this just in case.

2. I looked throug other programs from "Add/Remove Programs", since I share the same computer (with different account names) with my husband, there are some programs I don't recognize. I think it is likely my husband's. Will it be too late if I get him have a look after he gets home? I do want to delete some programs that I know like "Qicktime". But I couldn't do it. That is one of the helps I need.

3. The computer reboot after I run the "Norton removal", then it goes to the Symantec website asked "Reinstalling after run Norton Removal". I don't know how. Also it was not in your instruction.

4. Then I was downloading WinPFind35u.ext, something scary happened. The Kaspersky in my computer told me "Trojan.win32.Inject.mf" found from downloading "bleepingcomputer.com", also virus "Heur.Invader" found from downloading "bleepingcomputer.com". But I still finished the download and the rest of your instruction.

5. When I run WinPFind3u, after I clicked "Run Scan" I noticed there is a choice "Scan All User Accounts". I wonder if I should check that since we have two accounts on our computer.

I appreciate your help a lot. This is the best website I found to solve computer problems. Hope mine are not far from being resolved.

Attached Files


  • 0

#8
Essexboy
Posted 10 January 2008 - 12:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

When I run WinPFind3u, after I clicked "Run Scan" I noticed there is a choice "Scan All User Accounts". I wonder if I should check that since we have two accounts on our computer.

Yes please as this is a new version I am not 100% on where it can look

Then I was downloading WinPFind35u.ext, something scary happened. The Kaspersky in my computer told me "Trojan.win32.Inject.mf" found from downloading "bleepingcomputer.com", also virus "Heur.Invader" found from downloading "bleepingcomputer.com". But I still finished the download and the rest of your instruction.

The tools we use sometimes have the behaviour of trojans as they need to do some deep work

I looked throug other programs from "Add/Remove Programs", since I share the same computer (with different account names) with my husband, there are some programs I don't recognize. I think it is likely my husband's. Will it be too late if I get him have a look after he gets home? I do want to delete some programs that I know like "Qicktime". But I couldn't do it. That is one of the helps I need.

We will leave that till the end and then go through the steps

I did not find a great deal on that run - are you still getting the error ?

Firstly your Java is a few years out of date and a security risk
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {0029C368-9758-4887-9755-C8761F5FDE61} [HKEY_LOCAL_MACHINE] -> []
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symant...ex/symdlmgr.cab[Symantec Download Manager]
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Finally to be sure

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#9
jing2
Posted 10 January 2008 - 02:12 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
HI Essexboy,

Here is my report.

1. I only found one Java "J2SE" and removed it. Then I installed teh newer version you suggested.

2. Had a little problem when "Run Fix" with WinPFind3u. The fix took a very short time as you said. But I never saw a "OK" button and there was no log. A message asked me " The system requires a reboot to finish removing files. Do you want to reboot now?" I clicked Yes. Then I found a file in a new folder "MovedFiles" under the WinPFind3u folder, not sure it is the one. So I post it here anyway:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0029C368-9758-4887-9755-C8761F5FDE61} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0029C368-9758-4887-9755-C8761F5FDE61}\ deleted successfully.
Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862}
C:\WINDOWS\Downloaded Program Files\symdlmgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\Wife\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Wife\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 01102008_113215


After reboot I then repeated the same procedure just in case I did something wrong. The result was the same and I had to reboot again. Here is the log after I repeated:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0029C368-9758-4887-9755-C8761F5FDE61} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0029C368-9758-4887-9755-C8761F5FDE61}\ not found.
Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862}
C:\WINDOWS\Downloaded Program Files\symdlmgr.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.
[Empty Temp Folders]
C:\DOCUME~1\Wife\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Wife\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 01102008_114210


3. I did a new WinPFind3u scan with All Users Account, here is the log:

WinPFind35 logfile created on: 1/10/2008 11:42:44 AM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Wife\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

503.30 Mb Total Physical Memory | 120.03 Mb Available Physical Memory | 23.85% Memory free
1.20 Gb Paging File | 0.78 Gb Available in Paging File | 65.06% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 101.31 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 1.97 Gb Free Space | 28.31% Space Free | Partition Type: FAT32
Drive E: | 2.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded

Computer Name: HPA815N
Current User Name: Wife
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 4:31:10 AM | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
bgsvcgen.exe -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr = ]
washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> [Ver = | Size = 388936 bytes | Modified Date = 8/9/2007 12:56:26 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 1:04:38 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 7:51:14 AM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 2:06:38 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 5:02:48 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3034 | Size = 180269 bytes | Modified Date = 1/3/2005 8:34:13 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 00, 100, 1161 | Size = 69632 bytes | Modified Date = 4/13/2004 6:07:18 AM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 12 | Size = 77824 bytes | Modified Date = 7/28/2004 9:40:18 AM | Attr = ]
alcwzrd.exe -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.12 | Size = 2551808 bytes | Modified Date = 7/28/2004 10:34:22 AM | Attr = ]
alcmtr.exe -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.4 | Size = 57344 bytes | Modified Date = 7/20/2004 2:22:12 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.019 | Size = 37888 bytes | Modified Date = 11/14/2003 8:50:00 AM | Attr = ]
motivesb.exe -> %ProgramFiles%\Verizon Online\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.11.asst_classic.smartbridge.0 | Size = 385024 bytes | Modified Date = 10/27/2005 7:47:27 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 1/3/2005 8:40:43 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 1:25:42 AM | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
quickdcf2.exe -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Modified Date = 6/9/2006 7:38:00 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr = ]
mpbtn.exe -> %ProgramFiles%\Verizon Online\bin\mpbtn.exe -> Motive Communications, Inc. [Ver = 5.0.2.4.asst_classic.asst_mpbtn.20020806_105000 | Size = 221184 bytes | Modified Date = 11/3/2003 1:43:08 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 4:31:10 AM | Attr = ]
(AVP) 卡巴斯基互联网安全套装 7.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 4/30/2005 5:02:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 8:00:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ]
(wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> [Ver = | Size = 388936 bytes | Modified Date = 8/9/2007 12:56:26 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 1:25:42 AM | Attr = ]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 2:06:38 AM | Attr = ]
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.4 | Size = 57344 bytes | Modified Date = 7/20/2004 2:22:12 AM | Attr = ]
AlcWzrd -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.12 | Size = 2551808 bytes | Modified Date = 7/28/2004 10:34:22 AM | Attr = ]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
High Definition Audio Property Page Shortcut -> %System32%\Hdaudpropshortcut.exe -> Windows ® Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 3/17/2004 4:10:40 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 7:51:14 AM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 1:04:38 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 00, 100, 1131 | Size = 196608 bytes | Modified Date = 4/17/2004 12:41:30 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 00, 100, 1161 | Size = 69632 bytes | Modified Date = 4/13/2004 6:07:18 AM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 5:02:48 AM | Attr = ]
KernelFaultCheck -> -> File not found
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Modified Date = 11/7/2003 1:50:00 AM | Attr = ]
LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 6:54:32 AM | Attr = ]
Motive SmartBridge -> %ProgramFiles%\Verizon Online\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.11.asst_classic.smartbridge.0 | Size = 385024 bytes | Modified Date = 10/27/2005 7:47:27 PM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/3/2004 8:00:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 1/3/2005 8:40:43 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 5:43:46 AM | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 10:32:10 PM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 12 | Size = 77824 bytes | Modified Date = 7/28/2004 9:40:18 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3034 | Size = 180269 bytes | Modified Date = 1/3/2005 8:34:13 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Run [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 10/14/2004 7:38:26 PM | Attr = HS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 10/14/2004 7:38:26 PM | Attr = HS]
%AllUsersStartup%\Exif Launcher 2.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF2.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Modified Date = 6/9/2006 7:38:00 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr = ]
%AllUsersStartup%\Verizon Online Support Center.lnk -> %ProgramFiles%\Verizon Online\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.0.2.4.asst_classic.asst_matcli.20020806_105000 | Size = 204800 bytes | Modified Date = 8/6/2002 10:07:38 AM | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 10/14/2004 7:38:26 PM | Attr = HS]
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Guest\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 10/14/2004 7:38:26 PM | Attr = HS]
< Wife Startup Folder > -> C:\Documents and Settings\Wife\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 10/14/2004 7:38:26 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 4:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 7:50:54 AM | Attr = ]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 12:51:48 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 157 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 157 ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://us.f517.mail....d=5odhnlb41omqq ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\: Main\\Start Page -> http://us.f517.mail....d=5odhnlb41omqq ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4149 domain(s) found. ->
36 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4149 domain(s) found. ->
36 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4149 domain(s) found. ->
36 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4149 domain(s) found. ->
36 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 5:26:28 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 5:26:28 AM | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 5:26:28 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 5:26:28 AM | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 5:26:28 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{95B3F550-91C4-4627-BCC4-521288C52977} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
添加到反广告条 -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm -> [Ver = | Size = 1317 bytes | Modified Date = 6/28/2007 12:40:16 PM | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{95B3F550-91C4-4627-BCC4-521288C52977} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\] > -> HKEY_USERS\S-1-5-21-1456150242-3811710850-720930221-1010\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
添加到反广告条 -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm -> [Ver = | Size = 1317 bytes | Modified Date = 6/28/2007 12:40:16 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
Extension\.au -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin2.dll [QuickTime Plug-in 6.5.1] -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 106496 bytes | Modified Date = 11/17/2005 9:43:40 PM | Attr = ]
Extension\.mid -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin2.dll [QuickTime Plug-in 6.5.1] -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 106496 bytes | Modified Date = 11/17/2005 9:43:40 PM | Attr = ]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0C5BA875-E43D-4BC6-A4DC-AC7178888B0F} -> (Windows Mobile-based Device) ->
{9D3F79ED-D689-40AB-B569-3D7A2F08AEF5} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{D29BEC88-05C9-4D2D-AB23-1CA2875A50E6} -> () ->
{EC9DB42D-41D0-4D34-A9BA-4D522584DF1E} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533}[HKEY_LOCAL_MACHINE] -> https://support.micr...veX/MSDcode.cab[Microsoft Data Collection Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...director/sw.cab[Shockwave ActiveX Control] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail....es/MSNPUpld.cab[MSN Photo Upload Tool] ->
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}[HKEY_LOCAL_MACHINE] -> http://catalog.updat...b?1199053659359[MUCatalogWebControl Class] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onec...lscbase4009.cab[Windows Live Safety Center Base Module] ->
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symant...ex/symdlmgr.cab[Reg Error: Key does not exist or could not be opened.] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.mi...b?1199165303125[MUWebControl Class] ->
{7FC1B346-83E6-4774-8D20-1A6B09B0E737}[HKEY_LOCAL_MACHINE] -> http://zhangtongle.s...ad/MsnPUpld.cab[Windows Live Photo Upload Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...ash/swflash.cab[Shockwave Flash Object] ->
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://confirma.web...ort/ieatgpc.cab[GpcContainer Class] ->
{E9A7F56F-C40F-4928-8C6F-7A72F2A25222}[HKEY_LOCAL_MACHINE] -> http://www.imagestat....cab?v=1,0,0,37[AxRUploadControl Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/9/2008 2:29:13 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527814656 bytes | Created Date = 1/6/2008 1:05:17 PM | Attr = HS]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 1/4/2008 7:17:51 PM | Attr = ]
qaqufnoxjvps.sys -> %System32%\drivers\qaqufnoxjvps.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/5/2008 3:02:03 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/5/2008 2:45:42 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/5/2008 2:44:59 PM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/10/2008 11:25:51 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/10/2008 11:25:51 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/10/2008 11:25:51 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/10/2008 11:25:51 AM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5588 bytes | Created Date = 1/6/2008 10:15:53 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/5/2008 2:44:59 PM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 1/6/2008 10:15:05 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/9/2008 2:30:16 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
7b976e8e38b334a2ec9626f9 -> %SystemDrive%\7b976e8e38b334a2ec9626f9 -> [Folder | Modified Date = 1/5/2008 3:21:17 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/10/2008 11:25:56 AM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/9/2008 2:29:13 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527814656 bytes | Modified Date = 1/10/2008 11:35:17 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/10/2008 9:24:14 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/4/2008 4:57:29 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/10/2008 11:38:02 AM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 4435232 bytes | Modified Date = 1/10/2008 11:41:16 AM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 60356 bytes | Modified Date = 1/10/2008 11:34:26 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 101152 bytes | Modified Date = 1/10/2008 11:38:04 AM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 10484 bytes | Modified Date = 1/10/2008 11:34:26 AM | Attr = HS]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 85860 bytes | Modified Date = 12/29/2007 8:55:07 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 12/29/2007 8:58:00 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 91492 bytes | Modified Date = 12/29/2007 8:55:07 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/4/2008 9:26:57 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/10/2008 11:36:30 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/4/2008 5:11:25 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/30/2007 8:04:33 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/6/2008 11:11:49 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 224816 bytes | Modified Date = 12/30/2007 10:45:14 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/5/2008 3:16:56 PM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Modified Date = 12/20/2007 11:11:52 PM | Attr = ]
Restore -&
  • 0

#10
Essexboy
Posted 10 January 2008 - 04:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As far as I can see you are malware free - are you still experiencing the stated error since you removed Norton. As I feel that may well have been your problem

Can you let me know how your computer is running now :)
  • 0

Advertisements

#11
jing2
Posted 10 January 2008 - 04:43 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi again.

It looks like my last post lost my point 4 and 5.

Here are they:

1. I downloaded combofix but I can't run it. I was told it is "not a valid Win32 application.

2. I can't turn on Automatic Updates in Security Center. It is gray. I can't select it.

3. In case the Hijackthis log was missing also, here it is again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:58 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f517.mail....d=5odhnlb41omqq
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1199053659359
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199165303125
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://zhangtongle.s...ad/MsnPUpld.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://confirma.web...ort/ieatgpc.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,37
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ??????????? 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8269 bytes
  • 0

#12
Essexboy
Posted 10 January 2008 - 04:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi jing whilst I prepare a fix for your other problems could you redownload and try a new version of combofix

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#13
jing2
Posted 10 January 2008 - 04:58 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Forgot to mention that message Ox8DDD0003 stopped showing after I tried to upgrade windows by using a download some software called"xp_winupd_netpolicy.vbs" and "winupdate.vbs". I don't know which one worked. Or none of them but something else. I have downloaded so much stuff this past few days. I don't know which one got my windows updated. But I don't want to go through this everytime when I just want to update windows.

The computer is running OK otherwise.
  • 0

#14
Essexboy
Posted 10 January 2008 - 05:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am attaching a registry fix to restore updates. Download and Unzip then right click and select merge. Reboot and let me know if that has worked


  • 0

#15
jing2
Posted 10 January 2008 - 05:35 PM

jing2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Essexboy,

I finally could run teh combofix.exe. Just before it was done scanning. I got a pop up I believe from "Anti-Spyware" telling me a Malware was found called "Backdoor and something", the window was gone before I could write down the name and do something about it. Here is the log from combofix. I will send you Hijackthis log next post and do the new task you gave me after that.

ComboFix 08-01-10.2 - Wife 2008-01-10 15:07:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -8:00]
Running from: C:\Documents and Settings\Wife\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\ardasase.fon
C:\WINDOWS\Fonts\avwlhin.dll
C:\WINDOWS\Fonts\jshuaxw.fon
C:\WINDOWS\Fonts\jsqxassb.dll
C:\WINDOWS\Fonts\kvdxlcfb.dll
C:\WINDOWS\Fonts\kvdxslcf.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 15:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 11:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-09 14:29 . 2008-01-09 14:29 <DIR> d-------- C:\Deckard
2008-01-06 13:34 . 2008-01-06 13:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 11:11 . 2008-01-06 11:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 11:11 . 2008-01-06 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 10:15 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-06 10:15 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-06 10:15 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-06 10:15 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-06 10:15 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-06 10:15 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-06 10:15 . 2008-01-06 10:26 5,588 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 15:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qaqufnoxjvps.sys
2008-01-05 14:44 . 2008-01-05 15:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-05 14:44 . 2008-01-05 15:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-05 10:10 . 2008-01-05 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 10:09 . 2008-01-05 16:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 10:09 . 2008-01-05 10:09 <DIR> d-------- C:\Documents and Settings\Wife\Application Data\SUPERAntiSpyware.com
2008-01-05 10:08 . 2008-01-06 11:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 19:18 . 2008-01-04 19:18 <DIR> d-------- C:\Documents and Settings\Wife\Application Data\Grisoft
2008-01-04 19:17 . 2008-01-04 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 19:17 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-04 10:17 . 2008-01-04 16:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-04 09:27 . 2008-01-04 09:27 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 23:23 4,542,752 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-10 23:23 105,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-10 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-10 23:20 61,700 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-10 23:20 10,868 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-10 19:25 --------- d-----w C:\Program Files\Java
2008-01-10 17:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-06 18:43 --------- d-----w C:\Program Files\PPLive
2008-01-06 00:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-06 00:24 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-01-05 23:19 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 22:58 --------- d-----w C:\Program Files\FinePixViewer
2007-12-30 04:55 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-30 04:55 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-28 21:04 51,304 ----a-w C:\WINDOWS\system32\drivers\atnt40k.sys
2007-11-26 01:18 --------- d-----w C:\Documents and Settings\Wife\Application Data\MRTalk
2007-11-26 01:11 --------- d-----w C:\Program Files\MediaRing
2007-11-19 03:35 --------- d-----w C:\Program Files\Common Files\Synacast
2007-11-19 03:35 --------- d-----w C:\Documents and Settings\Wife\Application Data\PPMate
2007-11-19 03:30 --------- d-----w C:\Program Files\PPStream
2007-11-14 03:08 --------- d-----w C:\Program Files\IPRO Tech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-05 06:13 500 ----a-w C:\Documents and Settings\Wife\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 01:04 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 07:51 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 02:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 05:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-03 08:34 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 05:43 233472]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 09:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-28 10:34 2551808 C:\WINDOWS\ALCWZRD.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 06:54 253952]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 20:41 94208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 20:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-03 20:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 20:00 455168]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-10-27 19:47 385024]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 08:40 98304]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2006-12-31 14:20:46]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-10-27 19:34:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 12:56]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 23:25:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 15:23:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 15:28:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 23:28:23
.
2000-12-29 22:58:07 --- E O F ---
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP