Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I am having serious isses with more than 19 viruses not limited to tro


  • This topic is locked This topic is locked

#31
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\WINDOWS\system32\ntkrnlpa.exe
C:\WINDOWS\system32\ntoskrnl.exe


Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

Advertisements


#32
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here are both files you wanted analised:

http://www.virustota...d38e10309d1c541

http://www.virustota...15af6b46d8eb0ee
  • 0

#33
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I am not seeing aything else in your logs.

I do however believe that something is still left over.
So please try to run the E-Scan again and copy the results of the files deleted in your next reply.
Please also update the program before running it.
  • 0

#34
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
This would be the scans u asked 4?? Thanks

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2008-04-15 00:31:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-04-15 07:31:34 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-04-13 08:16:29 UTC - RP13 - ComboFix created restore point
12: 2008-04-12 23:59:54 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2008-04-12 10:03:35 UTC - RP11 - Software Distribution Service 3.0
10: 2008-04-12 06:48:26 UTC - RP10 - System Checkpoint


-- First Restore Point --
1: 2008-04-08 23:45:26 UTC - RP1 - Norton Antivirus post configuration restore point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 00:33:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\arpwrmsg.exe
C:\WINDOWS\mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DISCUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UZEFYD4F\dss[1].exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://trymedia.com (HKLM)
O15 - Trusted Zone: https://trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


--
End of file - 8099 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 cmuda3 (Xtreme Sound PCI Audio Interface) - c:\windows\system32\drivers\cmuda3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 catchme - c:\docume~1\compaq~1\locals~1\temp\catchme.sys (file missing)
S3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 07:24:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 14:27:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-14 14:27:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 14:27:35 0 d-------- C:\WINDOWS\LastGood
2008-04-14 05:52:40 0 d-------- C:\Kaspersky
2008-04-11 08:45:19 0 d-------- C:\Documents and Settings\Compaq_Administrator\DoctorWeb
2008-04-10 08:40:19 0 d-------- C:\Program Files\Bonjour
2008-04-10 08:31:46 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-09 09:45:28 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-04-09 09:43:20 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-04-09 09:43:19 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-04-09 09:43:19 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-04-09 09:43:19 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-04-09 09:43:19 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-04-09 09:43:18 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-04-08 18:17:17 73728 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-08 16:52:42 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-08 16:41:35 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Recent
2008-04-08 16:40:45 0 dr-hs---- C:\cmdcons
2008-04-08 16:40:10 0 d-------- C:\WINDOWS\setupupd
2008-04-08 16:32:37 0 dr------- C:\Documents and Settings\Compaq_Administrator\Favorites
2008-04-08 16:32:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Desktop
2008-04-08 16:32:37 0 d--hs---- C:\Documents and Settings\Compaq_Administrator\Cookies
2008-04-08 16:32:37 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Application Data
2008-04-08 16:32:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2008-04-08 16:32:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape
2008-04-08 16:32:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
2008-04-08 16:32:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
2008-04-08 16:32:37 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2008-04-08 16:32:36 0 d-------- C:\Documents and Settings\Compaq_Administrator\WINDOWS
2008-04-08 16:32:36 0 d--h----- C:\Documents and Settings\Compaq_Administrator\Templates
2008-04-08 16:32:36 0 dr------- C:\Documents and Settings\Compaq_Administrator\Start Menu
2008-04-08 16:32:36 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\SendTo
2008-04-08 16:32:36 0 d--h----- C:\Documents and Settings\Compaq_Administrator\PrintHood
2008-04-08 16:32:36 0 d--h----- C:\Documents and Settings\Compaq_Administrator\NetHood
2008-04-08 16:32:36 0 dr------- C:\Documents and Settings\Compaq_Administrator\My Documents
2008-04-08 16:32:36 0 d--h----- C:\Documents and Settings\Compaq_Administrator\Local Settings
2008-04-08 16:32:35 1572864 --a------ C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT
2008-04-08 16:26:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-08 15:20:31 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-04-07 20:45:05 0 d-------- C:\MY_Sweeny Todd
2008-04-07 08:02:54 0 d-------- C:\Downloads <DOWNLO~1>
2008-04-07 08:02:54 0 d-------- C:\Bases
2008-04-06 21:41:45 0 d-------- C:\MY_Truman
2008-04-06 19:42:14 0 d-------- C:\MY_martian
2008-04-05 13:05:52 68096 --a------ C:\WINDOWS\zip.exe
2008-04-05 13:05:52 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-05 13:05:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-05 13:05:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-05 13:05:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-05 13:05:52 98816 --a------ C:\WINDOWS\sed.exe
2008-04-05 13:05:52 80412 --a------ C:\WINDOWS\grep.exe
2008-04-05 13:05:52 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-05 02:23:59 0 d-------- C:\WINDOWS\ERUNT
2008-04-03 06:02:38 0 d-------- C:\Program Files\Panda Security
2008-04-02 21:59:31 0 d-------- C:\kav
2008-04-01 23:36:59 0 d-------- C:\Program Files\InterActual
2008-04-01 19:37:38 0 d-------- C:\MY_DVD
2008-04-01 19:32:47 0 d-------- C:\MY_DVDS
2008-03-29 01:03:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 01:02:25 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-03-29 00:54:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 09:45:27 56 --a------ C:\ut9x.bat
2008-03-28 09:45:26 54 --a------ C:\ut.bat
2008-03-28 09:32:36 0 d--h----- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}
2008-03-28 09:31:50 0 d-------- C:\Program Files\XPC Tools
2008-03-28 05:57:23 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
2008-03-27 00:20:20 0 d-------- C:\AWAKE
2008-03-25 11:33:40 0 dr-h----- C:\$VAULT$.AVG
2008-03-25 10:43:06 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG7
2008-03-25 10:42:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-25 10:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-25 05:26:24 0 d-------- C:\Program Files\Digital Locker Assistant
2008-03-24 08:09:08 0 d-------- C:\Program Files\Trend Micro
2008-03-24 07:25:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 07:21:33 0 d-------- C:\Program Files\SpywareBlaster
2008-03-24 06:37:56 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Grisoft
2008-03-24 06:37:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-22 14:47:04 0 d--hs---- C:\found.003
2008-03-22 14:27:59 262144 --a------ C:\Documents and Settings\Application Data\NTUSER.DAT
2008-03-22 14:25:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Netscape
2008-03-22 14:25:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-03-22 02:40:30 0 d-------- C:\Program Files\eSoftware
2008-03-22 02:35:51 6656 --a------ C:\hlpr.exe
2008-03-20 21:17:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-03-20 12:44:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-03-20 12:42:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-03-20 12:36:59 0 d-------- C:\Program Files\VstPlugins
2008-03-20 12:30:59 0 d-------- C:\Program Files\Image-Line
2008-03-16 01:31:23 0 d-------- C:\WINDOWS\Recent
2008-03-16 01:31:14 0 d-------- C:\audio
2008-03-15 23:20:38 0 d-------- C:\Program Files\Audacity
2008-03-15 23:04:39 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Anvil Studio


-- Find3M Report ---------------------------------------------------------------

2008-04-12 07:47:14 0 d-------- C:\Program Files\music_now
2008-04-12 06:47:24 0 d-------- C:\Program Files\BPKL
2008-04-12 02:42:30 0 d-------- C:\Program Files\BPK
2008-04-10 08:48:30 0 d-------- C:\Program Files\iTunes
2008-04-10 08:38:18 0 d-------- C:\Program Files\QuickTime
2008-04-09 18:00:15 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-09 17:53:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-09 09:43:02 0 d-------- C:\Program Files\Ahead
2008-04-08 19:11:34 0 d-------- C:\Program Files\Symantec
2008-04-08 19:11:17 0 d-------- C:\Program Files\Common Files
2008-04-08 18:42:53 0 d-------- C:\Program Files\BitTorrent
2008-04-08 18:20:03 123117 --a------ C:\WINDOWS\HPHins12.dat
2008-04-08 18:17:18 0 d-------- C:\Program Files\HP
2008-04-08 16:51:26 0 d-------- C:\Program Files\Xtreme Sound PCI
2008-04-07 12:31:20 0 d-------- C:\Program Files\Verizon
2008-04-02 11:13:17 0 d-------- C:\Program Files\Soulseek
2008-03-29 17:27:41 0 d--hs---- C:\Program Files\KGS
2008-03-25 04:36:14 0 d-------- C:\Program Files\WinZip E-Mail Companion
2008-03-25 04:35:29 2237963 --a------ C:\Program Files\WinZip E-Mail Companion.zip
2008-03-25 03:09:23 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-25 03:07:18 0 d-------- C:\Program Files\MSN Messenger
2008-03-25 00:11:34 10085 --a------ C:\Program Files\hijackthis.log
2008-03-24 23:58:05 3154 --a------ C:\WINDOWS\mozver.dat
2008-03-24 09:05:52 0 d-------- C:\Program Files\ASMtr
2008-03-23 00:38:17 0 d-------- C:\Program Files\LimeWire
2008-03-22 11:52:34 15 --a------ C:\WINDOWS\7743-3BAB-7E13-1D63.dat
2008-03-21 00:09:34 0 d-------- C:\Program Files\Mario Forever
2008-03-14 21:18:55 104 --a------ C:\Program Files\Recycle Bin.lnk
2008-03-14 20:54:42 0 d-------- C:\Program Files\Picasa2
2008-03-14 00:06:00 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2008-03-11 08:53:50 0 d-------- C:\Program Files\Xtreme Sound Driver Setup
2008-03-08 16:05:04 0 d-------- C:\Program Files\Apple Software Update
2008-02-28 21:11:58 0 d-------- C:\Program Files\AOL 9.1
2008-02-28 21:11:22 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AOL
2008-02-28 21:10:46 0 d-------- C:\Program Files\Common Files\AOL
2008-02-28 21:10:28 0 d-------- C:\Program Files\Common Files\aolshare
2008-02-28 21:09:56 0 d-------- C:\Program Files\Viewpoint
2008-02-28 21:09:53 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-02-28 21:04:31 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla
2008-02-28 20:36:47 0 d-------- C:\Program Files\Carbonite
2008-02-28 02:02:10 2210 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-02-24 20:48:03 0 d-------- C:\Program Files\Disney
2008-02-19 02:09:30 0 d-------- C:\Program Files\Common Files\ISPCOMP
2008-02-15 15:17:49 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\TomTom
2008-02-15 15:17:40 0 d-------- C:\Program Files\TomTom HOME 2
2008-02-15 15:17:32 0 d-------- C:\Program Files\TomTom HOME


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 09:01 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 02:05 PM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 08:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/02/2005 11:19 PM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 03:50 PM]
"nwiz"="nwiz.exe" [05/09/2006 03:50 PM C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 10:14 PM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 10:34 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 02:23 AM]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"CmPCIaudio"="CMICNFG3.CPL" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/25/2008 10:42 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/14/2006 03:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 5:05:26 AM]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [8/14/2006 4:13:46 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/3/2007 12:10:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)




-- End of Deckard's System Scanner: finished at 2008-04-15 00:36:44 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 446.48 MiB / 98.66 MiB
Pagefile Memory (total/avail): 1053.66 MiB / 602.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.34 MiB

C: is Fixed (NTFS) - 177.73 GiB total, 85.33 GiB free.
D: is Fixed (FAT32) - 8.56 GiB total, 0.54 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JS-60NCB1 - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 177.73 GiB - C:
\PARTITION1 - Unknown - 8.57 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=Compaq_Administrator
USERPROFILE=C:\Documents and Settings\Compaq_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
--> "C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Compaq Connections (remove only) --> C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover --> "C:\Program Files\DISC\uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D1AE6D4D-C37A-487d-83D8-C333125B2459}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Support Overview --> "C:\WINDOWS\unins000.exe"
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft Away Mode -->
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 60 days trial --> c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PCI Audio Driver --> cmuninst.exe
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Remove WeatherBug Installer --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Xtreme Sound PCI --> C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\Xtreme Sound PCI#C-Media PCI Audio#Xtreme Sound PCI#
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type260 / Error
Event Submitted/Written: 04/15/2008 00:36:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module nss3.dll, version 3.11.5.0, fault address 0x000306df.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type256 / Error
Event Submitted/Written: 04/14/2008 08:53:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type255 / Error
Event Submitted/Written: 04/14/2008 08:53:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type254 / Error
Event Submitted/Written: 04/14/2008 08:53:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type241 / Error
Event Submitted/Written: 04/12/2008 11:37:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss(2).exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001152a.
Processing media-specific event for [dss(2).exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type960 / Warning
Event Submitted/Written: 04/14/2008 05:09:18 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type958 / Warning
Event Submitted/Written: 04/13/2008 07:21:15 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type957 / Warning
Event Submitted/Written: 04/13/2008 07:44:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type936 / Error
Event Submitted/Written: 04/13/2008 05:42:13 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type935 / Error
Event Submitted/Written: 04/13/2008 05:42:13 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The MCSTRM service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-15 00:36:44 ------------
  • 0

#35
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No please try to run the E-Scan again and copy the results of the files deleted in your next reply.
Please also update the program before running it.
  • 0

#36
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Kahdah here is the e-scan repeated and updated.

Tuesday, April 15, 2008 10:18:13 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 707202
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 405389
Number of viruses found 28
Number of infected objects 86
Number of suspicious objects 0
Duration of the scan process 07:52:51

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\20080402135902\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\Deckard\System Scanner\20080402135902\backup\WINDOWS\Downloaded Program Files\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe/Stream/data0001 Infected: not-a-virus:Monitor.Win32.ActualSpy.2805 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe/Stream/data0002 Infected: not-a-virus:Monitor.Win32.ActualSpy.2805 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe/Stream/data0006 Infected: not-a-virus:Monitor.Win32.ActualSpy.2805 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe/Stream/data0007 Infected: not-a-virus:Monitor.Win32.ActualSpy.2805 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe/Stream Infected: not-a-virus:Monitor.Win32.ActualSpy.2805 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe Inno: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe CryptFF: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65C32625.exe Infected: not-a-virus:Monitor.Win32.QuickKeyLogger.d skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\history.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\key3.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\DoctorWeb\Quarantine\A0005665.exe Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped
C:\Documents and Settings\Compaq_Administrator\DoctorWeb\Quarantine\bpklr.exe Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdMgr.exe.f0c5ac89.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9029v3gz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\fla3A7C.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\fla3A7D.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.ae skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.ae skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.ae skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe/data0010/stream/data0005 Infected: not-a-virus:Downloader.Win32.AdLoad.b skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe/data0010/stream Infected: not-a-virus:Downloader.Win32.AdLoad.b skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe/data0010 Infected: not-a-virus:Downloader.Win32.AdLoad.b skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus\setup.exe NSIS: infected - 6 skipped
C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe/data.rar/pfkhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.ca skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe/data.rar/pfk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe/data.rar/rinst.exe Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe/data.rar Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe RarSFX: infected - 4 skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\FileRep.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000017.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\KGS\winlogon.dll Infected: not-a-virus:Monitor.Win32.KGBSpy.34 skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 Infected: Backdoor.Win32.RAdmin.ag skipped
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32.mwt Infected: Backdoor.Win32.RAdmin.ag skipped
C:\Program Files\Quicken\inst_RestartExe.exe/data.rar/bpkhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped
C:\Program Files\Quicken\inst_RestartExe.exe/data.rar/bpk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
C:\Program Files\Quicken\inst_RestartExe.exe/data.rar/rinst.exe Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped
C:\Program Files\Quicken\inst_RestartExe.exe/data.rar Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped
C:\Program Files\Quicken\inst_RestartExe.exe RarSFX: infected - 4 skipped
C:\Program Files\Quicken\inst_START.exe/data.rar/bpkhk.dll Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped
C:\Program Files\Quicken\inst_START.exe/data.rar/bpk.exe Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped
C:\Program Files\Quicken\inst_START.exe/data.rar/rinst.exe Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped
C:\Program Files\Quicken\inst_START.exe/data.rar Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped
C:\Program Files\Quicken\inst_START.exe RarSFX: infected - 4 skipped
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\m3SrchMn.exe.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{BD45FE35-51A6-40F6-BAF5-9B2F4262B7C5}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4E6555AC-9356-4C2C-AFFF-A535FE5479FD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_e3c.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04022008_203125\Program Files\Common Files\xibafipy89104.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
D:\I386\APPS\APP15968\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP15968\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP15968\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP15968\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\I386\APPS\APP15968\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP15968\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP15968\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP15968\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP14\change.log Object is locked skipped
Scan process completed.
  • 0

#37
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65C32625.exe
    C:\Documents and Settings\Compaq_Administrator\DoctorWeb
    C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus
    C:\hp\bin\wbug\CompaqPresario_Spring06.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe 
    C:\Program Files\KGS\winlogon.dll 
    C:\Program Files\MSN Messenger\riched20.dll 
    C:\Program Files\MSN Messenger\msimg32.dll
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll 
    C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
    C:\Program Files\Quicken\inst_RestartExe.exe
    C:\Program Files\Quicken\inst_START.exe
    D:\I386\APPS\APP15968\src\CompaqPresario_Spring06.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================
Please post that log and a new Hijackthis log and then let me kow how things are running?
  • 0

#38
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
This is the otmoveit 2 , and Hijac this logs!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDC09E7.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65C32625.exe moved successfully.
C:\Documents and Settings\Compaq_Administrator\DoctorWeb\Quarantine moved successfully.
C:\Documents and Settings\Compaq_Administrator\DoctorWeb moved successfully.
< C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus >
C:\Documents and Settings\Compaq_Administrator\My Documents\Fast Times Stuff\[Full] cakewalk recording music with Bonus moved successfully.
C:\hp\bin\wbug\CompaqPresario_Spring06.exe moved successfully.
C:\Program Files\Adobe\Acrobat 7.0\Reader\inst_AcroRd32FlashPlayer9.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\KGS\winlogon.dll
C:\Program Files\KGS\winlogon.dll NOT unregistered.
C:\Program Files\KGS\winlogon.dll moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\MSN Messenger\riched20.dll NOT unregistered.
C:\Program Files\MSN Messenger\riched20.dll moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\msimg32.dll NOT unregistered.
C:\Program Files\MSN Messenger\msimg32.dll moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe moved successfully.
C:\Program Files\Quicken\inst_RestartExe.exe moved successfully.
C:\Program Files\Quicken\inst_START.exe moved successfully.
D:\I386\APPS\APP15968\src\CompaqPresario_Spring06.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04162008_021209

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:51 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\OTMoveIt2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8066 bytes
  • 0

#39
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
=================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===========================
Please delete\uninstall anything else that we used.
Empty your recycle bin:
Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.

2. Reboot.

3. Turn ON System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.


How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
========================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#40
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Kahdah, regarding the system restore, after turning off system restore and rebooting and going back to the system restore tab I unchecked turn off system, but at this point in the instructions it says to check the turn on system restore box. There is not a box to check turn on system restore. I left the turn off system restore uncheked. There is not any kind of actions taken when you restore the system? When I originally had issues, I tried to restore my comp by going to f10 button st start up. It didnt seem like it did any of that sort of thing when I rebooted, it seemed like a normal reboot?? I havent had a real chance to see how good its running yet, but what I have tried seems to be working well. Could you please get back to me on the system restore thing? Thank you very much Kadah!
  • 0

Advertisements


#41
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
When you uncheck the box it turns it back on.
  • 0

#42
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey Kahdah, I really appreciate all the help! My computer almost seems back to normal, in fact I really cant tell if it is or isnt all the way back, so it must be close! It does take a minute for the internet to load up initally, but everything else seems to be working just fine! I would say this issue has been resolved! Thanks again Geeks To Go and Kahdah!
  • 0

#43
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#44
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP