Steps taken:
1.- Removed previous versions of java then updated to latest JRE.
2.- Removed limeware for now.
3.- Submitted for VirusTotal check file: C:\WINDOWS\system32\tmp915B1.FOT results log below.
4.- Executed VundoFix and Deckard's System Scanner, result logs below.
5.- Rebooted computer normal mode and excuted HijackThis.
-------------------------------------------------------------------------------------------------------------HIJACKTHIS Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:19 AM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://officialhomepage.org/home9.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/.../GrooveAX27.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{78CDA9E2-A74F-4122-A51D-F5089624C41C}: NameServer = 192.168.1.15,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = .
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = .
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = .
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mcdnifo - C:\WINDOWS\Registration\mcdnifo.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11693 bytes
-------------------------------------------------------------------------------------------------------------VIRUSTOTAL Log:AhnLab-V3 2008.4.3.3 2008.04.03 -
AntiVir 7.6.0.80 2008.04.03 -
Authentium 4.93.8 2008.04.03 -
Avast 4.7.1098.0 2008.04.02 -
AVG 7.5.0.516 2008.04.03 -
BitDefender 7.2 2008.04.03 -
CAT-QuickHeal 9.50 2008.04.02 -
ClamAV 0.92.1 2008.04.03 -
DrWeb 4.44.0.09170 2008.04.03 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5667 2008.04.03 -
Ewido 4.0 2008.04.03 -
F-Prot 4.4.2.54 2008.04.02 -
F-Secure 6.70.13260.0 2008.04.03 -
FileAdvisor 1 2008.04.03 -
Fortinet 3.14.0.0 2008.04.03 -
Ikarus T3.1.1.20 2008.04.03 -
Kaspersky 7.0.0.125 2008.04.03 -
McAfee 5265 2008.04.02 -
Microsoft 1.3408 2008.04.03 -
NOD32v2 2999 2008.04.03 -
Norman 5.80.02 2008.04.03 -
Panda 9.0.0.4 2008.04.03 -
Prevx1 V2 2008.04.03 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.03 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.04.03 -
TheHacker 6.2.92.263 2008.04.03 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.03 -
Webwasher-Gateway 6.6.2 2008.04.03 -
-------------------------------------------------------------------------------------------------------------VUNDOFIX Log:VundoFix V7.0.3
Scan started at 10:50:52 AM 4/3/2008
Listing files found while scanning....
No infected files were found.
-------------------------------------------------------------------------------------------------------------DSS MAIN Log:Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-04-03 11:17:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
70: 2008-04-03 16:17:23 UTC - RP488 - Deckard's System Scanner Restore Point
69: 2008-04-03 15:38:46 UTC - RP487 - Installed Java 6 Update 5
68: 2008-04-03 15:31:19 UTC - RP486 - Removed Java 2 Runtime Environment, SE v1.4.2_03
67: 2008-04-03 15:29:40 UTC - RP485 - Removed J2SE Runtime Environment 5.0 Update 8
66: 2008-04-01 16:16:57 UTC - RP484 - ComboFix created restore point
-- First Restore Point --
1: 2008-01-02 20:32:18 UTC - RP419 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as HP_Owner.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:33 AM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://officialhomepage.org/home9.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/.../GrooveAX27.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{78CDA9E2-A74F-4122-A51D-F5089624C41C}: NameServer = 192.168.1.15,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = .
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = .
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = .
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mcdnifo - C:\WINDOWS\Registration\mcdnifo.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11567 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080401-111420-139 O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\system32\DOBE~1\mshta.exe" -vt yazb
backup-20080401-111420-267 O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll (file missing)
backup-20080401-111420-297 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080401-111420-333 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080401-111420-340 O2 - BHO: (no name) - {9770CB9E-D343-40AA-88D7-CD57A816A06A} - C:\Program Files\Online Services\mezohetehC:\DOCUME~1\HP_Owner\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
backup-20080401-111420-507 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080401-111420-525 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080401-111420-534 O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
backup-20080401-111420-580 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
backup-20080401-111420-623 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080401-111420-625 O4 - HKLM\..\Run: [dilalufa] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dilalufa.dll"
backup-20080401-111420-663 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlbackup-20080401-111420-682 O8 - Extra context menu item: &Search -
http://bar.mywebsear...?p=ZNxdm006COUSbackup-20080401-111420-693 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080401-111420-704 O4 - HKLM\..\Run: [IMprocess] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IMAdvertiser.EXE
backup-20080401-111420-705 O2 - BHO: (no name) - {F4DA7DFC-1131-4791-8D46-C7CF756A3602} - C:\WINDOWS\Registration\mcdnifo.dll (file missing)
backup-20080401-111420-733 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080401-111420-824 O2 - BHO: (no name) - {a7293982-1dd1-11b2-8a34-94155e49565c} - C:\WINDOWS\bovijmxa.dll
backup-20080401-111420-862 O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
backup-20080401-111420-896 O4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exe
backup-20080401-111420-911 O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
backup-20080401-111420-980 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S0 _wff - c:\windows\system32\drivers\_wff.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-03 11:17:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2008-03-03 and 2008-04-03 -----------------------------
2008-04-03 10:50:52 0 d-------- C:\VundoFix Backups
2008-04-03 10:38:49 0 d-------- C:\Program Files\Common Files\Java
2008-04-01 11:16:34 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-04-01 11:16:34 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-04-01 11:16:34 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-04-01 11:16:34 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-31 11:05:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-31 11:05:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 11:05:20 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-03-29 12:44:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 12:42:50 0 d-------- C:\Program Files\Trend Micro
2008-03-29 12:29:53 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Grisoft
2008-03-29 12:29:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 11:44:11 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-28 18:24:05 335904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 18:19:15 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-28 18:19:11 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-28 18:17:54 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-28 18:17:17 0 d-------- C:\WINDOWS\Internet Logs
2008-03-28 15:16:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-03-28 15:05:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 15:05:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 15:04:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-28 15:02:52 0 d-------- C:\WINDOWS\FLEOK
2008-03-28 13:18:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-03-28 13:18:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-28 13:18:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-28 13:18:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-28 13:18:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-28 13:18:14 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-28 13:18:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-28 13:18:14 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-28 13:18:14 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-28 13:18:14 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-28 13:18:14 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-28 13:18:14 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-28 13:18:14 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-28 13:18:14 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-28 13:18:14 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-28 13:18:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-28 13:18:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-28 13:18:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-03-28 13:18:13 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-28 13:18:13 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-28 13:18:13 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-28 13:18:13 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 13:58:37 0 d-------- C:\Program Files\Win_Performance
2008-03-23 13:30:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-23 13:29:55 0 d-------- C:\Program Files\stc
2008-03-23 13:29:50 32768 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-23 13:29:49 29440 --a------ C:\WINDOWS\msapasrc.dll
2008-03-23 13:29:49 27392 --a------ C:\WINDOWS\msa64chk.dll
2008-03-23 13:29:48 9728 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-23 13:29:48 9472 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-23 13:29:48 20224 --a------ C:\WINDOWS\shdocpl.dll
2008-03-23 13:29:47 22784 --a------ C:\WINDOWS\shdocpe.dll
2008-03-23 13:29:47 28160 --a------ C:\WINDOWS\ntnut.exe
2008-03-23 13:29:46 25344 --a------ C:\WINDOWS\winsb.dll
2008-03-23 13:29:46 25344 --a------ C:\WINDOWS\browserad.dll
2008-03-23 13:29:46 17408 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-23 13:29:46 0 d-------- C:\Program Files\Sysmnt
2008-03-23 13:29:45 16384 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-23 13:29:45 12288 --a------ C:\WINDOWS\avifile32.dll
2008-03-23 13:29:45 11520 --a------ C:\WINDOWS\autodisc32.dll
2008-03-23 13:29:45 29952 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-23 13:29:45 16384 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-23 13:29:45 32512 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-23 13:29:44 19968 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-23 13:29:44 17920 --a------ C:\WINDOWS\athprxy32.dll
2008-03-23 13:29:44 15872 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-23 13:29:44 14336 --a------ C:\WINDOWS\asferror32.dll
2008-03-23 13:29:44 8960 --a------ C:\WINDOWS\apphelp32.dll
2008-03-23 03:08:30 38912 --a------ C:\WINDOWS\vinsbkpy.exe
2008-03-23 03:08:29 0 d-------- C:\WINDOWS\javctudo
2008-03-23 03:08:26 67072 --a------ C:\WINDOWS\bovijmxa.dll
2008-03-23 03:08:26 67072 --a------ C:\Documents and Settings\All Users\Application Data\dilalufa.dll
2008-03-17 19:21:24 0 d-------- C:\Program Files\Photo Viewer
-- Find3M Report ---------------------------------------------------------------
2008-04-03 10:40:06 0 d-------- C:\Program Files\Java
2008-04-03 10:38:49 0 d-------- C:\Program Files\Common Files
2008-04-03 10:32:25 0 d-------- C:\Program Files\LimeWire
2008-03-31 11:19:29 0 d-------- C:\Program Files\USBToolbox
2008-03-29 11:45:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-29 11:45:01 0 d-------- C:\Program Files\Symantec
2008-03-28 16:47:45 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-22 07:46:58 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-03-17 16:39:34 9744 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-03-05 18:37:04 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/21/2004 12:51 AM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 08:53 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 08:42 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/04/2004 09:38 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 10:43 PM]
"VTTimer"="VTTimer.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 10:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 06:57 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 11:54 PM]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [06/26/2003 04:02 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/21/2004 08:58 PM]
"SoundMan"="SOUNDMAN.EXE" [04/06/2005 06:57 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [04/06/2005 06:53 PM C:\WINDOWS\ALCWZRD.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [06/21/2004 05:40 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/20/2006 08:56 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [04/17/2004 03:41 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [05/19/2005 04:59 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 08:18 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 7:31:38 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [10/21/2004 9:25:38 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcdnifo]
C:\WINDOWS\Registration\mcdnifo.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22792b33-c53f-11dc-beb1-0011d867c4cb}]
AutoRun\command- K:\LaunchU3.exe -a
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8073 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-03 11:22:16 ------------
-------------------------------------------------------------------------------------------------------------DSS EXTRA Log: (see next post for full extra log)
Edited by LoneTiger, 03 April 2008 - 02:42 PM.