Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still having some issues


  • This topic is locked This topic is locked

#1
mckryan

mckryan

    Member

  • Member
  • PipPip
  • 29 posts
I got help here a couple of weeks ago, but I am still having issues. On boot-up, I get a COM Surrogate and ehRec.exe (2 times) error. My Malwarebytes scan didn't show any infections, but I'm doing an Kaspersky online scan that is showing infection. Here are some logs to get started:

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:36 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bareescentuals.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://rcsm.compuserve.com
O15 - Trusted Zone: http://wins.compuserve.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.130.146.1...sCamControl.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 11063 bytes

Malwarebytes:
Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

12:20:25 PM 8/12/2008
mbam-log-8-12-2008 (12-20-25).txt

Scan type: Quick Scan
Objects scanned: 60608
Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hey mckryan,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.
  • 0

#3
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
We need to create a Deckard's System Scanner (DSS) Log
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.

Primary Mirror
Secondary Mirror

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <-- Will be maximized
    • extra.txt <-- Will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.
Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

  • 0

#4
mckryan

mckryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Okay, something odd is going on for sure. I downloaded Deckards and closed everything before running it. No restore point was created, no temp files were deleted, and the recycle bin was not emptied, etc. I also received no prompts. It also only created one file for me - main.txt. I've looked in the logs, and there is no extra.txt. Here is the main.txt. Let me know what I should do since you are missing a text file.

__________________

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-08-17 12:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:36 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\Virus Cleaning Tools\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bareescentuals.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://rcsm.compuserve.com
O15 - Trusted Zone: http://wins.compuserve.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.130.146.1...sCamControl.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 11040 bytes

-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-11 12:35:01 0 d-------- C:\Program Files\iPod
2008-08-11 12:34:58 0 d-------- C:\Program Files\iTunes
2008-08-11 12:34:09 0 d-------- C:\Program Files\QuickTime
2008-08-09 18:34:34 0 d-------- C:\Garmin
2008-08-08 19:58:18 0 d-------- C:\WINDOWS\Prefetch
2008-08-08 19:30:42 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-07 03:07:36 1404928 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-08-07 03:07:36 9961472 --a------ C:\Documents and Settings\HP_Administrator\ntuser.dat
2008-08-04 15:23:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\OfficeGuardian
2008-08-04 10:08:32 0 d-------- C:\Program Files\Bonjour
2008-08-04 10:02:05 0 d-------- C:\Program Files\Safari
2008-07-31 13:32:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-31 13:32:39 0 d-------- C:\Program Files\Common Files\Skype
2008-07-31 13:27:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore
2008-07-31 13:26:01 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-31 13:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-31 13:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-31 13:25:34 0 d-------- C:\Program Files\Common Files\AOL
2008-07-31 13:25:20 0 d-------- C:\Program Files\AIM6
2008-07-30 21:29:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-30 21:06:32 0 d-------- C:\Program Files\Common Files\Java
2008-07-28 12:37:19 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-28 12:32:57 0 d-------- C:\Program Files\Common Files\Ankiro
2008-07-28 12:32:32 0 d-------- C:\Program Files\Common Files\Application
2008-07-28 12:32:18 0 d-------- C:\Program Files\SPAMfighter
2008-07-28 12:21:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-28 12:20:22 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-28 12:18:01 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-28 12:18:00 0 d-------- C:\Program Files\NOS
2008-07-27 14:58:37 0 d-------- C:\Program Files\Trend Micro
2008-07-27 13:32:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-27 12:49:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-27 12:49:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 12:49:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 12:48:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 09:45:39 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2008-07-27 09:45:14 0 d-------- C:\Program Files\Trojan Remover
2008-07-27 09:45:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software
2008-07-27 09:45:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-19 23:06:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-07-19 16:07:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-19 14:59:20 51472 --a------ C:\WINDOWS\system32\GDIP?ONTCACHEV1.DAT
2008-07-18 22:42:43 0 d-------- C:\Program Files\Lavasoft(2)
2008-07-18 13:25:03 0 d-------- C:\Program Files\Trojan Remover(2)


-- Find3M Report ---------------------------------------------------------------

2008-08-17 11:57:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-14 14:26:51 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-08-14 13:55:23 0 d-------- C:\Program Files\CompuServe 2000
2008-08-14 03:03:47 0 d-------- C:\Program Files\Messenger
2008-08-13 14:31:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-08-13 14:31:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-08-13 09:07:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-08-12 14:37:07 200 --a------ C:\WINDOWS\AUDC70UI.dat
2008-08-11 12:33:56 0 d-------- C:\Program Files\Apple Software Update
2008-08-11 12:00:18 0 d-------- C:\Program Files\Common Files\Real
2008-08-11 12:00:12 0 d-------- C:\Program Files\Common Files
2008-08-11 12:00:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-08-08 19:36:38 0 d-------- C:\Program Files\Windows NT
2008-08-08 19:36:09 0 d-------- C:\Program Files\Movie Maker
2008-07-31 13:27:32 0 d-------- C:\Program Files\AIM
2008-07-31 13:27:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Aim
2008-07-30 21:07:07 0 d-------- C:\Program Files\Java
2008-07-28 12:20:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-07-27 09:43:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 09:32:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 23:05:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-07-19 16:03:57 250048 --a------ C:\ntldr
2008-07-19 14:59:20 51472 --a------ C:\WINDOWS\system32\GDIP?ONTCACHEV1.DAT
2008-06-25 15:30:37 0 d-------- C:\Program Files\Registry Defender Platinum
2008-06-17 08:50:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 07:42 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/14/2007 04:05 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [07/27/2008 12:41 PM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 06:20 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/2008 11:32 AM]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [07/14/2008 06:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/22/2008 08:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 07:17 AM]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [11/17/1996]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [11/17/1996]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e1eefa-622f-11dd-b23c-00038a000011}]
AutoRun\command- K:\StarterOfficeGuardian.exe




-- End of Deckard's System Scanner: finished at 2008-08-17 12:09:55 ------------
  • 0

#5
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e1eefa-622f-11dd-b23c-00038a000011}
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Edited by SpySentinel, 17 August 2008 - 03:37 PM.

  • 0

#6
mckryan

mckryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTM log:
Explorer killed successfully
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e1eefa-622f-11dd-b23c-00038a000011} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e1eefa-622f-11dd-b23c-00038a000011}\\ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla1FE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla22DC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla2511.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla2533.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFF89.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFFBF8.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_182649

Files moved on Reboot...
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla1FE0.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla22DC.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla2511.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fla2533.tmp not found!
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFF89.tmp moved successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFFBF8.tmp not found!

Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 17, 2008 23:49:41
Records in database: 1103275
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Z:\

Scan statistics:
Files scanned: 112916
Threat name: 4
Infected objects: 4
Suspicious objects: 1
Duration of the scan: 02:09:50


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\WKI2XWD6\wbk45CE.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Program Files\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 2
C:\WINDOWS\system32\WanPacket.dll Infected: Backdoor.Win32.ForBot.am 1

The selected area was scanned.

DSS Main:
Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-08-17 21:27:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-08-18 01:27:11 UTC - RP32 - Deckard's System Scanner Restore Point
31: 2008-08-17 07:28:45 UTC - RP31 - System Checkpoint
30: 2008-08-16 07:26:11 UTC - RP30 - System Checkpoint
29: 2008-08-15 07:21:32 UTC - RP29 - System Checkpoint
28: 2008-08-14 07:00:17 UTC - RP28 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-31 01:23:45 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:27 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bareescentuals.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://rcsm.compuserve.com
O15 - Trusted Zone: http://wins.compuserve.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.130.146.1...sCamControl.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 11231 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080728-171746-148 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
backup-20080728-171746-216 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080728-171746-240 O15 - Trusted Zone: *.amaena.com
backup-20080728-171746-272 O15 - Trusted Zone: *.onerateld.com
backup-20080728-171746-406 O15 - Trusted Zone: *.virusschlacht.com
backup-20080728-171746-449 O15 - Trusted Zone: http://www.iwon.com
backup-20080728-171746-460 O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - (no file)
backup-20080728-171746-462 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080728-171746-477 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080728-171746-539 O15 - Trusted Zone: *.safetydownload.com
backup-20080728-171746-543 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080728-171746-635 O15 - Trusted Zone: *.avsystemcare.com
backup-20080728-171746-738 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080728-171746-907 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080728-171746-953 O15 - Trusted Zone: *.onerateld.com (HKLM)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 gttap1 (GoTrusted TAP Adapter) - c:\windows\system32\drivers\gttap1.sys (file missing)
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1268)
2005-07-26 00:39:44 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1916)
1998-10-17 07:00:00 33792 --a------ C:\Program Files\WinZip\WZSHLEXT.DLL
1998-10-17 07:00:00 20992 --a------ C:\Program Files\WinZip\WZCAB2.DLL <Not Verified; Nico Mak Computing, Inc.; WinZip>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-17 21:25:00 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACAD3570-F37D-424D-A5BE-5076D5D6ABE6}.job
2008-08-12 15:13:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-11 12:35:01 0 d-------- C:\Program Files\iPod
2008-08-11 12:34:58 0 d-------- C:\Program Files\iTunes
2008-08-11 12:34:09 0 d-------- C:\Program Files\QuickTime
2008-08-09 18:34:34 0 d-------- C:\Garmin
2008-08-08 19:58:18 0 d-------- C:\WINDOWS\Prefetch
2008-08-08 19:30:42 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-07 03:07:36 1404928 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-08-07 03:07:36 9961472 --a------ C:\Documents and Settings\HP_Administrator\ntuser.dat
2008-08-04 15:23:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\OfficeGuardian
2008-08-04 10:08:32 0 d-------- C:\Program Files\Bonjour
2008-08-04 10:02:05 0 d-------- C:\Program Files\Safari
2008-07-31 13:32:57 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-31 13:32:39 0 d-------- C:\Program Files\Common Files\Skype
2008-07-31 13:27:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\acccore
2008-07-31 13:26:01 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-31 13:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-31 13:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-31 13:25:34 0 d-------- C:\Program Files\Common Files\AOL
2008-07-31 13:25:20 0 d-------- C:\Program Files\AIM6
2008-07-30 21:29:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-30 21:06:32 0 d-------- C:\Program Files\Common Files\Java
2008-07-28 12:37:19 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-28 12:32:57 0 d-------- C:\Program Files\Common Files\Ankiro
2008-07-28 12:32:32 0 d-------- C:\Program Files\Common Files\Application
2008-07-28 12:32:18 0 d-------- C:\Program Files\SPAMfighter
2008-07-28 12:21:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-28 12:20:22 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-28 12:18:01 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-28 12:18:00 0 d-------- C:\Program Files\NOS
2008-07-27 14:58:37 0 d-------- C:\Program Files\Trend Micro
2008-07-27 13:32:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-27 12:49:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-27 12:49:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 12:49:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 12:48:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 09:45:39 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2008-07-27 09:45:14 0 d-------- C:\Program Files\Trojan Remover
2008-07-27 09:45:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software
2008-07-27 09:45:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-19 23:06:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-07-19 16:07:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-19 14:59:20 51472 --a------ C:\WINDOWS\system32\GDIP?ONTCACHEV1.DAT
2008-07-18 22:42:43 0 d-------- C:\Program Files\Lavasoft(2)
2008-07-18 13:25:03 0 d-------- C:\Program Files\Trojan Remover(2)


-- Find3M Report ---------------------------------------------------------------

2008-08-17 12:28:55 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-08-17 11:57:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-14 13:55:23 0 d-------- C:\Program Files\CompuServe 2000
2008-08-14 03:03:47 0 d-------- C:\Program Files\Messenger
2008-08-13 14:31:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-08-13 14:31:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-08-13 09:07:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-08-12 14:37:07 200 --a------ C:\WINDOWS\AUDC70UI.dat
2008-08-11 12:33:56 0 d-------- C:\Program Files\Apple Software Update
2008-08-11 12:00:18 0 d-------- C:\Program Files\Common Files\Real
2008-08-11 12:00:12 0 d-------- C:\Program Files\Common Files
2008-08-11 12:00:07 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-08-08 19:36:38 0 d-------- C:\Program Files\Windows NT
2008-08-08 19:36:09 0 d-------- C:\Program Files\Movie Maker
2008-07-31 13:27:32 0 d-------- C:\Program Files\AIM
2008-07-31 13:27:27 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Aim
2008-07-30 21:07:07 0 d-------- C:\Program Files\Java
2008-07-28 12:20:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-07-27 09:43:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 09:32:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-19 23:05:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-07-19 16:03:57 250048 --a------ C:\ntldr
2008-07-19 14:59:20 51472 --a------ C:\WINDOWS\system32\GDIP?ONTCACHEV1.DAT
2008-06-25 15:30:37 0 d-------- C:\Program Files\Registry Defender Platinum
2008-06-17 08:50:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 06:34 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 07:42 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/14/2007 04:05 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [07/27/2008 12:41 PM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 06:20 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/2008 11:32 AM]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [07/14/2008 06:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/22/2008 08:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 07:17 AM]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [11/17/1996]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [11/17/1996]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7692 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-17 21:28:39 ------------

DSS extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1918.48 MiB / 1239.2 MiB
Pagefile Memory (total/avail): 3110.07 MiB / 2624.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.84 MiB

C: is Fixed (NTFS) - 224.87 GiB total, 197.51 GiB free.
D: is Fixed (FAT32) - 8 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD2500JD-22HBB0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB - D:
\PARTITION1 (bootable) - Installable File System - 224.87 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\\setup\\HPONICIFS01.EXE"="E:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRISTAWORKHP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\CHRISTAWORKHP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=CHRISTAWORKHP
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Audio Converter Pro --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Converter --> C:\Program Files\Audio Converter\uninstall.exe
Audio MP3 Maker 1.16 --> "C:\Program Files\Audio MP3 Maker\unins000.exe"
BK ReplaceEm 2.0 --> C:\WINDOWS\bkuninst.exe C:\Program Files\BK ReplaceEm\
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ClipMate 5.3 --> C:\PROGRA~1\CLIPMA~1\UNWISE.EXE C:\PROGRA~1\CLIPMA~1\INSTALL.LOG
Color Cop v5.3 --> "C:\Program Files\ColorCop\unins000.exe"
CompuServe 2000 --> C:\Program Files\Common Files\csshare\csunins_us.exe
CuteFTP 5.0 XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.exe" -l0x9 /l0009 UNINSTALL
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{BB703122-AF65-4AD9-BCA0-273E165DABEE}
FeedDemon --> "C:\Program Files\FeedDemon\unins000.exe"
FeedStation --> "C:\Program Files\FeedStation\unins000.exe"
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
getPlus® --> "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Driver Diagnostics --> MsiExec.exe /I{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Image Zone for Media Center PC --> MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Tunes --> MsiExec.exe /X{6512B303-F989-4C13-B9F6-A99989E4ED54}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
muvee autoProducer unPlugged - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9
Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Paint Shop Pro 5.03 CD --> C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
Trojan Remover 6.7.1 --> "C:\Program Files\Trojan Remover\unins000.exe"
UltraEdit-32 --> "C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log"
UnitedScrip 2006 --> MsiExec.exe /I{1AE3FBB9-A5D1-4DE3-A666-099B54BB27BD}
UnitedScrip 2006 --> MsiExec.exe /I{AD36598A-C8B5-4290-924C-9C5A8847BBF4}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type9908 / Error
Event Submitted/Written: 08/17/2008 06:35:47 PM
Event ID/Source: 4786 / COM+
Event Description:
The system has called a custom component and that component has failed and generated an exception. This indicates a problem with the custom component. Notify the developer of this component that a failure has occurred and provide them with the information below.
Component Prog ID:
Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235}
Server Application Instance ID:
{E60B0542-F2DE-4894-B2CA-AEFF3C025CF0}
Server Application Name: System Application
Exception: C0000005
Address: 0x7669413B

Edited by mckryan, 17 August 2008 - 07:33 PM.

  • 0

#7
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Your logs look clean, great job! :)

Now for some cleanup..
Please download OTCleanIt and save it to Desktop.
  • Please make sure you are connecting to the Internet
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0

#8
mckryan

mckryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Before I follow through with the steps in your previous message, I had a question about this section of my log:

File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\WKI2XWD6\wbk45CE.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Program Files\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 2
C:\WINDOWS\system32\WanPacket.dll Infected: Backdoor.Win32.ForBot.am 1

Will the OTCleanIt take care of this, or do I need to address these issues first?
  • 0

#9
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
This issue should already be taken care of. If not let me know.
  • 0

#10
mckryan

mckryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I just ran Kaspersky, and the infections are still there.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 19, 2008 20:36:00
Records in database: 1111093
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 130483
Threat name: 4
Infected objects: 4
Suspicious objects: 1
Duration of the scan: 02:16:55


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\WKI2XWD6\wbk45CE.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Program Files\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 2
C:\WINDOWS\system32\WanPacket.dll Infected: Backdoor.Win32.ForBot.am 1

The selected area was scanned.
  • 0

Advertisements


#11
mckryan

mckryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I wanted to see what MalwareBytes came up with and here is the log. Is Registry Defender the issue here? It didn't show up in the last MalwareBytes scan, but I didn't do a full scan that time, just the quick one.

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

4:28:53 PM 8/20/2008
mbam-log-08-20-2008 (16-28-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 177661
Time elapsed: 1 hour(s), 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 233

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100 (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Registry Defender Platinum (Rogue.RegistryDefender) -> No action taken.

Files Infected:
C:\Program Files\Registry Defender Platinum\Customer Support.url (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\INSTALL.LOG (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\install.sss (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\mscomctl.ocx (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\RegistryDefender.exe.manifest (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\stdole2.tlb (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\Uninstall.exe (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\User Guide.url (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup\6_25_2008.reg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup\6_26_2008.reg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup\7_2_2008.reg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-1.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-10.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-11.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-12.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-13.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-14.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-15.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-16.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-17.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-18.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-19.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-2.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-20.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-21.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-22.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-23.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-24.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-25.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-26.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-27.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-28.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-29.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-3.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-30.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-31.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-32.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-33.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-34.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-35.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-36.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-37.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-38.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-39.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-4.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-40.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-41.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-42.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-43.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-44.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-45.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-46.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-47.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-48.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-49.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-5.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-50.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-6.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-7.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-8.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar\scanner-repair-9.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-0.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-1.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-10.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-100.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-11.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-12.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-13.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-14.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-15.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-16.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-17.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-18.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-19.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-2.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-20.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-21.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-22.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-23.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-24.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-25.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-26.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-27.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-28.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-29.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-3.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-30.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-31.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-32.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-33.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-34.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-35.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-36.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-37.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-38.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-39.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-4.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-40.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-41.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-42.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-43.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-44.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-45.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-46.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-47.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-48.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-49.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-5.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-50.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-51.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-52.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-53.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-54.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-55.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-56.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-57.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-58.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-59.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-6.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-60.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-61.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-62.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-63.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-64.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-65.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-66.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-67.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-68.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-69.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-7.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-70.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-71.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-72.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-73.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-74.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-75.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-76.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-77.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-78.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-79.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-8.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-80.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-81.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-82.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-83.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-84.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-85.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-86.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-87.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-88.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-89.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-9.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-90.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-91.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-92.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-93.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-94.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-95.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-96.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-97.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-98.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100\scanner100-99.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-0.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-1.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-10.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-11.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-12.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-13.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-14.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-15.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-16.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-17.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-18.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-19.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-2.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-20.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-21.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-22.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-23.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-24.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-25.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-26.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-27.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-28.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-29.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-3.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-30.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-31.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-32.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-33.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-34.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-35.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-36.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-37.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-38.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-39.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-4.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-40.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-41.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-42.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-43.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-44.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-45.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-46.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-47.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-48.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-49.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-5.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-50.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-51.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-52.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-53.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-54.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-55.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-56.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-57.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-58.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-59.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-6.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-60.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-61.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-62.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-63.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-64.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-65.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-7.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-8.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse\scannerpulse-9.jpg (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Registry Defender Platinum\Customer Support.lnk (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Registry Defender Platinum\Registry Defender.lnk (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Registry Defender Platinum\User Guide.lnk (Rogue.RegistryDefender) -> No action taken.
  • 0

#12
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi mckryan, Let me assure you your computer is clean. If you want, you can go ahead and have MBAM quarantine Registry Defender Platinum.
  • 0

#13
mckryan

mckryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I ran SuperAntiSpyware, recommended to me by emeraldnzl in this message here, http://www.geekstogo...an-t206399.html, and this is what it found. It says I still have the Vundo Variant in adware.

Here's the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2008 at 10:57 PM

Application Version : 4.15.1000

Core Rules Database Version : 3542
Trace Rules Database Version: 1531

Scan type : Complete Scan
Total Scan Time : 05:10:30

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 6251
Registry threats detected : 0
File items scanned : 46227
File threats detected : 80

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@incentaclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click2houston[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@chitika[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dmtracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaspanonline[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@focalex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.ehg-bareescentuals.hitbox.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.e-2dj6wdmiuidzeep.stats.esomniture.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
www.click2houston.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.click2houston.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.click2houston.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]
.click2houston.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hntumf5r.default\cookies.txt ]

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\KJKKJ.INI
C:\WINDOWS\SYSTEM32\STUTV.BAK1

Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\SPR00345.TMP
  • 0

#14
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Go ahead and have SuperAntiSpyware remove those files.

Then you are clean.
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP