Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vondu a.k.a virtumondu [CLOSED]

Started by MIXMASTERMIKE , Jun 02 2008 12:09 AM

  • This topic is locked This topic is locked

#1
MIXMASTERMIKE
Posted 02 June 2008 - 12:09 AM

MIXMASTERMIKE

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

never posted before so will try keep it informative as possible,
i was sent two executable files, both of which i opened and upon opening dissappeared.
i have AVG installed and this cathes a virus called 'vondu' opening. it occurs every hour on the hour. i presume since its getting it upon opening that it isnt doing any damage but would still like to be rid of it as computer is only week old :)
after downloading spybot search and destroy, i updated and ran the search two problems were found. virtumondu and a windowsupdateoverrider... spybot was able to fix both problems... however avg was still catching 'vondu' opening every hour. after running spybot again the update overrider is not found but virtumonde is still found. after clicking 'fix' i get the green tick. however if i run the search again the same file is still found and it will still appear in AVG as opeing under a new 'random' name every hour in c:\windows\system32.****.dll
i have tried spybot in safe mode... still finds it and says it fixes it, but again it will be there if search again..., i have alkso tried to run vondufix, it finds nothing at all......

ummm not sure what other information i may need to provide.
but here are some of the infections AVG finds:
vondu virus:
c:\windows\system32\qoMccBut.dll
c:\windows\system32\iifeccYp.dll
c:\windows\system32\opnmJCSk.dll
c:\windows\system32\iifdcASI
etc etc.

Spybot finds
Virtumonde: [SBI $1F8EC695] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR



also dunno if helps but looking at spybot search of the 15000 files it searches a good couple a thousand appear as vondu.dll !?!?!?!

any help or pointing me in the right direction would be GREATLY appreciated..

thanks in advance

OK SORRY ABOUT NOT READING STICKY THREADS AND GETTING A BIT AHEAD OF MYSELF. I HAVE JUST GONE THROUGH AND COMPLETED ALL TASKS ASKED. I WILL POST THE LOGS BELOW.... THANKS


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-06-03 09:34:09
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\HP\Local Settings\Temp\nsi47.tmp
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location b
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description b
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================



Malwarebytes' Anti-Malware 1.14
Database version: 814

10:55:37 PM 6/2/2008
mbam-log-6-2-2008 (22-55-37).txt

Scan type: Quick Scan
Objects scanned: 39239
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\winjgf32.dll (Dialer) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winjgf32.dll (Dialer) -> Delete on reboot.






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/03/2008 at 00:17 AM

Application Version : 4.1.1046

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type : Complete Scan
Total Scan Time : 00:57:02

Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 6304
Registry threats detected : 0
File items scanned : 93463
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\HP\Cookies\[email protected][1].txt

Adware.180solutions/Seekmo/Zango
C:\DOCUMENTS AND SETTINGS\HP\TEMPORARY INTERNET FILES\CONTENT.IE5\F6CDISU0\HOTBAR[1].EXE





[06/02/2008, 16:32:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\45CBAHS3\VirtumundoBeGone[1].exe" )
[06/02/2008, 16:32:12] - Detected System Information:
[06/02/2008, 16:32:12] - Windows Version: 5.1.2600, Service Pack 3
[06/02/2008, 16:32:12] - Current Username: HP (Admin)
[06/02/2008, 16:32:12] - Windows is in NORMAL mode.
[06/02/2008, 16:32:12] - Searching for Browser Helper Objects:
[06/02/2008, 16:32:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/02/2008, 16:32:12] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[06/02/2008, 16:32:12] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/02/2008, 16:32:12] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/02/2008, 16:32:12] - BHO 5: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} ()
[06/02/2008, 16:32:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 16:32:12] - Checking for HKLM\...\Winlogon\Notify\cbXQjjJD
[06/02/2008, 16:32:12] - Found: HKLM\...\Winlogon\Notify\cbXQjjJD - This is probably Virtumundo.
[06/02/2008, 16:32:12] - Assigning {487C9905-26A8-42C8-8033-C58AD3D2AEC3} MSEvents Object
[06/02/2008, 16:32:12] - BHO list has been changed! Starting over...
[06/02/2008, 16:32:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/02/2008, 16:32:12] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[06/02/2008, 16:32:12] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/02/2008, 16:32:12] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/02/2008, 16:32:12] - BHO 5: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} (MSEvents Object)
[06/02/2008, 16:32:12] - ALERT: Found MSEvents Object!
[06/02/2008, 16:32:12] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 16:32:12] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/02/2008, 16:32:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 16:32:12] - No filename found. Continuing.
[06/02/2008, 16:32:12] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/02/2008, 16:32:12] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 16:32:12] - Finished Searching Browser Helper Objects
[06/02/2008, 16:32:12] - *** Detected MSEvents Object
[06/02/2008, 16:32:12] - Trying to remove MSEvents Object...
[06/02/2008, 16:32:13] - Terminating Process: IEXPLORE.EXE
[06/02/2008, 16:32:14] - Terminating Process: RUNDLL32.EXE
[06/02/2008, 16:32:14] - Disabling Automatic Shell Restart
[06/02/2008, 16:32:14] - Terminating Process: EXPLORER.EXE
[06/02/2008, 16:32:14] - Suspending the NT Session Manager System Service
[06/02/2008, 16:32:14] - Terminating Windows NT Logon/Logoff Manager
[06/02/2008, 16:32:15] - Re-enabling Automatic Shell Restart
[06/02/2008, 16:32:15] - File to disable: C:\WINDOWS\system32\cbXQjjJD.dll
[06/02/2008, 16:32:15] - Renaming C:\WINDOWS\system32\cbXQjjJD.dll -> C:\WINDOWS\system32\cbXQjjJD.dll.vir
[06/02/2008, 16:32:15] - File successfully renamed!
[06/02/2008, 16:32:15] - Removing HKLM\...\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/02/2008, 16:32:15] - Removing HKCR\CLSID\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/02/2008, 16:32:15] - Adding Kill Bit for ActiveX for GUID: {487C9905-26A8-42C8-8033-C58AD3D2AEC3}
[06/02/2008, 16:32:15] - Deleting ATLEvents/MSEvents Registry entries
[06/02/2008, 16:32:15] - Removing HKLM\...\Winlogon\Notify\cbXQjjJD
[06/02/2008, 16:32:15] - Searching for Browser Helper Objects:
[06/02/2008, 16:32:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/02/2008, 16:32:15] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[06/02/2008, 16:32:15] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[06/02/2008, 16:32:15] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/02/2008, 16:32:15] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 16:32:15] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/02/2008, 16:32:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 16:32:15] - No filename found. Continuing.
[06/02/2008, 16:32:15] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/02/2008, 16:32:15] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 16:32:15] - Finished Searching Browser Helper Objects
[06/02/2008, 16:32:15] - Finishing up...
[06/02/2008, 16:32:15] - A restart is needed.
[06/02/2008, 16:32:24] - Attempting to Restart via STOP error (Blue Screen!)




--- Search result list ---
Virtumonde: [SBI $1F8EC695] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Right Media: Tracking cookie (Internet Explorer: HP) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-01 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-28 Includes\AdwareC.sbi (*)
2008-05-28 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-28 Includes\DialerC.sbi (*)
2008-05-28 Includes\HeavyDuty.sbi (*)
2008-05-28 Includes\Hijackers.sbi (*)
2008-05-28 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-28 Includes\Malware.sbi (*)
2008-05-28 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-28 Includes\PUPSC.sbi (*)
2008-05-28 Includes\Revision.sbi (*)
2008-01-10 Includes\Security.sbi (*)
2008-05-28 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-28 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-28 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-28 Includes\Trojans.sbi (*)
2008-05-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1177368
MD5: 2AC3626BE28448526942A863C6F1B45C

Located: HK_LM:Run, Cpqset
command: C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
file: C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
size: 40960
MD5: 99F6A49A51D6045152F935EEF0BE235F

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1

Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: CHDAudPropShortcut.exe
file: C:\WINDOWS\system32\CHDAudPropShortcut.exe
size: 61952
MD5: 8EAC49BF89C0FE814EC4E7F404211839

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, hpWirelessAssistant
command: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
file: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 458752
MD5: 1E4037F987986B200EB8421A1CEEEE68

Located: HK_LM:Run, ISUSPM Startup
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 249856
MD5: 1C46FC1AB600766B8554580204806E84

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC

Located: HK_LM:Run, NSLauncher
command: C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
file: C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
size: 3100672
MD5: D83EB2B71ECE7D606225F8EA1F3A68A2

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet /nodetect
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: AE3E8372269282C94F12CCE4E2ABA8DA

Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 163840
MD5: 0B55D3A8CDAB67F647EE0CBAD87CCB6D

Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 102400
MD5: CD7A1D584FC809B82D6A391BBDB42A44

Located: HK_LM:Run, RecGuard
command: C:\Windows\SMINST\RecGuard.exe
file: C:\Windows\SMINST\RecGuard.exe
size: 1187840
MD5: C764F15F0AE8A02DF1523CB24F355B22

Located: HK_LM:Run, sclauncher
command: C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
file: C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
size: 94208
MD5: 59E69E968D7ADFCBBCDCB3B1AF36EEFB

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761946
MD5: 69775ADC944C2F37D3FB3B04E8A7EB7B

Located: HK_CU:Run, MSMSGS
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, ctfmon.exe
where: PE_C_GUEST...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MSMSGS
where: PE_C_GUEST...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, swg
where: PE_C_GUEST...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1068889986-1223655787-1347587012-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-1068889986-1223655787-1347587012-1005...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, swg
where: S-1-5-21-1068889986-1223655787-1347587012-1005...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A

Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362B96870CE8649F4F2EC893DA93F0

Located: Startup (common), HP Photosmart Premier Fast Start.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 73728
MD5: B2DDFF1F7FF31E8103DC221772353417

Located: Startup (user), Vongo Tray.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp...
command: C:\Program Files\Vongo\Tray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), Vongo Tray.lnk
where: C:\Documents and Settings\Default User\Start Menu\Programs\Startup...
command: C:\Program Files\Vongo\Tray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), Vongo Tray.lnk
where: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp...
command: C:\Program Files\Vongo\Tray.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cbXQjjJD
command: cbXQjjJD.dll
file: cbXQjjJD.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, winjgf32
command: winjgf32.dll
file: winjgf32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 5/1/2008 8:17:34 AM
Date (last access): 6/2/2008 4:04:22 PM
Date (last write): 5/1/2008 8:17:34 AM
Filesize: 1372160
Attributes: archive
MD5: 8669649F76D1C0141B6B7F40ABF4B057
CRC32: ED1AD92D
Version: 2.2.0.176

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet ClickCapture)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: BitComet ClickCapture
CLSID name: BitComet Helper
Path: C:\Program Files\BitComet\tools\
Long name: BitCometBHO_1.2.2.28.dll
Short name: BITCOM~2.DLL
Date (created): 2/29/2008 6:49:22 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/29/2008 6:49:22 PM
Filesize: 468280
Attributes: archive
MD5: 6E438603FD14543F7DD09B876945892A
CRC32: 72B5568D
Version: 1.2.2.28

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 5/26/2008 5:16:28 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 5/26/2008 5:16:28 PM
Filesize: 419096
Attributes: archive
MD5: DA81132E88295813BDD4F8F681560160
CRC32: 73B399CD
Version: 8.0.0.90

{487C9905-26A8-42C8-8033-C58AD3D2AEC3} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: cbXQjjJD.dll
Short name:
Date (created): 6/1/2008 5:35:58 PM
Date (last access): 6/2/2008 3:17:36 PM
Date (last write): 6/1/2008 5:35:58 PM
Filesize: 57344
Attributes: archive
MD5: 4B836AC4F8D9557EB733C3EA7E804C55
CRC32: 187B381C

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2007 1:30:18 AM
Date (last access): 6/2/2008 4:02:26 PM
Date (last write): 9/21/2007 1:30:18 AM
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 5/28/2008 5:14:56 AM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 5/28/2008 5:14:56 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978



--- ActiveX list ---
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.onec...lscbase9563.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 4/29/2008 8:49:06 AM
Date (last access): 6/2/2008 3:46:18 PM
Date (last write): 4/29/2008 8:49:06 AM
Filesize: 456768
Attributes: archive
MD5: 20FF2CD676A4BF3F94F2247442BE7B74
CRC32: 84188B06
Version: 1.7.9563.1

{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2....re/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 10/18/2007 10:04:16 AM
Date (last access): 6/2/2008 3:46:18 PM
Date (last write): 10/18/2007 10:04:16 AM
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 5:33:32 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/22/2008 7:25:20 PM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/11/2005 9:22:10 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 11/11/2005 9:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 5:33:32 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/22/2008 7:25:20 PM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 5:33:32 PM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 2/22/2008 7:25:20 PM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: https://fpdownload.m...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10.ocx
Short name:
Date (created): 5/10/2008 11:36:44 AM
Date (last access): 6/2/2008 4:04:24 PM
Date (last write): 5/10/2008 11:36:44 AM
Filesize: 3854848
Attributes: archive
MD5: 7C2E8E6F8EA5F2957A4A4A0A05EF6AE9
CRC32: 6524B3E0
Version: 10.0.1.218



--- Process list ---
PID: 0 ( 0) [System]
PID: 832 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 892 ( 832) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 920 ( 832) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 992 ( 920) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 1004 ( 920) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1172 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1220 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1264 ( 992) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1304 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1384 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1448 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1736 ( 992) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 336 ( 300) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 604 ( 336) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
PID: 612 ( 336) C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 458752
MD5: 1E4037F987986B200EB8421A1CEEEE68
PID: 624 ( 336) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 652 ( 336) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 684 ( 336) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761946
MD5: 69775ADC944C2F37D3FB3B04E8A7EB7B
PID: 696 ( 336) C:\Program Files\HP\QuickPlay\QPService.exe
size: 102400
MD5: CD7A1D584FC809B82D6A391BBDB42A44
PID: 716 ( 336) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC
PID: 724 ( 336) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 163840
MD5: 0B55D3A8CDAB67F647EE0CBAD87CCB6D
PID: 844 ( 336) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 868 ( 336) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1177368
MD5: 2AC3626BE28448526942A863C6F1B45C
PID: 896 ( 336) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
PID: 1284 ( 336) C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
size: 94208
MD5: 59E69E968D7ADFCBBCDCB3B1AF36EEFB
PID: 1400 ( 336) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID: 1488 ( 992) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 282904
MD5: 4AE6C392F9146805EA03FDAFC338CA30
PID: 1516 ( 336) C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
PID: 1532 ( 992) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 1636 ( 992) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 1768 ( 336) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2012 ( 992) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 348 ( 992) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 49152
MD5: 86E8BCAA91FC2ACFACD99CF2BF9F1F47
PID: 1836 ( 992) C:\WINDOWS\system32\nvsvc32.exe
size: 143426
MD5: F35D41D6CBDA7A4503DCA9F375DC427A
PID: 2108 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2180 ( 992) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2476 ( 992) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2832 ( 992) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
size: 135168
MD5: 04C1DCBB226C6AE647B794833CE3CEB6
PID: 3168 ( 992) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 3204 ( 776) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
size: 475136
MD5: 6C56CF33C2C6236A1162FDFC0BECD042
PID: 356 (1488) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 311576
MD5: 622C0B028C6ABD0AFE4BD4AD70BC632E
PID: 3604 ( 992) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 902424
MD5: 06DCDA534F189867D84B22D9AFF51F52
PID: 4092 (1172) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 536 ( 992) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 4072 ( 336) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 2D0E5592AB5A46C27DAF7CCAFF4F5B59
PID: 1856 ( 992) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2764 (1172) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 4000 (1172) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 118336
MD5: 7FA0AA2F3DABA5BEB2C4AC1EEC054EFA
PID: 3004 ( 992) C:\Program Files\Windows Live\Messenger\usnsvc.exe
size: 98328
MD5: 9D19B042A4FD5C02195071EA2FE0C821
PID: 3352 ( 336) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12037688
MD5: 1EEA7DD2F1EA6EFEF380B99A90228D2F
PID: 1248 (4072) C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 65536
MD5: 4370CAA3CC5F216A112052257A962E15
PID: 2544 ( 868) C:\Program Files\AVG\AVG8\avgui.exe
size: 2636568
MD5: 60466541229C83F4F8F8B8492201E4E7
PID: 5528 ( 336) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 2952 (2544) C:\Program Files\AVG\AVG8\avgscanx.exe
size: 580888
MD5: F0DF76487D33FAA6458D0103C39EF43E
PID: 4 ( 0) System
PID: 6092 ( 336) C:\Program Files\Skype\Phone\Skype.exe
size: 22058792
MD5: 4BBE956B0711A2F4AA6706FFE871289E
PID: 5816 (6092) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 76744
MD5: 1580C60476D4C68B58E0307E6BC979A7


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/2/2008 4:09:42 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Zuma Deluxe from Hewlett-Packard Laptops (remove only) (074EEF5F-3BE8-4112-B253-C5D6CDE2924C)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"
publisher: WildTangent

Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) (0E5266B4-9069-401A-93AE-5FF9F1712016)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
publisher: WildTangent

SCRABBLE from Hewlett-Packard Laptops (remove only) (103EFD47-9F2C-4490-95DD-AE6C442AFB92)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
publisher: WildTangent

GemMaster Mystic (12133444-BF36-4d4e-B7FB-A3424C645DE4)
uninstall cmd: "C:\Program Files\GemMaster\uninstallgemmaster.exe"

Tradewinds from Hewlett-Packard Laptops (remove only) (1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
publisher: WildTangent

Final Drive Nitro from Hewlett-Packard Laptops (remove only) (320F055A-570F-4335-B026-16A836DB9549)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
publisher: WildTangent

Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) (382C11F0-1A18-4F76-B8E0-15CA7F209C22)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
publisher: WildTangent

Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) (384E0BF4-1E1F-45A6-B60E-42144A3F15CD)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
publisher: WildTangent

Jewel Quest from Hewlett-Packard Laptops (remove only) (4C061F83-EE92-445A-A03F-184B0BD59242)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
publisher: WildTangent

Boggle Supreme from Hewlett-Packard Laptops (remove only) (5658FB14-16A4-4DAE-946B-1457BE31572E)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
publisher: WildTangent

Lexibox Deluxe from Hewlett-Packard Laptops (remove only) (5758A0E8-A112-4A1D-82EC-EC72F7F16B88)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
publisher: WildTangent

5 Card Slingo from Hewlett-Packard Laptops (remove only) (5DE4D54F-AA79-43A4-9C8A-C173E7E2B025)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
publisher: WildTangent

Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) (6E377D95-DF37-4E67-B64B-68C314600BCB)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
publisher: WildTangent

FATE from Hewlett-Packard Laptops (remove only) (6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
publisher: WildTangent

Big Kahuna Reef from Hewlett-Packard Laptops (remove only) (7948472C-423F-4134-B68F-48D660A05D71)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
publisher: WildTangent

Bounce Symphony from Hewlett-Packard Laptops (remove only) (7A940E33-6993-404B-ABA6-ED62E8FBE615)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
publisher: WildTangent

Super Granny from Hewlett-Packard Laptops (remove only) (7ED8A70C-9597-40BE-AEA0-0573182F1F51)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
publisher: WildTangent

Polar Bowler from Hewlett-Packard Laptops (remove only) (7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
publisher: WildTangent

Blasterball 2 from Hewlett-Packard Laptops (remove only) (9F3399B2-9ED6-4339-84A2-686432638B86)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
publisher: WildTangent

(AddressBook)

Adobe Flash Player ActiveX 10.0.1.218 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com...player_support/

(AudioPlugin.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

AVG Free 8.0 (AVG8Uninstall)
uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Slyder from Hewlett-Packard Laptops (remove only) (B0202B33

Attached Files


Edited by MIXMASTERMIKE, 02 June 2008 - 06:21 PM.

  • 0

Advertisements

#2
Rorschach112
Posted 02 June 2008 - 06:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Read the Sticky Threads and post the required logs, do not attach them
  • 0

#3
MIXMASTERMIKE
Posted 03 June 2008 - 01:02 AM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi sorry i didnt make a new thread i just edited the first one with all the logs there. Running spybot now vondu seems not to appear. would just like to make sure all 'rubbish' has been removed.

cheers
  • 0

#4
Rorschach112
Posted 03 June 2008 - 06:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the required logs then
  • 0

#5
MIXMASTERMIKE
Posted 03 June 2008 - 07:00 AM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
they are there... there at the end of the first thread. sorry for the confusion
  • 0

#6
Rorschach112
Posted 03 June 2008 - 07:28 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
They aren't the logs we ask for

I need to see a HijackThis log
  • 0

#7
MIXMASTERMIKE
Posted 03 June 2008 - 05:17 PM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
HI,
VERY SORRY. I THOUGHT I HAD PUT THE HIJACKTHIS LOG IN.... I AM SORRY FOR WASTING ANY OF YOUR TIME.
HERE ARE THE HIJACKTHIS LOGS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:04 AM, on 6/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\B3852CY2\Firefox%20Setup%202.0.0.14[1].exe
C:\DOCUME~1\HP\LOCALS~1\Temp\7zS74.tmp\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10757 bytes
  • 0

#8
Rorschach112
Posted 03 June 2008 - 05:23 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No apology needed

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
MIXMASTERMIKE
Posted 03 June 2008 - 09:01 PM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Run by HP on 2008-06-04 09:33:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
40: 2008-06-03 23:33:41 UTC - RP43 - Deckard's System Scanner Restore Point
39: 2008-06-02 12:55:10 UTC - RP42 - Installed SUPERAntiSpyware Free Edition
38: 2008-06-02 12:47:53 UTC - RP41 - mike dv6000 restore point
37: 2008-06-01 23:51:47 UTC - RP40 - System Checkpoint
36: 2008-05-31 14:10:40 UTC - RP39 - Configured Wireless Home Network Setup


-- First Restore Point --
1: 2008-04-25 17:46:22 UTC - RP4 - Installed Java™ 6 Update 5


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:06 AM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10097 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080604-092744-542 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080604-092744-625 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 16:52:55 0 d-------- C:\Documents and Settings\HP\Application Data\Mp3tag
2008-06-03 16:52:49 0 d-------- C:\Program Files\Mp3tag
2008-06-03 09:55:14 0 d-------- C:\Documents and Settings\HP\Application Data\Talkback
2008-06-03 09:54:55 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-03 09:54:51 0 d-------- C:\Documents and Settings\HP\Application Data\Mozilla
2008-06-03 09:49:50 0 d-------- C:\Program Files\Trend Micro
2008-06-03 00:38:16 0 d-------- C:\Program Files\Panda Security
2008-06-02 22:56:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-02 22:55:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 22:55:11 0 d-------- C:\Documents and Settings\HP\Application Data\SUPERAntiSpyware.com
2008-06-02 22:54:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:51:08 0 d-------- C:\Documents and Settings\HP\Application Data\Malwarebytes
2008-06-02 22:51:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 22:51:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 22:50:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-02 17:45:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 16:51:14 0 -rahs---- C:\MSDOS.SYS
2008-06-02 16:51:14 0 -rahs---- C:\IO.SYS
2008-06-02 11:45:03 0 d-------- C:\WINDOWS\CSC
2008-06-02 11:05:44 0 d-------- C:\Program Files\Enigma Software Group
2008-06-02 10:15:45 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-01 22:21:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-01 20:59:03 0 d-------- C:\VundoFix Backups
2008-06-01 16:16:52 0 d-------- C:\Documents and Settings\HP\Application Data\WinRAR
2008-06-01 00:00:38 0 d-------- C:\Documents and Settings\HP\Application Data\CyberLink
2008-05-30 14:17:02 0 d-------- C:\Documents and Settings\HP\Application Data\NSeries
2008-05-30 14:10:01 0 d-------- C:\Documents and Settings\HP\Application Data\vlc
2008-05-30 10:11:11 408576 --a------ C:\WINDOWS\system32\Smab.dll
2008-05-30 10:11:10 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-05-30 10:11:08 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-05-30 10:11:06 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-05-30 10:11:06 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-05-30 10:11:05 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-30 10:11:05 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-05-30 10:11:00 217073 --a------ C:\WINDOWS\meta4.exe
2008-05-30 10:11:00 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-30 10:07:18 27648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-05-30 10:07:18 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-05-30 10:07:18 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-05-30 10:07:14 0 d-------- C:\Program Files\eRightSoft
2008-05-28 19:26:19 0 d-------- C:\Program Files\VideoLAN
2008-05-28 17:34:25 0 d-------- C:\Program Files\Total Video Converter
2008-05-28 11:10:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-05-28 11:09:42 0 d-------- C:\Documents and Settings\Guest\Application Data\Google
2008-05-28 11:08:24 0 d-------- C:\Documents and Settings\Guest\Application Data\PC Suite
2008-05-28 11:08:18 0 d-------- C:\Documents and Settings\Guest\Application Data\Nokia
2008-05-28 11:08:02 0 d-------- C:\Documents and Settings\Guest\Application Data\Intuit
2008-05-28 11:08:02 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-05-28 11:08:01 0 d--h----- C:\Documents and Settings\Guest\Templates <TEMPLA~1>
2008-05-28 11:08:01 0 dr------- C:\Documents and Settings\Guest\Start Menu <STARTM~1>
2008-05-28 11:08:01 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-05-28 11:08:01 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-05-28 11:08:01 0 d--h----- C:\Documents and Settings\Guest\PrintHood <PRINTH~1>
2008-05-28 11:08:01 2359296 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-05-28 11:08:01 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-05-28 11:08:01 0 dr------- C:\Documents and Settings\Guest\My Documents <MYDOCU~1>
2008-05-28 11:08:01 0 d--h----- C:\Documents and Settings\Guest\Local Settings <LOCALS~1>
2008-05-28 11:08:01 0 dr------- C:\Documents and Settings\Guest\Favorites <FAVORI~1>
2008-05-28 11:08:01 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-05-28 11:08:01 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2008-05-28 11:08:01 0 dr-h----- C:\Documents and Settings\Guest\Application Data <APPLIC~1>
2008-05-28 11:08:01 0 d-------- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-05-28 11:08:01 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-05-28 05:43:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-28 05:13:51 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-05-28 05:13:51 0 d-------- C:\Downloads
2008-05-28 05:12:55 0 d-------- C:\Program Files\BitComet
2008-05-28 04:10:00 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-27 13:42:42 0 d--h----- C:\$AVG8.VAULT$
2008-05-27 13:03:54 0 d-------- C:\Program Files\Common Files\MainConcept
2008-05-27 13:03:14 0 d-------- C:\Documents and Settings\HP\.SimpleCenter <SIMPLE~1>
2008-05-27 12:47:05 0 d-------- C:\Program Files\MSXML 6.0
2008-05-27 12:42:58 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-27 12:41:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-27 12:04:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-27 11:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-27 11:54:54 0 d-------- C:\Documents and Settings\HP\Application Data\Nokia
2008-05-27 11:49:20 0 d-------- C:\Program Files\Common Files\i4j_jres
2008-05-27 11:49:04 0 d-------- C:\Program Files\SimpleCenter
2008-05-27 11:48:21 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-27 11:47:55 0 d-------- C:\Documents and Settings\HP\Application Data\PC Suite
2008-05-27 11:47:51 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-27 11:47:40 0 d-------- C:\Program Files\Nokia
2008-05-27 11:42:28 0 d-------- C:\WINDOWS\Sun
2008-05-27 11:42:28 0 d-------- C:\Documents and Settings\HP\Application Data\Sun
2008-05-26 17:19:09 0 d-------- C:\Documents and Settings\HP\Application Data\Adobe
2008-05-26 17:16:30 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-26 17:16:25 0 d-------- C:\Program Files\AVG
2008-05-26 17:16:25 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-26 16:42:11 0 d-------- C:\Documents and Settings\HP\Contacts
2008-05-26 15:27:42 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 15:27:36 0 d-------- C:\Program Files\Windows Live
2008-05-26 15:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 15:19:04 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-26 15:19:04 0 d-------- C:\Documents and Settings\HP\Application Data\skypePM
2008-05-26 15:17:26 0 d-------- C:\Documents and Settings\HP\Application Data\Skype
2008-05-26 15:17:17 0 d-------- C:\Program Files\Skype
2008-05-26 15:17:16 0 d-------- C:\Program Files\Common Files\Skype
2008-05-26 15:17:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-26 15:15:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-26 15:09:01 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-26 14:52:30 0 d-------- C:\Documents and Settings\HP\Application Data\GTek
2008-05-18 07:55:39 0 d-------- C:\WINDOWS\Prefetch
2008-05-18 07:33:18 0 d-------- C:\WINDOWS\system32\scripting
2008-05-18 07:33:17 0 d-------- C:\WINDOWS\system32\en
2008-05-18 07:33:17 0 d-------- C:\WINDOWS\system32\bits
2008-05-18 07:33:17 0 d-------- C:\WINDOWS\l2schemas
2008-05-18 07:31:52 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 12:04:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-13 11:56:28 0 d-------- C:\Documents and Settings\HP\Application Data\HP


-- Find3M Report ---------------------------------------------------------------

2008-06-03 21:43:20 808042 --a------ C:\Documents and Settings\HP\Application Data\NMM-MetaData.db
2008-06-02 22:54:47 0 d-------- C:\Program Files\Common Files
2008-05-28 07:41:51 0 d-------- C:\Program Files\Google
2008-05-28 05:44:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 11:47:56 0 d-------- C:\Program Files\DIFX
2008-05-26 15:15:36 0 d-------- C:\Program Files\Yahoo!
2008-05-18 07:55:13 0 d-------- C:\Program Files\Messenger
2008-05-18 07:33:17 0 d-------- C:\Program Files\Movie Maker
2008-05-18 07:31:40 0 d-------- C:\Program Files\Windows NT
2008-05-13 06:33:31 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-26 05:25:26 0 d-------- C:\Program Files\MSXML 4.0
2008-04-26 05:10:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 05:10:04 0 d-------- C:\Program Files\HP 1.3MP Webcam
2008-04-26 05:00:47 0 d-------- C:\Documents and Settings\HP\Application Data\Google
2008-04-26 04:53:57 0 d-------- C:\Program Files\HP
2008-04-26 03:48:07 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 09:56 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 10:58 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 07:25 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2006 10:00 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2006 10:00 PM]
"nwiz"="nwiz.exe" [06/29/2006 10:00 PM C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/02/2006 05:02 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/01/2006 10:01 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/12/2006 03:55 PM]
"@"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/12/2005 10:30 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/12/2005 10:30 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/20/2006 05:33 AM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [05/31/2006 10:02 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/12/2005 04:23 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/09/2007 07:24 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/26/2008 05:16 PM]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [09/08/2007 05:44 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 02:46 PM]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [09/08/2007 06:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/19/2007 02:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/28/2008 05:14 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 10:12 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/19/2006 12:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 4:05:26 PM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/25/2005 9:39:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/02/2008 11:08 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/02/2008 11:08 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-04 09:37:43 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.54 MiB / 1479.27 MiB
Pagefile Memory (total/avail): 2612.68 MiB / 2141.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1870.63 MiB

C: is Fixed (NTFS) - 93.07 GiB total, 70.53 GiB free.
D: is Fixed (FAT32) - 17.2 GiB total, 6.94 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 93.07 GiB - C:
\PARTITION1 - Unknown - 17.21 GiB - D:
\PARTITION2 - Unknown - 1545.31 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-0CDC4F5844
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP
LOGONSERVER=\\YOUR-0CDC4F5844
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP\LOCALS~1\Temp
USERDOMAIN=YOUR-0CDC4F5844
USERNAME=HP
USERPROFILE=C:\Documents and Settings\HP
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
BitComet 1.01 --> C:\Program Files\BitComet\uninst.exe
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Media Server 4.2.0.32 --> C:\Program Files\SimpleCenter\uninstall.exe
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0032 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E276E05A-FFE8-485B-A005-42E76EA72AC4}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.41 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Lifeblog 2.5 --> MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia MTP driver --> MsiExec.exe /I{6D3A2A6C-59CD-4A6D-9516-0A34C393ED95}
Nokia NSeries Application Installer --> MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier --> MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player --> MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager --> MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries System Utilities --> MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia Nseries Video Manager --> MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Software Launcher --> MsiExec.exe /I{A8C856AD-63CD-4613-AA29-E6C85607EA06}
Nokia Software Updater --> MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Video Converter 3.12 080330 --> "C:\Program Files\Total Video Converter\unins000.exe"
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type726 / Success
Event Submitted/Written: 06/04/2008 09:15:12 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type722 / Warning
Event Submitted/Written: 06/03/2008 11:16:46 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type680 / Success
Event Submitted/Written: 06/03/2008 00:32:54 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type669 / Success
Event Submitted/Written: 06/02/2008 11:23:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type655 / Success
Event Submitted/Written: 06/02/2008 11:03:38 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2323 / Warning
Event Submitted/Written: 06/03/2008 11:16:40 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

Event Record #/Type2318 / Error
Event Submitted/Written: 06/03/2008 09:31:49 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.11 on the
Network Card with network address 0014A5B18D13.

Event Record #/Type2317 / Warning
Event Submitted/Written: 06/03/2008 09:31:49 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5B18D13. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2316 / Warning
Event Submitted/Written: 06/03/2008 05:46:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2315 / Warning
Event Submitted/Written: 06/03/2008 05:25:52 PM
Event ID/Source: 15200 / WPDMTPDriver
Event Description:
MTP USB Driver has cancelled the operation 0x100d



-- End of Deckard's System Scanner: finished at 2008-06-04 09:37:43 ------------


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 12:57:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 827143
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 123149
Number of viruses found: 3
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 02:06:32

Infected Object Name / Virus Name / Last Action
C:\1c8077f5f3308c574431469efa\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\HP\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\HP\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\cert8.db Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\history.dat Object is locked skipped
C:\Do
  • 0

#10
MIXMASTERMIKE
Posted 03 June 2008 - 09:06 PM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
looks like whole of kapersky not there?!?! here is again.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 04, 2008 12:57:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 827143
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 123149
Number of viruses found: 3
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 02:06:32

Infected Object Name / Virus Name / Last Action
C:\1c8077f5f3308c574431469efa\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\HP\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\HP\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\cert8.db Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\history.dat Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\key3.db Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\parent.lock Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP\History\History.IE5\MSHist012008060420080605\index.dat Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_94D0_5B0B_D05A_F34A\dfsr.db Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_94D0_5B0B_D05A_F34A\fsr.log Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_94D0_5B0B_D05A_F34A\fsrtmp.log Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_94D0_5B0B_D05A_F34A\tmp.edb Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Application Data\Mozilla\Firefox\Profiles\h3zwhrg6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\hsperfdata_HP\1768 Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DF4A57.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DFDA2F.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DFE1E8.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DFE1F3.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DFEBB3.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DFEBBF.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~DFF9F.tmp Object is locked skipped
C:\Documents and Settings\HP\Local Settings\Temp\~WRD0000.doc Object is locked skipped
C:\Documents and Settings\HP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\HP\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\6B706H8V\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\9QK1T1ZG\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\9QK1T1ZG\css4[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\9QK1T1ZG\css4[3] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\9QK1T1ZG\css4[4] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\DHJRLFRA\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\DHJRLFRA\css4[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\GA6ZDCW9\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\MBKD0VOX\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\MBKD0VOX\css4[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\Q310M2W0\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\VNFQ08RU\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\HP\Temporary Internet Files\Content.IE5\VNFQ08RU\css4[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.wti skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 Infected: Backdoor.Win32.RAdmin.ag skipped
C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP40\A0014447.dll Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43\A0014588.dll Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{FC3A4A67-98BA-4CB8-AFC3-FE8CECF7137F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cbXQjjJD.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\cd00227b-662f-467c-be5c-06694ee7ee4e.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43\change.log Object is locked skipped

Scan process completed.

also avg has found to viruses on opening.

trojan horse patched_c.PO
at C:\program files\panda secutrity\active scan 2.0\pskavs.dll
and
Trojan horse generic10.AGYM
at
C:\system volume information\_restore{loads a numbers}.dll
  • 0

Advertisements

#11
Rorschach112
Posted 04 June 2008 - 05:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32
C:\WINDOWS\system32\cbXQjjJD.dll.vir 
C:\program files\panda secutrity\active scan 2.0\pskavs.dll
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Reboot and tell me how your PC is running
  • 0

#12
MIXMASTERMIKE
Posted 04 June 2008 - 06:25 PM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
is this is a stitch up?!?!

i'd had the computer a week i got one virus, besides that am very careful, am nowin usin firefox. and now i findin viruses every 2 seconds. avg gettin heaps. all these programs just pick up more crap... just tell us if this is a bit of a luagh and now my computer is full of [bleep] so i can format the [bleep]er.
  • 0

#13
Rorschach112
Posted 04 June 2008 - 06:30 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
How bout you look at how busy I and the other helpers are

We get hundreds of people posting logs here asking for help every few days

Does it look like I have time to play practical jokes
  • 0

#14
MIXMASTERMIKE
Posted 04 June 2008 - 06:37 PM

MIXMASTERMIKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yeah fair call, but im not complaining bout time to respond. u's are very prompt. i mean your volunteers, i dont expect a reply in 2 sec. all i sayin is i dont download anything i use firefox and the only half dodgy site i got to is redtube for a few quick views, and now i got all this [bleep] on my computer. where it comin from,...should i just get a mac now and throw this in bin.

. dr web still goin findin heaps a cra.p
  • 0

#15
Rorschach112
Posted 04 June 2008 - 06:39 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your scanners are probably finding stuff in system restore or that we already quarantined, they are nothing to worry about

Your logs are showing up clean, I don't expect we have much left to do. Should only be a few more posts till your PC is clean
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP