Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP my pc needs you , I have done everything [RESOLVED]

Started by starla , Oct 12 2007 11:14 AM

  • This topic is locked This topic is locked

#1
starla
Posted 12 October 2007 - 11:14 AM

starla

    Member

  • Member
  • PipPip
  • 64 posts
hi my name is starla , I have had this pc since aug 2006 . I had never done a system restore before today .

I have done everything in your list and here are my findings, I am in no way a computer know it . I have no idea what I am doing, but I do have common sence, and a friend or two, or I would not be online today . I cut my pc on yesterday and it did not go to the start page it stated ....
windows could not start because of c:windows32\config\system, again I may not have all that was in there on here, I am trying to help you help me . I have done the scans, .. the most succsful was superantiviris and avg. the super found 385 and 373 infections were cookies, ok.. well 12 of them were diff, there were 7 unknown ans 5 in files. when I ran the avg it has several things in quarinteen. I have no idea what to delete and what to keep . here is a copy I hope everything was saved to come out in this copy of my cut and paste........



Logfile of HijackThis v1.99.1
Scan saved at 12:38:26 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\SSUPDATE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164766373937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ok, this just looks like your hijack list I had copyied and saved my avg, it states there is a ms-dos virus name is ca5dgblk.htm, and the path was documents and settings \guest\local settings and the virus found was JS/PSYME
the healable said yes, and the statuas was infected as of 7/7/07 sorce said moved object . ok the next thing it showed me was a script virus, and it was called epbm(1).htm path was documents and settings \compaq administarter \local settings virus was indenified as EXPLOIT HTML the date of infection was 1/20.07 healable says NO , sorcs was back up copy statas is infected...........


I could go back and redo some of the scans for the results , but I am telling you now this is what I got , please tell me what you need for me to do , I tried copying and i forgot to save it to a file for attachment .. sorry , please help me in ay way , I have paid too much for ths pc to just crash on me like this and I am ready to purchase any anti whatever to help. I have avg free now, and will buy somthing as soon as I find out what I should get . please help me I would love to know why my pc froze up and what problems it has, I understand I have went way too long before doing half of this, as i said, I am no expert, I did not know this was all nessisary , I guess I figure you pay 1000.00 for a machine, the [bleep] thing should last !!! LOL< ha guess not , and I am being extremly careful online now until I hear from you on what to do , I will try at most cost not to go to any sites and I will stay off line as much as possiable . please help me thanxs soooo much ~~!!!!!!!!!!~~~~~starla

Please do not include an e-mail address in any post as it could lead to more contact than you intended

Edited by Keith, 16 October 2007 - 04:30 PM.

  • 0

Advertisements

#2
Stamper19
Posted 16 October 2007 - 06:22 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi starla,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. :)

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • main.txt and extra.txt from DSS

  • 0

#3
starla
Posted 17 October 2007 - 10:51 AM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
thank you soooo much for any help, my pc will not run correctly now, and shuts me out all the time, it freezes up and closed me down esp when im opening new tab , or just in yahoo, which is my homepage, thank you so much for your help, if you can fix me I will pay you . please help .. here is what you have asked for ... hope i did it right ...

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2007-10-17 12:42:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-10-17 16:42:43 UTC - RP222 - Deckard's System Scanner Restore Point
43: 2007-10-16 21:57:50 UTC - RP221 - Software Distribution Service 3.0
42: 2007-10-15 23:05:21 UTC - RP220 - System Checkpoint
41: 2007-10-12 18:03:43 UTC - RP219 - Removed iLike
40: 2007-10-12 16:34:24 UTC - RP218 - Removed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2007-09-07 16:29:38 UTC - RP179 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:45:00 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\RUPPFNU5\dss[1].exe
C:\PROGRA~1\HIJACK~1\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164766373937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks....m/YbConvFav.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 XIRLINK (Veo PC Camera) - c:\windows\system32\drivers\ucdnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-17 12:01:46 518 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-10-13 03:00:00 518 --a------ C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job


-- Files created between 2007-09-17 and 2007-10-17 -----------------------------

2007-10-16 17:29:02 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SpywareBot
2007-10-16 17:28:55 0 d-------- C:\Program Files\SpywareBot
2007-10-16 17:21:38 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-10-16 17:21:37 0 d-------- C:\Program Files\SpywareBlaster
2007-10-12 13:52:06 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MacroVirus
2007-10-12 13:51:58 0 d-------- C:\Program Files\MacroVirus
2007-10-12 01:31:02 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-10-12 01:30:57 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-10-12 01:25:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-12 01:25:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-12 01:25:34 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2007-10-12 00:07:13 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Grisoft
2007-10-11 21:52:25 0 d-------- C:\Program Files\STOPzilla!
2007-10-11 21:52:25 0 d-------- C:\Program Files\Common Files\iS3
2007-10-11 21:52:24 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-06 15:58:12 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2007-10-04 14:59:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PurePlay
2007-09-29 20:50:02 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Printer Info Cache
2007-09-22 15:56:53 0 d-------- C:\Program Files\Support.com
2007-09-22 15:56:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-09-22 15:17:07 0 d-------- C:\Program Files\SupportSoft


-- Find3M Report ---------------------------------------------------------------

2007-10-17 11:10:39 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG7
2007-10-12 12:34:35 0 d-------- C:\Program Files\Common Files
2007-10-12 01:31:03 0 d-------- C:\Program Files\Rhapsody
2007-10-11 21:25:19 0 d-------- C:\Program Files\LimeWire
2007-10-01 15:10:12 0 d-------- C:\Program Files\DISC
2007-09-29 21:14:43 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2007-09-29 20:51:13 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Application Data\yahoo!
2007-09-13 20:00:43 0 d-------- C:\Program Files\Common Files\HP
2007-09-13 14:55:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 14:16:08 0 d-------- C:\Program Files\Alwil Software
2007-08-26 11:48:28 0 d-------- C:\Program Files\HP Games
2007-08-26 11:46:30 0 d-------- C:\Program Files\iTunes
2007-08-26 11:42:24 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-26 11:38:18 0 d-------- C:\Program Files\Coupons
2007-08-26 11:33:40 334 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8151A608-00FB-4D5C-8B8D-40E239E32A42}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 05:01 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 10:05 AM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 04:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/02/2005 07:19 PM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 11:50 AM]
"nwiz"="nwiz.exe" [05/09/2006 11:50 AM C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 06:14 PM]
"@"="" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 06:34 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/12/2007 11:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" [10/15/2007 02:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [8/30/2006 10:59:03 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe [1/16/2007 6:06:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 10/12/2007 11:00 AM 9216 C:\WINDOWS\system32\avgwlntf.dll




-- End of Deckard's System Scanner: finished at 2007-10-17 12:45:20 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 958.48 MiB / 485.25 MiB
Pagefile Memory (total/avail): 2313.54 MiB / 1804.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.31 MiB

C: is Fixed (NTFS) - 224.3 GiB total, 198.93 GiB free.
D: is Fixed (FAT32) - 8.56 GiB total, 0.61 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.3 GiB - C:
\PARTITION1 - Unknown - 8.57 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: AVG Firewall 7.5.475 v7.5.475 (GRISOFT)
AV: AVG 7.5.488 v7.5.488 (GRISOFT)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Rhapsody\\rhapsody.exe"="C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Administrator
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Compaq_Administrator
USERPROFILE=C:\Documents and Settings\Compaq_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Administrator (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
--> "C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Veo Stingray\Uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Media Support Package for U3 --> MsiExec.exe /X{C463D005-E5AB-46C9-88B2-7279F77C75B1}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Compaq Connections (remove only) --> C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover --> "C:\Program Files\DISC\uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Overview --> "C:\WINDOWS\unins000.exe"
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 60 days trial --> c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Need2Find Bar --> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PhotoImpression --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpotLife --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84FA5EEA-32CE-47AE-9DF0-83CBCC2DED2C}\Setup.exe" FreshInstall
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareBot 1.9.0 --> "C:\Program Files\SpywareBot\unins000.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9768 / Error
Event Submitted/Written: 10/15/2007 09:07:35 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-10-16 01:07:35,703 HOME [002604:003444] ERROR 000 AVG7.AvgAntiSpam.UpdateRules Failed to update antispam rules: Network error

Event Record #/Type9752 / Error
Event Submitted/Written: 10/14/2007 11:18:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash9c.ocx, version 9.0.45.0, fault address 0x00099baf.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type9704 / Warning
Event Submitted/Written: 10/12/2007 01:57:27 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type9680 / Warning
Event Submitted/Written: 10/12/2007 03:09:54 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{A6C8A50F-4808-43A4-A147-ACAA2598DE52}'

Event Record #/Type9679 / Warning
Event Submitted/Written: 10/12/2007 03:09:54 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'C:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26198 / Error
Event Submitted/Written: 10/17/2007 00:01:55 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\SpywareBot\Microsoft.VC80.MFC\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type26197 / Error
Event Submitted/Written: 10/17/2007 00:01:55 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type26196 / Error
Event Submitted/Written: 10/17/2007 00:01:55 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type26195 / Error
Event Submitted/Written: 10/17/2007 00:01:55 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\SpywareBot\Microsoft.VC80.MFC\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type26194 / Error
Event Submitted/Written: 10/17/2007 00:01:55 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2007-10-17 12:45:20 ------------
  • 0

#4
Stamper19
Posted 17 October 2007 - 11:44 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi starla,

Suprisingly, nothing is sticking out from the logs. Lets run an AntiSpyware scan and see where takes us.

----------------------------------------------------------------

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
----------------------------------------------------------------

Information to include in your next post:
  • SuperAntiSpyware Log
  • Fresh HiJack This Log

  • 0

#5
starla
Posted 17 October 2007 - 01:56 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
SUPERAntiSpyware Scan Log

( this is the 1st log i did b4 you cotacted me , I have since downloaded loads of anitspyware.... i am going to copy and paste the new log it will be under this one , thank you for your help, please help me fix my computer .........I dont know what to do . please help me , .....thank you sooo much for trying ....here they are ........................... o, and ps i have spybot downloaded but can bot get that info because i would have to pay 40.00 dollars for it, and I dont know if thats nessisary , please TELL ME WHAT IS THE VERY BEST PRGRAMS TO HAVE AND BUY WHEN WE HOPEFULLY DO GET THIS PROBLEM FIXED .... WHAT ARE THE BEST THINGS TO HAVE SO THIS MAY NOT HAPPEN AGAIN , >???????????? thank you so much for helping me, i am sooo frustrated, and upset, i just want this pc to act like new again , without loosing all my info . please help get rid of my problem ....thank you ,. like i have stated i started it up one day and it said windows could not start because of :cwindows32\config\system, i had a friend walk me threw getting it back on , but it is not working right at alll, please dont give up on me, i need your help !!! thanxs ~~~~~~~~~~~starla ( notice the dates and added spyware/antivirus ..) if there is anything I should buy for the best protection, please let me know ...........thanxs
http://www.superantispyware.com

Generated 10/17/2007 at 03:38 PM..............................................................................
..

Application Version : 3.9.1008

Core Rules Database Version : 3323
Trace Rules Database Version: 1324

Scan type : Complete Scan
Total Scan Time : 00:45:56

Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 5580
Registry threats detected : 19
File items scanned : 50004
File threats detected : 47

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adserver[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@84815040[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@clickbank[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1060524049[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

Unclassified.SpywareBot (Not A Threat)
HKU\S-1-5-21-4267220939-1713697390-4277843075-1007\Software\SpywareBot
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Setup Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: App Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Icon Group
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: User
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Selected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Inno Setup: Deselected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#QuietUninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBot_is1#InstallDate
C:\Program Files\SpywareBot\DataBase.ref
C:\Program Files\SpywareBot\Launcher.exe
C:\Program Files\SpywareBot\license.rtf
C:\Program Files\SpywareBot\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\SpywareBot\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\SpywareBot\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\SpywareBot\Microsoft.VC80.CRT
C:\Program Files\SpywareBot\Microsoft.VC80.MFC\mfc80.dll
C:\Program Files\SpywareBot\Microsoft.VC80.MFC\Microsoft.VC80.MFC.manifest
C:\Program Files\SpywareBot\Microsoft.VC80.MFC
C:\Program Files\SpywareBot\SpyCleaner.dll
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\SpywareBot\SpywareBot.url
C:\Program Files\SpywareBot\TCL.dll
C:\Program Files\SpywareBot\unins000.dat
C:\Program Files\SpywareBot\unins000.exe
C:\Program Files\SpywareBot\zlib.dll
C:\Program Files\SpywareBot
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\Uninstall SpywareBot.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot
C:\Documents and Settings\Compaq_Administrator\Desktop\SpywareBot.lnk
C:\WINDOWS\Prefetch\LAUNCHER.EXE-24FFBDA4.pf
C:\WINDOWS\Prefetch\SPYWAREBOT.EXE-086C4670.pf










( this is the lof i just did for you ./..........................)
SUPERAntiSpyware Scan Log
Generated 10/12/2007 at 02:01 AM..............................................................................
...................

Application Version : 3.6.1000

Core Rules Database Version : 3323
Trace Rules Database Version: 1324

Scan type : Complete Scan
Total Scan Time : 00:33:32

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 5452
Registry threats detected : 11
File items scanned : 48407
File threats detected : 374

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@nextag[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][7].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@linkstattrack[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tripod[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adinterax[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adbrite[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fortunecity[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@roiservice[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@coolsavings[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][5].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bumperbanner[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@partner2profit[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adlegend[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@keywordmax[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@sextracker[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atwola[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@vortexmediagroup[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@clickbank[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediamax[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@azjmp[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@specificclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tradedoubler[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@toplist[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media303[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tase[3].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adserver[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@teenhelp[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@teenhealthfx[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][6].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@xiti[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@sexiluv[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tase[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@dealtime[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@drivecleaner[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@imrworldwide[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@teenlifelines[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@indextools[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][4].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@spamblockerutility[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@247realmedia[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1071536975[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hitbox[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bizrate[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@pro-market[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@toseeka[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@interclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@lynxtrack[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@sexigraphics[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@maxserving[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stopzilla[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@linksynergy[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[3].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adecn[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1072588149[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1062466557[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@smileycentral[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@80503492[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@optimost[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1060766157[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@roiservice[1].txt
C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tripod[1].txt
  • 0

#6
starla
Posted 17 October 2007 - 02:00 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
here is another hijack this log...................is there somthing I should be doing with my hijack this >?? I havent done anything more than what was told to do , I m waiting for you to tell me what to delete >?? what do I do .?? here is the newest log................................................

Logfile of HijackThis v1.99.1
Scan saved at 3:58:14 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164766373937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks....m/YbConvFav.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#7
Stamper19
Posted 17 October 2007 - 02:15 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi starla,

I am happy to help.

For now we are just going to keep the steps simple until we figure out what the actual problem is. You only need to do what I ask for. Dont worry about doing anything beyond that :)

Now, SuperAntiSpyware did find a few things but not a ton. Lets do a couple of more things.

----------------------------------------------------------------

Please clean out your temp files.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

----------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

----------------------------------------------------------------

Information to include in your next post:
  • ComboFix Log

  • 0

#8
starla
Posted 17 October 2007 - 04:28 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ComboFix 07-10-17.8@ - Compaq_Administrator 2007-10-17 18:06:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.468 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YCE1QCJT\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\avgwlntf.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-17 18:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 14:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-17 12:42 <DIR> d-------- C:\Deckard
2007-10-16 18:05 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-16 17:29 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SpywareBot
2007-10-16 17:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-16 17:21 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-10-12 13:52 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MacroVirus
2007-10-12 13:51 <DIR> d-------- C:\Program Files\MacroVirus
2007-10-12 11:00 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-10-12 01:31 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-10-12 01:30 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-10-12 01:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-12 01:25 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2007-10-12 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-12 00:07 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Grisoft
2007-10-11 21:52 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-11 21:52 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-11 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-04 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PurePlay
2007-09-29 20:50 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Printer Info Cache
2007-09-22 15:56 <DIR> d-------- C:\Program Files\Support.com
2007-09-22 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-09-22 15:17 <DIR> d-------- C:\Program Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 15:10 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\AVG7
2007-10-13 04:33 --------- d-----w C:\Documents and Settings\Guest\Application Data\AVG7
2007-10-12 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-12 05:31 --------- d-----w C:\Program Files\Rhapsody
2007-10-12 01:55 3,072 ----a-w C:\WINDOWS\system32\drivers\3EB7D2D0-6839-4FC9-91BD-4DEFC6085DC7.cxv
2007-10-12 01:25 --------- d-----w C:\Program Files\LimeWire
2007-10-01 19:10 --------- d-----w C:\Program Files\DISC
2007-09-30 01:14 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2007-09-30 00:51 --------- d--h--r C:\Documents and Settings\Compaq_Administrator\Application Data\yahoo!
2007-09-15 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-14 00:00 --------- d-----w C:\Program Files\Common Files\HP
2007-09-13 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-06 22:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\AdobeUM
2007-09-06 22:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\AdobeAUM
2007-09-05 18:16 --------- d-----w C:\Program Files\Alwil Software
2007-08-26 15:48 --------- d-----w C:\Program Files\HP Games
2007-08-26 15:46 --------- d-----w C:\Program Files\iTunes
2007-08-26 15:42 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-26 15:38 --------- d-----w C:\Program Files\Coupons
2007-08-26 15:33 334 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2006-12-01 20:26:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8151A608-00FB-4D5C-8B8D-40E239E32A42}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 17:01]
"ftutil2"="ftutil2.dll" [2004-06-07 10:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16:05 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 11:50]
"nwiz"="nwiz.exe" [2006-05-09 11:50 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-12 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-30 10:12:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-30 10:59:03]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe [2007-01-16 18:06:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-13 07:00:00 C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job"
"2007-10-17 16:01:46 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 18:11:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 18:14:45 - machine was rebooted
.
--- E O F ---






newest hijack log ....................................



Logfile of HijackThis v1.99.1
Scan saved at 6:26:40 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164766373937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks....m/YbConvFav.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ok, here are the next 2 , are we finding closer >???? my pc will not even copy a music cd, it wont even open it gets stuck...... im at a loss. I need help .
  • 0

#9
Stamper19
Posted 17 October 2007 - 04:35 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi starla,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#10
starla
Posted 17 October 2007 - 05:22 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:26:40 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164766373937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks....m/YbConvFav.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#11
Stamper19
Posted 17 October 2007 - 05:26 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
starla,

I asked you for the log from the Kapersky scan - not a HiJack This log. Did you run the Kapersky scan as instructed?
  • 0

#12
starla
Posted 17 October 2007 - 07:51 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 17, 2007 9:49:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/10/2007
Kaspersky Anti-Virus database records: 437489


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 106911
Number of viruses found 3
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 01:18:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\AOL OCP\AIM\Storage\data\starsunmoon30\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdMgr.exe.f0c5ac89.ini.inuse Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012007101720071018\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF447D.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF44CD.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFFF38.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Administrator\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

C:\Documents and Settings\Compaq_Administrator\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP224\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9D909EE6-78E1-4133-9614-E4AF0F558F78}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped

D:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped

D:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped

D:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe WiseSFX Dropper: infected - 2 skipped

D:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped

D:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped

D:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped

D:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe WiseSFX Dropper: infected - 2 skipped

D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP224\change.log Object is locked skipped

Scan process completed.


ok, where it says the windows 32 config system, that is scary , thats what made me not be able to turn on that one day .. can you help me .??? thank you so much for your help, I think we are getting somwhere, now what do I do <>>??????? ~~~~~~~~~ starla
  • 0

#13
Stamper19
Posted 17 October 2007 - 08:28 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi starla,

That picked up a couple of things, but not tons. Lets get rid of them and do a bit more digging.

First, I see that you are running, or have previously installed, LimeWire. Although this application is not malware itself, the files downloaded with it are often a major source of infection. Hence, I strongly advise that it be removed. If you choose to do so, go to the Add/Remove Programs option in the Control Panel, and Uninstall LimeWire.

----------------------------------------------------------------

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Need2Find Bar
SpywareBot 1.9.0
Viewpoint Media Player
WildTangent Web Driver

Please note any other programs that you dont recognize in that list in your next response

----------------------------------------------------------------

Lets delete some ill mannered files.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Compaq_Administrator\Shared\02 Track 2.wma
    C:\Documents and Settings\Compaq_Administrator\Shared\03 Track 3.wma

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum. Reboot into Normal Mode.

----------------------------------------------------------------

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
----------------------------------------------------------------

Information to include in your next post:
  • OTMoveIt Log
  • ActiveScan Log

  • 0

#14
starla
Posted 17 October 2007 - 09:36 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ok 1st thing 1st, I went threw my add delete programs , and ofcorse there are serveral things i do not know if I need or not , I will list you a few, ... I deleted the 2 out of 4 things you told me two , ( I have already deleted limewire, and you are right, I am sure that is where alot of my problems came from . ) ok, now on the need to find bar, it shows in the add / delete field , but when i hit change or remove it makes a noise and states that the specific module can not be found, and i have went to toolbars in my veiw on top of screen and there is no need 2 find bar there ethier, so I do not know where it is hiding , ..... ok, the other one , spyware bot is not on my desktop, my add/remove, I know i downloaded it for a scan and i was going to purchase it if you said it was a good thing to do , well....now I can not find it, the only one I have now is the superantispyware that is still there.. I do not know where the spybot went >?? hhmm?? ok.... now i have some things in y add/remove I would like you to look at I could not copy them so I wrote a few down, I know some of these are a must, but like I said ... I dont know much at all about pc and I wanna make sure I delete all that is not needed . so here is a list of a few im wondering about .

high definition audio driver package k8888111 microsoft corp. tech support .

live update 3.0 (symantec corpration ) 7.23 mb last used 11/29/06

I have like 4 of these with a few differneces in #'s MSXML 4.0 SP2
STATES ITS MICROSOFT


NVIDIA DRIVERS

OTTO

PHOTO IMPRESSION LAST USED 11/28/06

PYTHON 2.2 PYWIN32 EXTENTIONS ( BUILD 203 ) 29.28 MB 11/28/06
PYTHON 2.2.3 11/28/06


QUICKTIME

REALPLAYER 38.99 MB 11/29/06

REAL TEK HIGH DEFININTION AUDIO DRIVER ( WASENT THERE ONE OF THESE ALREADY >?? _ ))))

AND NOW THESE LAST 2 ARE SOPOSED TO BE MICROSOFT HELP GUIDES,
WINDOWS MEDIA FORMAT 11 RUNTIME 5.13MB
WINDOWS MEDIA PLAYER 11 10.29MB ( I HAVE HAD SOMNE PROBLEMS WITH MY MEDIA CENTER LATLEY , DONT KNOW IF THIS IS THE SAME THING OR NOT . )

OK, NOW i AM OFF 2 DOWNLOAD AND DO THE NEXT 2 STEPS FOR YOU , THANK YOU SOOO MUCH FOR BEING SO PATIENT WITH ME , SORRY i CANT BE OF MORE HELP,. BUT I PROMISE TO DO EVERYTHING YOU TELL ME , THANXS SOO MUCH !!! BE RIGHT BACK WITH THE NEXT TEST ............................STARLA



STATES ITS MICROSOFT
  • 0

#15
starla
Posted 17 October 2007 - 09:45 PM

starla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
File/Folder C:\Documents and Settings\Compaq_Administrator\Shared\02 Track 2.wma not found.
File/Folder C:\Documents and Settings\Compaq_Administrator\Shared\03 Track 3.wma not found.

Created on 10/17/2007 23:42:26


THIS IS THE MOVE IT ........IM ABOUT TO REBOOT AND DO THE NEXT ITEM ON YOUR LIST , AGAIN I SAY THANK YOU SOO MUCH PLEASE HELP ME GET THIS BACK UP AND RUNNING NORMALLY , i HAVE 1024 MB MEMORY ON THIS THING AND 250 HARD DRIVE, WHY IS IT DOING THIS TO ME ...AARGGHHH ANYWAY THANK YOU AGAIN SO MUCH, PLEASE HELP ME GET HER ' BACK TO GOOD' ......STARLA
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP