Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSW onlinegames trojan, my AVG Antivirus finds it but

Started by jimbo123 , Apr 09 2008 12:35 PM

  • Please log in to reply

#1
jimbo123
Posted 09 April 2008 - 12:35 PM

jimbo123

    Member

  • Member
  • PipPip
  • 23 posts
Hello geekstogo
My AVG antivirus picks up a trojan horse right here..
C:\hp\drivers\hpiz423\setup\copy\copy.cab
It is called trojan horse PSW.OnlineGames.AJVH
it can't remove it it says infected, embedded object. There are 2 of them at that spot.
I have ran 2 online scans one of them at Panda and the other kaspersky and they both found nothing so i upload the file to virus scans website(i think that is the name of it, i found it on this site) and AVG and norton are the only ones who found anything.So could someone please help me?I was looking on the internet and i am worryed that this trojan is going to steal my passwords :) .


Scan saved at 2:28:51 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www.pandasecurity.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




And here is that online scan report.
AhnLab-V3 2008.4.9.0 2008.04.08 -
AntiVir 7.6.0.81 2008.04.08 -
Authentium 4.93.8 2008.04.09 -
Avast 4.8.1169.0 2008.04.08 -
AVG 7.5.0.516 2008.04.08 PSW.OnlineGames.AJVH
BitDefender 7.2 2008.04.09 -
CAT-QuickHeal 9.50 2008.04.08 -
ClamAV 0.92.1 2008.04.09 -
DrWeb 4.44.0.09170 2008.04.08 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5683 2008.04.08 -
Ewido 4.0 2008.04.08 -
F-Prot 4.4.2.54 2008.04.08 -
F-Secure 6.70.13260.0 2008.04.09 -
FileAdvisor 1 2008.04.09 -
Fortinet 3.14.0.0 2008.04.09 -
Ikarus T3.1.1.26 2008.04.08 -
Kaspersky 7.0.0.125 2008.04.09 -
McAfee 5269 2008.04.08 -
Microsoft 1.3408 2008.04.06 -
NOD32v2 3011 2008.04.08 -
Norman 5.80.02 2008.04.08 W32/OnLineGames.AUFD
Panda 9.0.0.4 2008.04.08 -
Prevx1 V2 2008.04.09 -
Rising 20.39.12.00 2008.04.08 -
Sophos 4.28.0 2008.04.09 -
Sunbelt 3.0.1032.0 2008.04.08 -
Symantec 10 2008.04.09 -
TheHacker 6.2.92.269 2008.04.09 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.08 -
Webwasher-Gateway 6.6.2 2008.04.08 -




File size: 8963510 bytes
MD5...: d88687e78c7ecf5d8627720285129e89
SHA1..: 0a0d10155d68b5cea641b23ce4b1b4ead665bc9e
SHA256: b8e3976f4e69740baa874a2a809c0084a3cb674ce65667c1504bb1aa6c9edd47
SHA512: 7fd15f2f45e522ef6f9de5234a7e7769e451b6f0e95dba4fd7f079adfb0255e8
6fb87b2e900f71c93d291349786a999601e91bcd9d267ba42070e93d3afda21d
PEiD..: -
PEInfo: -
packers: Unicode


Here is the kaspersky log.
˙ž- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

K A S P E R S K Y O N L I N E S C A N N E R R E P O R T

W e d n e s d a y , A p r i l 0 9 , 2 0 0 8 2 : 2 1 : 0 7 A M

O p e r a t i n g S y s t e m : M i c r o s o f t W i n d o w s X P H o m e E d i t i o n , S e r v i c e P a c k 2 ( B u i l d 2 6 0 0 )

K a s p e r s k y O n l i n e S c a n n e r v e r s i o n : 5 . 0 . 9 8 . 0

K a s p e r s k y A n t i - V i r u s d a t a b a s e l a s t u p d a t e : 9 / 0 4 / 2 0 0 8

K a s p e r s k y A n t i - V i r u s d a t a b a s e r e c o r d s : 6 9 1 6 1 2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



S c a n S e t t i n g s :

S c a n u s i n g t h e f o l l o w i n g a n t i v i r u s d a t a b a s e : e x t e n d e d

S c a n A r c h i v e s : t r u e

S c a n M a i l B a s e s : t r u e



S c a n T a r g e t - M y C o m p u t e r :

C : \

D : \

E : \

F : \

G : \

H : \

I : \



S c a n S t a t i s t i c s :

T o t a l n u m b e r o f s c a n n e d o b j e c t s : 1 1 4 6 7 7

N u m b e r o f v i r u s e s f o u n d : 0

N u m b e r o f i n f e c t e d o b j e c t s : 0

N u m b e r o f s u s p i c i o u s o b j e c t s : 0

D u r a t i o n o f t h e s c a n p r o c e s s : 0 1 : 2 5 : 3 7



I n f e c t e d O b j e c t N a m e / V i r u s N a m e / L a s t A c t i o n

C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ a v g 7 \ L o g \ e m c . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ G r i s o f t \ A v g 7 D a t a \ a v g 7 l o g . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ G r i s o f t \ A v g 7 D a t a \ a v g 7 l o g . l o g . l c k O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ D r W a t s o n \ u s e r . d m p O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s D e f e n d e r \ S u p p o r t \ M P L o g - 0 1 2 4 2 0 0 7 - 2 3 5 5 4 0 . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ C o o k i e s \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s D e f e n d e r \ F i l e T r a c k e r \ { 3 4 7 6 3 0 C D - 3 6 2 C - 4 5 9 A - A 1 4 B - 7 7 E F E C B 6 1 4 E 2 } O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ L o c a l S e t t i n g s \ H i s t o r y \ H i s t o r y . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ L o c a l S e t t i n g s \ T e m p \ ~ D F 5 D 5 C . t m p O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ N T U S E R . D A T O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ O w n e r \ n t u s e r . d a t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ C o o k i e s \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ L o c a l S e t t i n g s \ H i s t o r y \ H i s t o r y . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ N T U S E R . D A T O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ n t u s e r . d a t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ N e t w o r k S e r v i c e \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ N e t w o r k S e r v i c e \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ N e t w o r k S e r v i c e \ N T U S E R . D A T O b j e c t i s l o c k e d s k i p p e d

C : \ D o c u m e n t s a n d S e t t i n g s \ N e t w o r k S e r v i c e \ n t u s e r . d a t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ P r o g r a m F i l e s \ H P \ h p c o r e t e c h \ h p c m e r r . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ M o u n t P o i n t M a n a g e r R e m o t e D a t a b a s e O b j e c t i s l o c k e d s k i p p e d

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { D D E 3 E B 9 5 - 4 B 2 4 - 4 4 D 8 - A D 3 8 - 1 F 9 7 4 B 9 6 C 2 F 0 } \ R P 1 0 7 \ c h a n g e . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ D e b u g \ P A S S W D . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ I n t e r n e t L o g s \ f w d b g l o g . t x t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ I n t e r n e t L o g s \ f w p k t l o g . t x t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ I n t e r n e t L o g s \ I A M D B . R D B O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ I n t e r n e t L o g s \ J I M M Y . l d b O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ I n t e r n e t L o g s \ t v D e b u g . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ S c h e d L g U . T x t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ R e p o r t i n g E v e n t s . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ C a t R o o t 2 \ e d b . l o g O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ C a t R o o t 2 \ t m p . e d b O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ A p p E v e n t . E v t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ d e f a u l t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ d e f a u l t . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ I n t e r n e t . e v t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S A M O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S A M . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S e c E v e n t . E v t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S E C U R I T Y O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S E C U R I T Y . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s o f t w a r e O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s o f t w a r e . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S y s E v e n t . E v t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s y s t e m O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s y s t e m . L O G O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ h 3 2 3 l o g . t x t O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ I N D E X . B T R O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ I N D E X . M A P O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ M A P P I N G . V E R O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ M A P P I N G 1 . M A P O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ M A P P I N G 2 . M A P O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ O B J E C T S . D A T A O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ O B J E C T S . M A P O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ T e m p \ Z L T 0 6 a 9 b . T M P O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ T e m p \ Z L T 0 6 a 9 e . T M P O b j e c t i s l o c k e d s k i p p e d

C : \ W I N D O W S \ W i n d o w s U p d a t e . l o g O b j e c t i s l o c k e d s k i p p e d



S c a n p r o c e s s c o m p l e t e d .

And here is a malwarebytes log.
Malwarebytes' Anti-Malware 1.11
Database version: 604

Scan type: Quick Scan
Objects scanned: 32831
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Owner\Local Settings\Temp\GLK8.tmp (Rogue.EvidenceEliminator) -> No action taken.

This file was deleted i did not save the right file to show that but it did say it was deleted fine.

PS. i am using HJT v1.99.1 and it said to update to the new one i am not sure if i need to remove this one or not?So i remove the part where it said v1.99.1 so i could post this log and ask how to update it?
Hope i did not do anything wrong :)

Edited by jimbo123, 09 April 2008 - 02:30 PM.

  • 0

Advertisements

#2
jimbo123
Posted 09 April 2008 - 08:46 PM

jimbo123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello,I just ran a scan with a tool called DSS and i am posting what it gave me here.

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-04-09 22:27:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
41: 2008-04-10 02:27:39 UTC - RP109 - Deckard's System Scanner Restore Point
40: 2008-04-09 19:01:16 UTC - RP108 - System Checkpoint
39: 2008-04-08 17:45:59 UTC - RP107 - Software Distribution Service 3.0
38: 2008-04-06 16:35:52 UTC - RP106 - Software Distribution Service 3.0
37: 2008-04-04 16:13:40 UTC - RP105 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-11 19:22:36 UTC - RP69 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------


Scan saved at 10:29:25 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\DOCUME~1\HP_Owner\Desktop\HIJACK~1\HP_Owner.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www.pandasecurity.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_2A08103C&REV_04\3&11583659&0&10
Manufacturer: Intel Corporation
Name: Intel® 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_2A08103C&REV_04\3&11583659&0&10
Service: ialm

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_2A08103C&REV_04\3&11583659&0&11
Manufacturer: Intel Corporation
Name: Intel® 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_2A08103C&REV_04\3&11583659&0&11
Service: ialm


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 22:14:36 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-03 22:54:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 13:37:43 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-09 13:37:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 13:37:37 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 00:31:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 00:31:48 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 22:10:43 0 d-------- C:\Program Files\Panda Security
2008-03-17 17:02:44 0 d-------- C:\Program Files\Ubi Soft


-- Find3M Report ---------------------------------------------------------------

2008-04-09 22:11:49 3645 --a------ C:\WINDOWS\viassary-hp.reg
2008-04-09 15:34:27 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-03-25 19:05:19 0 d-------- C:\Program Files\Windows Defender
2008-03-25 18:59:17 0 d-------- C:\Program Files\iTunes
2008-02-15 16:13:38 0 d-------- C:\Program Files\PokerStars
2008-01-29 14:13:13 4 --a------ C:\WINDOWS\system32\955B4A


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/28/2004 08:40 PM C:\WINDOWS\SOUNDMAN.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 04:43 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 12:57 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 05:54 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 04:02 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 12:04 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 02:53 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 02:42 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 06:51 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/18/2004 03:10 AM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AlcWzrd"="ALCWZRD.EXE" [07/28/2004 09:34 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/20/2004 01:22 PM C:\WINDOWS\ALCMTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 01:06 PM C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/09/2006 03:29 PM]
"nwiz"="nwiz.exe" [03/09/2006 03:29 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/09/2006 03:29 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/20/2007 02:24 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/24/2006 12:38 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 11:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [04/17/2004 11:41 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [05/30/2007 08:42 PM]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [01/03/2005 07:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [1/3/2005 7:43:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [1/8/2007 6:24:02 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 9:31:38 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [1/3/2005 7:43:58 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-09 22:29:59 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1015.3 MiB / 583.32 MiB
Pagefile Memory (total/avail): 1674.61 MiB / 1350.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.6 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 113.47 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 1.96 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1614C - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Pogo Games\\Hammerhead Pool To Go\\Hammerhead.exe"="C:\\Program Files\\Pogo Games\\Hammerhead Pool To Go\\Hammerhead.exe:*:Enabled:Hammerhead Pool"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JIMMY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\JIMMY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=JIMMY
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Best Buy Digital Music Store --> C:\PROGRA~1\BESTBU~2\Unwise32.exe /A C:\PROGRA~1\BESTBU~2\install.log
Best Buy Rhapsody --> C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Best of Poker --> C:\PROGRA~1\ONHAND~1\BESTOF~1\UNWISE.EXE C:\PROGRA~1\ONHAND~1\BESTOF~1\INSTALL.LOG
Celestia 1.4.1 --> "C:\Program Files\Celestia\unins000.exe"
Chessmaster 9000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ubi Soft\Chessmaster 9000\CM9kUninst.isu"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Great Escapes Solitaire Collection --> C:\PROGRA~1\POGOGA~1\GREATE~1\UNWISE.EXE C:\PROGRA~1\POGOGA~1\GREATE~1\INSTALL.LOG
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Documents and Settings\HP_Owner\Desktop\hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3740 --> msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2.3 --> C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ423 --> MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lemonade Tycoon 2 --> C:\PROGRA~1\POGOGA~1\LEMONA~1\UNWISE.EXE C:\PROGRA~1\POGOGA~1\LEMONA~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mavis Beacon Teaches Typing --> C:\Program Files\Mindscape\Mavis Beacon 5\UNINST.EXE UNINST.INF
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 3.5 magicMoments - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rome - Total War™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Rome Total War - patch 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9
Sansa Media Converter --> "C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic & Knuckles Collection Documentation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Expert Software\Sonic & Knuckles Collection Documentation\Uninst.isu"
Sonic & Knuckles Killer ! --> C:\WINDOWS\SKUNINST.EXE C:\WINDOWS\Sonic3K.INI
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TestPokerStars.com --> C:\Program Files\PokerStars.TEST\Uninstall.EXE /u:"TestPokerStars.com"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type30940 / Warning
Event Submitted/Written: 04/09/2008 06:35:38 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type30934 / Warning
Event Submitted/Written: 04/09/2008 02:36:25 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type30928 / Warning
Event Submitted/Written: 04/08/2008 06:08:51 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type30922 / Warning
Event Submitted/Written: 04/08/2008 01:54:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type30916 / Warning
Event Submitted/Written: 04/08/2008 01:49:22 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type74343 / Warning
Event Submitted/Written: 04/09/2008 10:29:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JIMMY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JIMMY27 can't undo changes that you allow.

For more information please see the following:
%JIMMY275

Scan ID: {7B081025-A904-40C2-81B0-A674464D363F}

User: JIMMY\HP_Owner

Name: %JIMMY271

ID: %JIMMY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JIMMY276

Alert Type: %JIMMY278

Detection Type: 1.1.1593.02

Event Record #/Type74342 / Warning
Event Submitted/Written: 04/09/2008 10:29:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JIMMY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JIMMY27 can't undo changes that you allow.

For more information please see the following:
%JIMMY275

Scan ID: {43073C57-02E3-47C7-ADDA-086B07F18B41}

User: JIMMY\HP_Owner

Name: %JIMMY271

ID: %JIMMY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JIMMY276

Alert Type: %JIMMY278

Detection Type: 1.1.1593.02

Event Record #/Type74341 / Warning
Event Submitted/Written: 04/09/2008 10:29:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JIMMY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JIMMY27 can't undo changes that you allow.

For more information please see the following:
%JIMMY275

Scan ID: {E4B2520C-93D6-437B-9A32-C4F2658C6525}

User: JIMMY\HP_Owner

Name: %JIMMY271

ID: %JIMMY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JIMMY276

Alert Type: %JIMMY278

Detection Type: 1.1.1593.02

Event Record #/Type74340 / Warning
Event Submitted/Written: 04/09/2008 10:29:33 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JIMMY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JIMMY27 can't undo changes that you allow.

For more information please see the following:
%JIMMY275

Scan ID: {20A971DD-5051-4F25-9A50-D2D105BEAD84}

User: JIMMY\HP_Owner

Name: %JIMMY271

ID: %JIMMY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JIMMY276

Alert Type: %JIMMY278

Detection Type: 1.1.1593.02

Event Record #/Type74339 / Warning
Event Submitted/Written: 04/09/2008 10:29:33 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JIMMY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JIMMY27 can't undo changes that you allow.

For more information please see the following:
%JIMMY275

Scan ID: {193DEA36-E51D-4F5A-BEEC-D1280F9CBDDE}

User: JIMMY\HP_Owner

Name: %JIMMY271

ID: %JIMMY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JIMMY276

Alert Type: %JIMMY278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-09 22:29:59 ------------

Once again after someone tells me if i need to remove my old hijackthis i will update to the new 1 and will post that one.

Thank you anyone for the help :)
  • 0

#3
jimbo123
Posted 11 April 2008 - 11:45 AM

jimbo123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello again,
I just wanted to give a update. My AVG antivirus is no longer finding that trojan here(C:\hp\drivers\hpiz423\setup\copy\copy.cab). But could someone please take a look to make sure it is gone.

Thank you very much :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP