Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

User profiles deleted [RESOLVED]

Started by carrar , Aug 25 2008 06:36 AM

  • This topic is locked This topic is locked

#1
carrar
Posted 25 August 2008 - 06:36 AM

carrar

    Member

  • Member
  • PipPip
  • 18 posts
Hello,

I usually take good care of my computer (Win XP, SP2), but a relative was staying and used the guest account I had created for her. She plugged something in to charge or watch a movie or something, and the next time the computer was started, nearly everything was gone. (I had made a file backup but not of the entire system.) I had two admin user profiles other than the guest. Both profiles did not show up at startup, but when I connected to the internet, the Firefox bookmarks were still there, and many of the Word, music, and photo files appeared to be intact as well. I was not able to open the folder for the other user profile, so I don't know if those files are there still. Many of the programs I had installed appeared, but when I tried to start them, it said they were corrupted and asked for the installation CD. Other than needing to reinstall everything, almost like it's a new system, there seem to be no issues or strange activity.

I have followed all the instructions to clean the computer, but I would like to be assured that there are no problems before I begin to recreate everything. I ran ERUNT, but there were errors in saving the files.

Log files to come in next post.

Thanks for any help you can give!

UPDATE 08/26: To make sure that it had all the security updates, I downloaded SP3. As I was doing this, I realized that the list of programs in both the Start menu and the Add/Remove Programs in the Control Panel did not correctly account for programs that were installed. For instance, I had uninstalled anything related to AOL when I got this computer, but a search reveals that several AOL programs are now installed on the computer, as they were when it was new. Nothing AOL is listed in the Start menu or Add/Remove Programs. There are several programs that I had installed previously that show up, but when I attempt to open them, they ask to be reinstalled.

Edited by carrar, 26 August 2008 - 10:35 PM.

  • 0

Advertisements

#2
carrar
Posted 25 August 2008 - 06:39 AM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Malwarebytes log files:

Malwarebytes' Anti-Malware 1.25
Database version: 1086
Windows 5.1.2600 Service Pack 2

10:18:38 PM 8/24/2008
mbam-log-08-24-2008 (22-18-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 221650
Time elapsed: 2 hour(s), 27 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.reg (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



HijackThis log files:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:56 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.spysub...l...500=2&501=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11416 bytes
  • 0

#3
Jimmy2012
Posted 30 August 2008 - 06:09 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello carrar,
Sorry about the delay, everyone here has been very busy.

Please post a fresh HijackThis log in your next reply.
  • 0

#4
carrar
Posted 31 August 2008 - 12:36 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for getting back to me. Here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:03 AM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.spysub...l...500=2&501=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_SetRes] "c:\hp\bin\cloaker.exe" c:\hp\bin\res.bat
O4 - HKLM\..\Run: [PS2] "C:\WINDOWS\system32\ps2.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [LSBWatcher] "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1219807456015
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12685 bytes
  • 0

#5
Jimmy2012
Posted 31 August 2008 - 04:02 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello carrar,

STEP 1
Before we begin I see that you have 4 anti-virus programs running, I need you to remove 3 of them. Running 4 anti-virus programs at the same time can slow your computer down and also the anti-virus programs can conflict with each other. These are the 4 I see you have running.
Symantec, Avast, AVG and AntiVir
If you need any help removing 3 of them please let me know.

Please tell me what anti-virus program you are keeping in your next reply.

STEP 2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

STEP 3
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~
In your next reply please have these logs/info. You may need to use more then one reply for all the logs to fit.
What anti-virus program you are keeping
The RSIT logs
And the Kaspersky log
  • 0

#6
carrar
Posted 31 August 2008 - 07:37 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I kept Symantec and deleted the others.

When I ran RSIT, it listed "Performing Registry Dump" for about an hour before an error box came up:

AutoIt Error
Line -1:
Error: Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.

My only option was to click OK.

I will run the Kapersky WebScanner now.
  • 0

#7
carrar
Posted 31 August 2008 - 07:48 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I am unable to run Kapersky because it says I need updated Java. Whenever I attempt to download Java (automatically or manually), it tells me that I cannot proceed with the current Internet Connection settings. The Java website tells me to check my proxy settings under LAN, which I have never had to do before. I don't know what my proxy is.
  • 0

#8
Jimmy2012
Posted 01 September 2008 - 11:05 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello carrar,

When I ran RSIT, it listed "Performing Registry Dump" for about an hour before an error box came up:

Thats no problem, we will try another tool. :)

Whenever I attempt to download Java (automatically or manually), it tells me that I cannot proceed

Lets try another way and see if it works.


STEP 1
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum
STEP 2
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

If you are able to update java this time please try running the Kapersky WebScanner and post the log from it in your next reply.
~~~~~~~~~~
In your next reply please have these logs. You will need to use more then one reply for the logs to fit.
The OTViewIt logs
The Kapersky log (if you are able to update java)
And a fresh HijackThis log
  • 0

#9
carrar
Posted 01 September 2008 - 02:32 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for helping me out here. Here's the OTViewIt logs. Then I will run the other programs.

OTViewIt.txt:
OTViewIt logfile created on: 9/1/2008 1:27:44 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 548.74 Mb Available Physical Memory | 54.05% Memory free
2.39 Gb Paging File | 1.97 Gb Available in Paging File | 82.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 91.04 Gb Free Space | 50.77% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.83 Gb Free Space | 26.34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[09/23/2004 02:30 PM | 00,038,912 | ---- | M] () - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[08/09/2008 02:42 PM | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[05/04/2005 09:31 PM | 00,032,881 | ---- | M] () - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[11/02/2004 08:59 AM | 00,126,976 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[06/29/2004 10:06 AM | 00,088,363 | ---- | M] (Agere Systems) - C:\WINDOWS\AGRSMMSG.exe
[10/13/2004 11:04 PM | 00,278,528 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[10/13/2004 11:03 PM | 00,327,680 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[10/13/2004 04:17 PM | 02,742,272 | ---- | M] (RealTek Semicoductor Corp.) - C:\WINDOWS\ALCWZRD.EXE
[05/04/2005 10:00 PM | 00,098,304 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\QuickTime\qttask.exe
[08/09/2008 04:04 PM | 05,418,864 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[05/04/2005 10:01 PM | 01,187,840 | ---- | M] (InterMute, Inc.) - C:\Program Files\InterMute\SpySubtract\SpySub.exe
[08/09/2008 02:42 PM | 00,181,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SSU.exe

===== Win32 Services - Non-Microsoft Only =====

(iPodService) iPod Service [On_Demand | Running]
[10/13/2004 11:03 PM | 00,327,680 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running]
[09/23/2004 02:30 PM | 00,038,912 | ---- | M] () - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running]
[08/09/2008 02:42 PM | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

===== Driver Services - Non-Microsoft Only =====

(A5AGU) D-Link USB Wireless Network Adapter Service [On_Demand | Running]
[07/26/2005 02:32 PM | 00,348,352 | ---- | M] (D-Link Corporation) - C:\WINDOWS\system32\drivers\A5AGU.sys

(AgereSoftModem) Agere Systems Soft Modem [On_Demand | Running]
[06/29/2004 10:07 AM | 01,268,204 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys

(ATHFMWDL) D-Link predator Bootloader driver [On_Demand | Stopped]
[03/15/2005 06:11 PM | 00,043,392 | R--- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\system32\drivers\Athfmwdl.sys

(ialm) ialm [On_Demand | Running]
[11/02/2004 09:27 AM | 00,773,565 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(Iviaspi) IVI ASPI Shell [On_Demand | Running]
[09/11/2003 06:36 AM | 00,021,060 | ---- | M] (InterVideo, Inc.) - C:\WINDOWS\system32\drivers\iviaspi.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [On_Demand | Running]
[10/04/2002 10:04 AM | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\R8139n51.sys

(ssfs0bbc) ssfs0bbc [Boot | Running]
[08/09/2008 02:42 PM | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssfs0bbc.sys

(sshrmd) sshrmd [Boot | Running]
[08/09/2008 02:42 PM | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\sshrmd.sys

(ssidrv) ssidrv [Boot | Running]
[08/09/2008 02:42 PM | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssidrv.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"_SetRes" = "c:\hp\bin\cloaker.exe" c:\hp\bin\res.bat [11/06/1999 11:11 PM | 00,027,136 | ---- | M] (Hewlett-Packard Co.)
"AGRSMMSG" = "C:\WINDOWS\AGRSMMSG.exe" [06/29/2004 10:06 AM | 00,088,363 | ---- | M] (Agere Systems)
"Alcmtr" = "C:\WINDOWS\ALCMTR.EXE" [10/13/2004 04:00 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AlcWzrd" = "C:\WINDOWS\ALCWZRD.EXE" [10/13/2004 04:17 PM | 02,742,272 | ---- | M] (RealTek Semicoductor Corp.)
"ccApp" = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 11:42 AM | 00,058,728 | ---- | M] (Symantec Corporation)
"High Definition Audio Property Page Shortcut" = "C:\WINDOWS\system32\HDAudPropShortcut.exe" [03/17/2004 11:10 PM | 00,061,952 | ---- | M] (Windows ® Server 2003 DDK provider)
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM | 00,126,976 | ---- | M] (Intel Corporation)
"HPHmon06" = "C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 11:42 AM | 00,659,456 | ---- | M] (Hewlett-Packard)
"HPHUPD06" = "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 11:53 AM | 00,049,152 | ---- | M] (Hewlett-Packard)
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" [05/07/1998 09:04 AM | 00,052,736 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [10/13/2004 11:04 PM | 00,278,528 | ---- | M] (Apple Computer, Inc.)
"KBD" = "C:\HP\KBD\KBD.EXE" [02/11/2003 12:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"LSBWatcher" = "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 02:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"PS2" = "C:\WINDOWS\system32\ps2.exe" [10/25/2004 02:17 PM | 00,090,112 | ---- | M] (Hewlett-Packard Company)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/04/2005 10:00 PM | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM | 00,233,472 | ---- | M] ()
"SoundMan" = "C:\WINDOWS\SOUNDMAN.EXE" [10/13/2004 02:01 PM | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.)
"SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray [08/09/2008 04:04 PM | 05,418,864 | ---- | M] (Webroot Software, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [05/04/2005 09:31 PM | 00,032,881 | ---- | M] ()
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer [08/24/2008 12:11 PM | 00,100,056 | ---- | M] (Symantec Corporation)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [05/04/2005 09:53 PM | 00,180,269 | ---- | M] (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1138315245-371462582-4276663966-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1138315245-371462582-4276663966-1009\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/05/2004 02:28 AM | 00,258,048 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[05/04/2005 10:01 PM | 00,073,728 | ---- | M] (InterMute, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
[05/04/2005 10:04 PM | 00,045,056 | ---- | M] (Hewlett-Packard) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]
[09/30/2003 09:30 PM | 00,057,344 | ---- | M] (Hewlett-Packard) - C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe

[Guest Startup Folder - C:\Documents and Settings\Guest\Start Menu\Programs\Startup]

[HP_Owner Startup Folder - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup]

[Jajel Startup Folder - C:\Documents and Settings\Jajel\Start Menu\Programs\Startup]
[02/20/2007 03:33 PM | 00,256,000 | ---- | M] () - C:\Documents and Settings\Jajel\Start Menu\Programs\Startup\PowerReg Scheduler.exe

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 09:17 PM | 00,054,248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
HKLM CLSID: (CNavExtBho Class) - [08/30/2004 11:34 AM | 00,218,240 | ---- | M] (Symantec Corporation) c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
""
HKLM CLSID: (ScriptInocUI Class) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - [08/30/2004 11:34 AM | 00,218,240 | ---- | M] (Symantec Corporation) c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 11:26 AM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - [08/30/2004 11:34 AM | 00,218,240 | ---- | M] (Symantec Corporation) c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 11:26 AM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 11:26 AM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_USERS\S-1-5-21-1138315245-371462582-4276663966-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - [08/30/2004 11:34 AM | 00,218,240 | ---- | M] (Symantec Corporation) c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 11:26 AM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_USERS\S-1-5-21-1138315245-371462582-4276663966-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 11:26 AM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

========== AppInit_Dlls ==========

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = SpySubtract Shell Extension
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== HKLM Security Providers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
"msapsspc.dll schannel.dll digest.dll msnsspc.dll" - File not found

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [11/02/2004 08:59 AM | 00,348,160 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-1138315245-371462582-4276663966-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-1138315245-371462582-4276663966-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!


========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[05/04/2005 10:32 PM | 00,000,050 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/28/2001 05:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[04/30/2004 09:01 PM | 00,000,053 | -HS- | M] () D:\Autorun.inf [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64cb32a2-7619-11dd-9002-001195bb77e1}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8b74466-68f1-11dd-8fe5-0013d401569b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8b74467-68f1-11dd-8fe5-0013d401569b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0320e7f-6e73-11dd-8fed-001195bb77e1}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{84CF438C-A0CD-41D7-A15C-688C8357CBD6}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{859D3EBA-1927-4912-8886-D7B4391471C4}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{CB919DE9-C607-492E-8287-8DF36BD76F46}]
Servers: | Description: D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08/12/2008 02:52 PM | RHSD | C] - C:\cmdcons
[08/24/2008 11:59 AM | 10,646,85568 | -HS- | C] () - C:\hiberfil.sys
[08/31/2008 03:57 PM | ---D | C] - C:\rsit
[08/09/2008 02:42 PM | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[08/17/2008 03:12 PM | 00,043,392 | R--- | C] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\Athfmwdl.sys
[08/17/2008 03:12 PM | 00,147,664 | ---- | C] () - C:\WINDOWS\System32\drivers\ar5523.bin
[08/17/2008 03:12 PM | 00,348,352 | ---- | C] (D-Link Corporation) - C:\WINDOWS\System32\drivers\A5AGU.sys
[08/24/2008 06:06 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[08/24/2008 08:12 PM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/24/2008 08:13 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/24/2008 08:17 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[1 C:\WINDOWS\System32\*.tmp files]
[08/09/2008 02:42 PM | 00,015,208 | ---- | C] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | C] () - C:\WINDOWS\System32\wrLZMA.dll
[08/12/2008 02:19 PM | RHSD | C] - C:\WINDOWS\System32\dllcache
[08/12/2008 02:46 PM | ---D | C] - C:\WINDOWS\System32\RTCOM
[08/12/2008 02:49 PM | 00,163,840 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\igfxres.dll
[08/12/2008 02:49 PM | ---D | C] - C:\WINDOWS\System32\Lang
[08/24/2008 08:14 PM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/24/2008 12:02 PM | ---D | C] - C:\WINDOWS\System32\PreInstall
[08/24/2008 12:02 PM | ---D | C] - C:\WINDOWS\System32\SoftwareDistribution
[08/26/2008 07:52 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/26/2008 07:52 PM | ---D | C] - C:\WINDOWS\System32\en-us
[08/26/2008 07:52 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/30/2008 10:16 AM | 00,917,504 | ---- | C] (Macromedia, Inc.) - C:\WINDOWS\System32\FLASH.OCX
[08/31/2008 11:23 AM | ---D | C] - C:\WINDOWS\System32\LogFiles
[4 C:\WINDOWS\*.tmp files]
[08/26/2008 07:34 PM | ---D | C] - C:\WINDOWS\EHome
[08/26/2008 07:34 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/26/2008 07:47 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/26/2008 07:52 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/26/2008 08:03 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/17/2008 03:07 PM | 00,000,278 | ---- | C] () - C:\WINDOWS\tasks\Easy Internet Sign-up.job
[08/26/2008 07:11 PM | 00,001,544 | ---- | C] () - C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[08/24/2008 07:40 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/31/2008 03:52 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avg8
[08/24/2008 07:40 PM | 00,000,707 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/26/2008 07:11 PM | 00,001,652 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/24/2008 07:39 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/24/2008 06:04 PM | ---D | C] - C:\Program Files\Panda Security
[08/24/2008 07:36 PM | ---D | C] - C:\Program Files\ERUNT
[08/24/2008 07:40 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/24/2008 12:11 PM | ---D | C] - C:\Program Files\SymNetDrv
[08/24/2008 12:23 PM | ---D | C] - C:\Program Files\Alwil Software

========== Files - Modified Within 30 days ==========

[08/12/2008 02:45 PM | 00,000,213 | RHS- | M] () - C:\BOOT.BAK
[08/12/2008 02:52 PM | 00,000,283 | RHS- | M] () - C:\boot.ini
[08/26/2008 06:08 PM | 00,002,999 | -H-- | M] () - C:\IPH.PH
[08/26/2008 07:10 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/26/2008 07:43 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[09/01/2008 12:40 PM | 10,646,85568 | -HS- | M] () - C:\hiberfil.sys
[08/09/2008 02:42 PM | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/09/2008 02:42 PM | 00,015,208 | ---- | M] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | M] () - C:\WINDOWS\System32\wrLZMA.dll
[08/12/2008 02:46 PM | 00,000,993 | ---- | M] () - C:\WINDOWS\System32\$winnt$.inf
[08/12/2008 02:46 PM | 00,002,158 | ---- | M] () - C:\WINDOWS\System32\ssmute.ini
[08/26/2008 08:02 PM | 00,175,464 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/28/2008 05:42 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/30/2008 10:16 AM | 00,917,504 | ---- | M] (Macromedia, Inc.) - C:\WINDOWS\System32\FLASH.OCX
[08/31/2008 03:41 PM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[09/01/2008 01:23 PM | 00,053,436 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[09/01/2008 01:23 PM | 00,381,692 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[09/01/2008 01:23 PM | 00,441,626 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09/01/2008 12:41 PM | 00,000,248 | ---- | M] () - C:\WINDOWS\System\hpsysdrv.dat
[4 C:\WINDOWS\*.tmp files]
[08/03/2008 10:15 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/08/2008 06:44 PM | 00,000,865 | ---- | M] () - C:\WINDOWS\musiceditor.INI
[08/09/2008 04:04 PM | 01,538,928 | ---- | M] (Webroot Software, Inc.) - C:\WINDOWS\WRSetup.dll
[08/12/2008 02:43 PM | 00,000,231 | ---- | M] () - C:\WINDOWS\system.ini
[08/19/2008 09:53 PM | 00,000,628 | ---- | M] () - C:\WINDOWS\win.ini
[08/19/2008 09:54 PM | 00,104,240 | ---- | M] () - C:\WINDOWS\hpoins04.dat
[08/21/2008 11:31 PM | 00,000,365 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/26/2008 08:04 PM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/26/2008 09:48 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[09/01/2008 12:40 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/06/2008 05:44 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/17/2008 03:07 PM | 00,000,278 | ---- | M] () - C:\WINDOWS\tasks\Easy Internet Sign-up.job
[08/26/2008 07:11 PM | 00,001,544 | ---- | M] () - C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[09/01/2008 12:40 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/08/2008 05:54 AM | 00,000,050 | ---- | M] () - C:\Documents and Settings\All Users\Documents\pwsafe.psafe3.plk
[08/24/2008 07:40 PM | 00,000,707 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/26/2008 07:11 PM | 00,001,652 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk

< End of report >

Extras.txt:
OTViewIt Extras logfile created on: 9/1/2008 1:27:45 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 548.74 Mb Available Physical Memory | 54.05% Memory free
2.39 Gb Paging File | 1.97 Gb Available in Paging File | 82.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 91.04 Gb Free Space | 50.77% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.83 Gb Free Space | 26.34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[10/13/2004 11:12 PM | 08,759,808 | ---- | M] (Apple Computer, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[10/13/2004 11:12 PM | 08,759,808 | ---- | M] (Apple Computer, Inc.)

"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion
[05/04/2005 10:04 PM | 00,045,056 | ---- | M] (Hewlett-Packard)

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
File not found

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[04/13/2008 05:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" %*

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5A4E3B3A-D1E1-4586-9249-2DA68D0B09D2}" = HPIZplus450
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E448242-1967-4470-A3F5-FFB62B341D8F}" = 2600
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}" = 2600_Help
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}" = 2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.4
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62" = Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"6B60434A-ABE1-48FF-906B-0EA67087AB25" = Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149" = Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1" = Polar Golfer from Hewlett-Packard Desktops (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"ERUNT_is1" = ERUNT 1.1j
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.5.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB938127-v2-IE7" = Security Update for Windows Internet Explorer 7 (KB938127-v2)
"KB941569" = Security Update for Windows XP (KB941569)
"KB946648" = Security Update for Windows XP (KB946648)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"KBD" = KBD
"LiveReg" = LiveReg (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SpySubtract" = SpySubtract
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 8/24/2008 6:48:48 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Error
Description = Faulting application nmain.exe, version 103.0.2.10, faulting module
ascompbr.dll, version 2005.1.0.163, fault address 0x00009179.

Error - 8/27/2008 4:47:53 AM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Hang
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2008 4:48:15 AM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Hang
Description = Fault bucket 854786114.

Error - 8/29/2008 10:30:11 PM - Computer Name = YOUR-4F1261A8E5 - User Name = YOUR-4F1261A8E5\HP_Owner - Source = MsiInstaller
Description = Product: Microsoft Office Standard Edition 2003 -- Error 2884. An
internal error has occurred. (ErrorDialog )

Error - 8/29/2008 10:30:11 PM - Computer Name = YOUR-4F1261A8E5 - User Name = YOUR-4F1261A8E5\HP_Owner - Source = MsiInstaller
Description = Product: Microsoft Office Standard Edition 2003 -- Error 2884. An
internal error has occurred. (FirstRunEx )

Error - 8/31/2008 11:25:20 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Hang
Description = Hanging application RSIT.exe, version 3.2.12.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2008 11:25:23 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Hang
Description = Hanging application RSIT.exe, version 3.2.12.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2008 11:25:26 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Hang
Description = Fault bucket 909423600.

Error - 8/31/2008 11:25:28 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Application Hang
Description = Fault bucket 909423600.


[ Internet Explorer Events ]

[ Security Events ]

[ System Events ]
Error - 8/24/2008 6:48:57 PM - Computer Name = YOUR-4F1261A8E5 - User Name = YOUR-4F1261A8E5\Administrator - Source = DCOM
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/24/2008 6:51:18 PM - Computer Name = YOUR-4F1261A8E5 - User Name = YOUR-4F1261A8E5\Administrator - Source = DCOM
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 8/24/2008 6:52:08 PM - Computer Name = YOUR-4F1261A8E5 - User Name = YOUR-4F1261A8E5\Administrator - Source = DCOM
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 8/24/2008 6:52:09 PM - Computer Name = YOUR-4F1261A8E5 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/24/2008 7:00:09 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Windows Update Agent
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 8/27/2008 12:56:06 AM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Service Control Manager
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 8/27/2008 12:56:06 AM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Service Control Manager
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 8/27/2008 1:14:25 AM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Windows XP Service Pack 3 (KB936929).

Error - 8/27/2008 3:30:38 AM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Dhcp
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001195BB77E1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/31/2008 3:42:00 PM - Computer Name = YOUR-4F1261A8E5 - User Name = User SID not found - Source = Windows Update Agent
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#10
carrar
Posted 01 September 2008 - 06:05 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I was able to update Java, so here's my Kapersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 01, 2008 20:59:26
Records in database: 1175122
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 182596
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:51:06


File name / Threat name / Threats count
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.


and my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:32 PM, on 9/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.spysub...l...500=2&501=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_SetRes] "c:\hp\bin\cloaker.exe" c:\hp\bin\res.bat
O4 - HKLM\..\Run: [PS2] "C:\WINDOWS\system32\ps2.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [LSBWatcher] "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1219807456015
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10642 bytes
  • 0

#11
Jimmy2012
Posted 02 September 2008 - 10:54 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello carrar,

STEP 1
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Documents and Settings\All Users\Documents\pwsafe.psafe3.plk
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
STEP 3
Please look in this folder, C:\rsit. Please see if you can find this file log.txt, if it is there please open that file and copy/paste the text inside in your next reply. And please do the same for this file if it is there info.txt
~~~~~~~~~~
In your next reply please have these logs/info.
The OTMoveIt2 log
The VirScan log
The log.txt and info.txt
And please tell me how your computer is running
  • 0

#12
carrar
Posted 02 September 2008 - 06:59 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
My computer is running okay with no apparent problems (other than missing programs). Thanks for helping me.

OTMoveIt2:

Explorer killed successfully
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_s3iJtPIDUgY1IuLiOxM5 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_zLTMcN5T4XCd9HQTYgLX scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_zLTMcN5T4XCd9HQTYgLX-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\JET3307.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\hsperfdata_HP_Owner\240 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_174140

Files moved on Reboot...
File C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_s3iJtPIDUgY1IuLiOxM5 not found!
File C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_zLTMcN5T4XCd9HQTYgLX not found!
File C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_zLTMcN5T4XCd9HQTYgLX-journal not found!
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\hpodvd09.log moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\JET3307.tmp not found!
File C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\hsperfdata_HP_Owner\240 not found!
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\FSSync.dll
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kave.dll
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\lha.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MailMsg.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prLoader.dll
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\Quantum.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\rar.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jkos-HP_Owner\binaries\WDiskIO.ppl moved successfully.


VirScan:

VirSCAN.org Scanned Report :
Scanned time : 2008/09/02 17:49:56 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : pwsafe.psafe3.plk
File Size : 50 byte
File Type : data
MD5 : ad07b5ff5e2e87b0e2bb5a0186e5ad85
SHA1 : aab04715fce4f1bd741a38dbc5d23f3de579a564
Online report : http://virscan.org/r...70eb6d06a5.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.09.02 2008-09-02 2.70 -
AhnLab V3 2008.09.03.00 2008.09.03 2008-09-03 0.88 -
AntiVir 7.8.1.23 7.0.6.106 2008-09-02 2.28 -
Arcavir 1.0.5 200809021207 2008-09-02 1.17 -
AVAST! 3.0.1 080902-0 2008-09-02 0.70 -
AVG 7.5.52.442 270.6.15/1648 2008-09-02 1.54 -
BitDefender 7.60825.1703748 7.20785 2008-09-03 2.98 -
CA (VET) 9.0.0.143 31.6.6064 2008-09-02 5.18 -
ClamAV 0.93.3 8142 2008-09-03 0.00 -
Comodo 2.11 2.0.0.635 2008-09-02 0.40 -
CP Secure 1.1.0.715 2008.09.01 2008-09-01 6.47 -
Dr.Web 4.44.0.9170 2008.09.02 2008-09-02 3.12 -
ewido 4.0.0.2 2008.09.03 2008-09-03 2.50 -
F-Prot 4.4.4.56 20080902 2008-09-02 0.98 -
F-Secure 5.51.6100 2008.09.03.02 2008-09-03 3.19 -
Fortinet 2.81-3.11 9.508 2008-09-03 1.76 -
ViRobot 20080902 2008.09.02 2008-09-02 0.40 -
Ikarus T3.1.01.34 2008.09.02.71384 2008-09-02 3.26 -
JiangMin 11.0.706 2008.09.02 2008-09-02 1.19 -
Kaspersky 5.5.10 2008.09.02 2008-09-02 0.01 -
KingSoft 2008.1.14.15 2008.9.2.20 2008-09-02 0.58 -
McAfee 5.3.00 5374 2008-09-01 1.70 -
Microsoft 1.3903 2008.09.03 2008-09-03 3.81 -
mks_vir 2.01 2008.08.25 2008-08-25 2.52 -
Norman 5.93.01 5.93.00 2008-09-02 4.96 -
Panda 9.05.01 2008.09.02 2008-09-02 1.98 -
Trend Micro 8.700-1004 5.518.03 2008-09-02 0.02 -
Quick Heal 9.50 2008.09.02 2008-09-02 1.69 -
Rising 20.0 20.60.11.00 2008-09-02 0.26 -
Sophos 2.78.0 4.33 2008-09-03 1.67 -
Sunbelt 3.1.1582.1 2204 2008-08-25 0.40 -
Symantec 1.3.0.24 20080902.016 2008-09-02 0.22 -
nProtect 2008-09-02.00 2039345 2008-09-02 3.62 -
The Hacker 6.3.0.6 v00070 2008-09-02 0.37 -
VBA32 3.12.8.4 20080902.0610 2008-09-02 1.09 -
VirusBuster 4.5.11.10 10.86.3/623357 2008-09-02 0.80 -

log.txt:
Logfile of random's system information tool (written by random/random)
Run by HP_Owner at 2008-08-31 17:32:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 93 GB (51%) free of 184 GB
Total RAM: 1015 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:32 PM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Documents and Settings\HP_Owner\Desktop\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.spysub...l...500=2&501=0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_SetRes] "c:\hp\bin\cloaker.exe" c:\hp\bin\res.bat
O4 - HKLM\..\Run: [PS2] "C:\WINDOWS\system32\ps2.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [LSBWatcher] "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1219807456015
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10603 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2004-08-30 218240]

There is no info.txt file.
  • 0

#13
Jimmy2012
Posted 03 September 2008 - 10:30 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello carrar,
Your logs look clean. :)
Just a few more things to do.

My computer is running okay with no apparent problems (other than missing programs).

Well since your logs look clean there is not much else I can do about that. I would try reinstalling any of those programs, and if you have any trouble you can start a new topic in the XP part of the forum.





You are using a old version of Adobe Acrobat Reader, please update it here.




  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Please remove any leftover tools used to clean your computer.




Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#14
carrar
Posted 05 September 2008 - 06:14 PM

carrar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for all your help! I know exactly how I got infected (let my sister-in-law use it), but I will try to keep vigilant! I more just wanted to clean it up before I started to build it back up and spend time to reinstall all my programs. I really appreciate all the help you've given me!
  • 0

#15
Rorschach112
Posted 06 September 2008 - 05:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP