Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: hijackthis log

Unread postby spud » May 13th, 2008, 10:40 am

File/Folder C:\WINDOWS\system32\ljJApNHa not found.
C:\WINDOWS\system32\aHNpAJjl.ini2 moved successfully.
C:\VundoFix Backups moved successfully.
File/Folder C:\WINDOWS\system32\bkEur05 not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05132008_153936
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am
Advertisement
Register to Remove

Re: hijackthis log

Unread postby spud » May 13th, 2008, 10:49 am

all done accept the post for bleepingcomputer.com as i could not find the file to upload
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby spud » May 13th, 2008, 11:11 am

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-05-13 16:06:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:33, on 13/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner.HOME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11490 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 13:08:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Magic Academy
2008-05-12 16:19:30 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\WinPatrol
2008-05-12 16:19:22 0 d-------- C:\Program Files\BillP Studios
2008-05-12 15:08:16 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Malwarebytes
2008-05-12 08:43:10 0 dr-h----- C:\Documents and Settings\HP_Owner.HOME\Recent
2008-05-12 07:21:12 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Motive
2008-05-12 00:11:26 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 22:42:06 0 d-------- C:\WINDOWS\system32\scripting
2008-05-11 22:42:05 0 d-------- C:\WINDOWS\l2schemas
2008-05-11 22:42:03 0 d-------- C:\WINDOWS\system32\bits
2008-05-11 22:37:54 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-11 22:30:51 0 d-------- C:\WINDOWS\EHome
2008-05-11 09:53:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 09:52:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 09:39:23 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 03:33:58 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Uniblue
2008-05-09 21:01:54 6228000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 20:32:04 0 d-------- C:\Program Files\ZoneAlarmSB
2008-05-09 20:29:56 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-09 20:29:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-09 20:29:41 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-05-09 20:29:22 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-09 19:33:35 0 d-------- C:\Program Files\LimeWire
2008-05-08 14:47:54 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Help
2008-05-08 13:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-08 07:17:45 0 d-------- C:\Program Files\Trend Micro
2008-05-07 17:43:20 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Spyware Terminator
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\My Documents
2008-05-07 16:50:41 0 d--h----- C:\Documents and Settings\Administrator.HOME\Local Settings
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Favorites
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Desktop
2008-05-07 16:50:41 0 d--hs---- C:\Documents and Settings\Administrator.HOME\Cookies
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Symantec
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Sun
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\SampleView
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Real
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Intervideo
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Identities
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Apple Computer
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\WINDOWS
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Templates
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Start Menu
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\SendTo
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Recent
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\PrintHood
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\NetHood
2008-05-07 16:50:39 2097152 --ah----- C:\Documents and Settings\Administrator.HOME\NTUSER.DAT
2008-05-07 16:47:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-07 16:42:42 0 d-------- C:\Program Files\Yahoo!
2008-05-07 16:42:29 0 d-------- C:\Program Files\CCleaner
2008-05-07 15:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-07 15:53:41 0 d-------- C:\Program Files\Security Task Manager
2008-05-07 08:03:03 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\BitTorrent
2008-05-07 08:02:12 0 d-------- C:\Program Files\BitTorrent
2008-05-06 13:56:59 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Gaijin Ent
2008-05-05 15:37:42 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\AdobeUM
2008-05-05 15:05:30 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-05 06:52:54 0 d--h----- C:\$AVG8.VAULT$
2008-05-05 06:51:18 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-05 05:13:17 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-05-05 05:06:55 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\LimeWire
2008-05-05 04:57:49 0 d-------- C:\Program Files\iPod
2008-05-05 04:57:46 0 d-------- C:\Program Files\iTunes
2008-05-05 04:57:09 0 d-------- C:\Program Files\Bonjour
2008-05-05 04:56:37 0 d-------- C:\Program Files\QuickTime
2008-05-05 04:56:05 0 d-------- C:\Program Files\Common Files\Apple
2008-05-05 04:56:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-05 04:02:53 0 d-------- C:\Program Files\Toshiba
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 01:07:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DivX
2008-05-05 01:06:57 0 d-------- C:\Program Files\DivX
2008-05-04 23:54:27 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-04 23:04:45 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-04 22:51:34 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:34 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:32 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-05-04 22:45:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-04 16:33:59 0 d-------- C:\Catalog
2008-05-04 11:29:17 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\PC Tools
2008-05-04 11:19:15 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Contacts
2008-05-04 11:16:53 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-04 11:14:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-04 11:14:01 0 d-------- C:\Program Files\Windows Live
2008-05-04 11:13:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-04 10:50:54 0 d-------- C:\WINDOWS\network diagnostic
2008-05-04 10:40:07 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\McAfee
2008-05-04 10:32:32 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Adobe
2008-05-04 10:13:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-04 10:07:14 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DNA
2008-05-04 09:25:50 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Simply Super Software
2008-05-04 06:51:03 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\UserData
2008-05-04 06:15:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\WinRAR
2008-05-04 06:07:39 0 d-------- C:\Program Files\SharedFolder
2008-05-04 05:52:01 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-05-04 05:43:10 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Macromedia
2008-05-04 05:40:51 0 dr-hs---- C:\cmdcons
2008-05-04 05:40:18 0 d-------- C:\WINDOWS\setupupd
2008-05-04 05:39:48 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\FaxCtr
2008-05-04 05:35:13 25472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:12 12178688 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:07 73728 --a------ C:\WINDOWS\system32\vsnp2std.dll <Not Verified; Sonix; >
2008-05-04 05:35:07 151552 --a------ C:\WINDOWS\system32\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-05-04 05:35:07 77824 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-05-04 05:34:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\InstallShield
2008-05-04 05:28:26 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Talkback
2008-05-04 05:28:11 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Mozilla
2008-05-04 05:16:05 0 d-------- C:\spoolerlogs
2008-05-04 05:04:56 40960 --a------ C:\WINDOWS\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 32768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-05-04 05:04:56 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:04:56 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Templates
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Start Menu
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\SendTo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\PrintHood
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\NetHood
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Local Settings
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-05-04 05:02:10 0 d---s---- C:\Documents and Settings\HP_Owner\Cookies
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Intervideo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-04 05:02:09 2097152 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-05-04 04:59:33 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2008-05-04 04:50:23 0 d-------- C:\WINDOWS\system32\Lang
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Intervideo
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Identities
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Apple Computer
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\WINDOWS
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Templates
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Start Menu
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\SendTo
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\PrintHood
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\NetHood
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\My Documents
2008-05-04 04:48:45 0 d--h----- C:\Documents and Settings\HP_Owner.HOME\Local Settings
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\Favorites
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Desktop
2008-05-04 04:48:45 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\Cookies
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Sun
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\SampleView
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Real
2008-05-04 04:48:44 4718592 --a------ C:\Documents and Settings\HP_Owner.HOME\NTUSER.DAT
2008-05-04 04:47:16 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-04 04:44:32 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-04 03:19:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-05-04 03:19:48 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-05-04 03:13:03 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Talkback
2008-05-04 03:12:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-05-04 03:12:21 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
2008-05-04 03:03:55 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-05-03 08:59:49 0 d-------- C:\Program Files\McAfee
2008-05-03 08:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-03 08:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-03 08:59:10 0 d-------- C:\Program Files\McAfee.com
2008-05-02 23:36:25 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-02 23:35:36 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-02 20:15:58 0 d-------- C:\Program Files\YourWare Solutions
2008-05-02 09:45:38 0 d-------- C:\Program Files\AC3Filter
2008-05-02 08:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-01 07:47:02 0 d-------- C:\USERDATA
2008-04-30 18:08:14 0 d-------- C:\Program Files\Trojan Remover
2008-04-29 15:51:37 0 d-------- C:\Program Files\AVG
2008-04-28 09:08:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 09:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-26 08:54:26 0 d--h----- C:\WINDOWS\PIF
2008-04-26 07:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-26 01:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-04-24 07:08:48 0 d-------- C:\Program Files\Microsoft Bootvis
2008-04-20 08:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-17 17:48:17 0 d-------- C:\Program Files\SpywareBlaster
2008-04-17 16:25:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-17 12:09:55 0 d-------- C:\Softpaq
2008-04-16 15:31:11 0 d-------- C:\WINDOWS\Internet Logs
2008-04-15 17:00:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2008-04-13 16:13:14 2582 --a------ C:\WINDOWS\mozver.dat
2008-04-13 14:30:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-13 12:43:39 0 d-------- C:\Program Files\Alwil Software
2008-04-13 11:02:56 0 d-------- C:\WINDOWS\pss
2008-04-13 10:26:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 06:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom


-- Find3M Report ---------------------------------------------------------------

2008-05-13 16:01:43 0 d-------- C:\Program Files\lx_cats
2008-05-11 22:42:33 0 d-------- C:\Program Files\Messenger
2008-05-11 22:42:03 0 d-------- C:\Program Files\Movie Maker
2008-05-11 22:37:35 0 d-------- C:\Program Files\Windows NT
2008-05-11 07:24:05 0 d-------- C:\Program Files\LucasArts
2008-05-11 07:15:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 03:46:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 02:46:42 0 d-------- C:\Program Files\Common Files
2008-05-09 22:08:39 0 d-------- C:\Program Files\Windows Defender
2008-05-05 05:06:37 0 d-------- C:\Program Files\Java
2008-05-04 23:04:35 0 d-------- C:\Program Files\PCRescue4.0
2008-05-04 22:45:25 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 11:29:28 0 d-------- C:\Program Files\Spyware Doctor
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark 2400 Series
2008-05-04 05:35:14 0 d-------- C:\Program Files\Common Files\snp2std
2008-05-04 04:52:16 0 d-------- C:\Program Files\Easy Internet signup
2008-05-03 11:19:28 56 --a------ C:\Program Files\sample.vcf
2008-05-02 08:44:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-25 09:54:45 0 d-------- C:\Program Files\DNA
2008-04-12 16:21:21 0 d-------- C:\Program Files\NavigationProgram
2008-04-12 14:23:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-12 09:00:48 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-07 07:07:49 0 d-------- C:\Program Files\UltimateZip 2007
2008-04-06 11:13:24 0 d-------- C:\Program Files\Ashampoo
2008-04-06 09:44:58 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-05 21:10:15 0 d-------- C:\Program Files\Google
2008-04-05 20:48:29 0 d-------- C:\Program Files\PCPitstop
2008-04-05 20:34:36 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 20:15:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 11:16:45 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-05 10:50:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 10:43:25 0 d-------- C:\Program Files\MSXML 4.0
2008-04-05 10:41:08 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 10:25:22 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-05 10:20:53 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-05 09:30:00 0 d-------- C:\Program Files\Sky Broadband
2008-04-05 09:18:32 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
09/05/2008 20:32 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [09/05/2008 20:32 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [08/05/1998 07:04]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [18/03/2004 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/08/2007 01:59]
"nwiz"="nwiz.exe" [28/08/2007 01:59 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [08/06/2004 09:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [08/06/2004 09:42]
"KBD"="C:\HP\KBD\KBD.EXE" [12/02/2003 10:02]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [05/11/2004 08:26]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [05/11/2004 09:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/06/2004 14:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [15/04/2004 11:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [26/10/2004 12:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [15/10/2004 12:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14/12/2004 02:23]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 18:45]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 06:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 09:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [01/12/2005 19:38]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [12/02/2007 14:50]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [10/05/2007 17:05]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [10/05/2007 16:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 22:45]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 06:51]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [08/07/2005 17:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [01/07/2005 19:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [02/05/2008 21:09]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/05/2008 08:02]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [03/10/2005 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [6/16/2005 11:11:42 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 3:28:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f7229e8-900f-11d9-855f-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-13 16:09:17 ------------
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 13th, 2008, 6:58 pm

:uninstall some programs:

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs


Java and adobe reader

and click on remove

Reboot the computer

: Update Java :

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

: Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://www.adobe.com/uk/products/reader/

post a fresh HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 13th, 2008, 11:07 pm

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-05-14 04:01:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:12, on 14/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\HP_Owner.HOME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11603 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 03:58:53 0 d-------- C:\WINDOWS\LastGood
2008-05-14 03:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 03:06:15 0 dr-h----- C:\Documents and Settings\HP_Owner.HOME\Recent
2008-05-13 17:00:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\funkitron
2008-05-13 13:08:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Magic Academy
2008-05-12 16:19:30 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\WinPatrol
2008-05-12 16:19:22 0 d-------- C:\Program Files\BillP Studios
2008-05-12 15:08:16 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Malwarebytes
2008-05-12 07:21:12 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Motive
2008-05-12 00:11:26 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 22:42:06 0 d-------- C:\WINDOWS\system32\scripting
2008-05-11 22:42:05 0 d-------- C:\WINDOWS\l2schemas
2008-05-11 22:42:03 0 d-------- C:\WINDOWS\system32\bits
2008-05-11 22:37:54 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-11 22:30:51 0 d-------- C:\WINDOWS\EHome
2008-05-11 09:53:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 09:52:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 09:39:23 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 03:33:58 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Uniblue
2008-05-09 21:01:54 6623264 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 20:32:04 0 d-------- C:\Program Files\ZoneAlarmSB
2008-05-09 20:29:56 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-09 20:29:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-09 20:29:41 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-05-09 20:29:22 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-09 19:33:35 0 d-------- C:\Program Files\LimeWire
2008-05-08 14:47:54 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Help
2008-05-08 13:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-08 07:17:45 0 d-------- C:\Program Files\Trend Micro
2008-05-07 17:43:20 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Spyware Terminator
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\My Documents
2008-05-07 16:50:41 0 d--h----- C:\Documents and Settings\Administrator.HOME\Local Settings
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Favorites
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Desktop
2008-05-07 16:50:41 0 d--hs---- C:\Documents and Settings\Administrator.HOME\Cookies
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Symantec
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Sun
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\SampleView
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Real
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Intervideo
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Identities
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Apple Computer
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\WINDOWS
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Templates
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Start Menu
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\SendTo
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Recent
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\PrintHood
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\NetHood
2008-05-07 16:50:39 2097152 --ah----- C:\Documents and Settings\Administrator.HOME\NTUSER.DAT
2008-05-07 16:47:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-07 16:42:42 0 d-------- C:\Program Files\Yahoo!
2008-05-07 16:42:29 0 d-------- C:\Program Files\CCleaner
2008-05-07 15:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-07 15:53:41 0 d-------- C:\Program Files\Security Task Manager
2008-05-07 08:03:03 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\BitTorrent
2008-05-07 08:02:12 0 d-------- C:\Program Files\BitTorrent
2008-05-06 13:56:59 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Gaijin Ent
2008-05-05 15:37:42 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\AdobeUM
2008-05-05 15:05:30 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-05 06:52:54 0 d--h----- C:\$AVG8.VAULT$
2008-05-05 06:51:18 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-05 05:13:17 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-05-05 05:06:55 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\LimeWire
2008-05-05 04:57:49 0 d-------- C:\Program Files\iPod
2008-05-05 04:57:46 0 d-------- C:\Program Files\iTunes
2008-05-05 04:57:09 0 d-------- C:\Program Files\Bonjour
2008-05-05 04:56:37 0 d-------- C:\Program Files\QuickTime
2008-05-05 04:56:05 0 d-------- C:\Program Files\Common Files\Apple
2008-05-05 04:56:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-05 04:02:53 0 d-------- C:\Program Files\Toshiba
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 01:07:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DivX
2008-05-05 01:06:57 0 d-------- C:\Program Files\DivX
2008-05-04 23:54:27 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-04 23:04:45 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-04 22:51:34 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:34 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:32 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-05-04 22:45:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-04 16:33:59 0 d-------- C:\Catalog
2008-05-04 11:29:17 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\PC Tools
2008-05-04 11:19:15 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Contacts
2008-05-04 11:16:53 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-04 11:14:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-04 11:14:01 0 d-------- C:\Program Files\Windows Live
2008-05-04 11:13:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-04 10:50:54 0 d-------- C:\WINDOWS\network diagnostic
2008-05-04 10:40:07 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\McAfee
2008-05-04 10:32:32 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Adobe
2008-05-04 10:13:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-04 10:07:14 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DNA
2008-05-04 09:25:50 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Simply Super Software
2008-05-04 06:51:03 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\UserData
2008-05-04 06:15:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\WinRAR
2008-05-04 06:07:39 0 d-------- C:\Program Files\SharedFolder
2008-05-04 05:52:01 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-05-04 05:43:10 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Macromedia
2008-05-04 05:40:51 0 dr-hs---- C:\cmdcons
2008-05-04 05:40:18 0 d-------- C:\WINDOWS\setupupd
2008-05-04 05:39:48 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\FaxCtr
2008-05-04 05:35:13 25472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:12 12178688 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:07 73728 --a------ C:\WINDOWS\system32\vsnp2std.dll <Not Verified; Sonix; >
2008-05-04 05:35:07 151552 --a------ C:\WINDOWS\system32\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-05-04 05:35:07 77824 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-05-04 05:34:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\InstallShield
2008-05-04 05:28:26 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Talkback
2008-05-04 05:28:11 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Mozilla
2008-05-04 05:16:05 0 d-------- C:\spoolerlogs
2008-05-04 05:04:56 40960 --a------ C:\WINDOWS\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 32768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-05-04 05:04:56 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:04:56 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Templates
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Start Menu
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\SendTo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\PrintHood
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\NetHood
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Local Settings
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-05-04 05:02:10 0 d---s---- C:\Documents and Settings\HP_Owner\Cookies
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Intervideo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-04 05:02:09 2097152 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-05-04 04:59:33 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2008-05-04 04:50:23 0 d-------- C:\WINDOWS\system32\Lang
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Intervideo
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Identities
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Apple Computer
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\WINDOWS
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Templates
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Start Menu
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\SendTo
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\PrintHood
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\NetHood
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\My Documents
2008-05-04 04:48:45 0 d--h----- C:\Documents and Settings\HP_Owner.HOME\Local Settings
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\Favorites
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Desktop
2008-05-04 04:48:45 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\Cookies
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Sun
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\SampleView
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Real
2008-05-04 04:48:44 4718592 --a------ C:\Documents and Settings\HP_Owner.HOME\NTUSER.DAT
2008-05-04 04:47:16 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-04 04:44:32 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-04 03:19:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-05-04 03:19:48 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-05-04 03:13:03 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Talkback
2008-05-04 03:12:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-05-04 03:12:21 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
2008-05-04 03:03:55 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-05-03 08:59:49 0 d-------- C:\Program Files\McAfee
2008-05-03 08:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-03 08:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-03 08:59:10 0 d-------- C:\Program Files\McAfee.com
2008-05-02 23:36:25 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-02 23:35:36 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-02 20:15:58 0 d-------- C:\Program Files\YourWare Solutions
2008-05-02 09:45:38 0 d-------- C:\Program Files\AC3Filter
2008-05-02 08:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-01 07:47:02 0 d-------- C:\USERDATA
2008-04-30 18:08:14 0 d-------- C:\Program Files\Trojan Remover
2008-04-29 15:51:37 0 d-------- C:\Program Files\AVG
2008-04-28 09:08:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 09:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-26 08:54:26 0 d--h----- C:\WINDOWS\PIF
2008-04-26 07:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-26 01:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-04-24 07:08:48 0 d-------- C:\Program Files\Microsoft Bootvis
2008-04-20 08:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-17 17:48:17 0 d-------- C:\Program Files\SpywareBlaster
2008-04-17 16:25:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-17 12:09:55 0 d-------- C:\Softpaq
2008-04-16 15:31:11 0 d-------- C:\WINDOWS\Internet Logs
2008-04-15 17:00:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games


-- Find3M Report ---------------------------------------------------------------

2008-05-14 03:59:48 0 d-------- C:\Program Files\lx_cats
2008-05-14 03:56:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 03:52:54 0 d-------- C:\Program Files\Java
2008-05-11 22:42:33 0 d-------- C:\Program Files\Messenger
2008-05-11 22:42:03 0 d-------- C:\Program Files\Movie Maker
2008-05-11 22:37:35 0 d-------- C:\Program Files\Windows NT
2008-05-11 07:24:05 0 d-------- C:\Program Files\LucasArts
2008-05-11 07:15:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 03:46:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 02:46:42 0 d-------- C:\Program Files\Common Files
2008-05-09 22:08:39 0 d-------- C:\Program Files\Windows Defender
2008-05-04 23:04:35 0 d-------- C:\Program Files\PCRescue4.0
2008-05-04 22:45:25 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 11:29:28 0 d-------- C:\Program Files\Spyware Doctor
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark 2400 Series
2008-05-04 05:35:14 0 d-------- C:\Program Files\Common Files\snp2std
2008-05-04 04:52:16 0 d-------- C:\Program Files\Easy Internet signup
2008-05-03 11:19:28 56 --a------ C:\Program Files\sample.vcf
2008-05-02 08:44:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-25 14:36:09 2582 --a------ C:\WINDOWS\mozver.dat
2008-04-25 09:54:45 0 d-------- C:\Program Files\DNA
2008-04-13 16:27:23 0 d-------- C:\Program Files\Alwil Software
2008-04-12 16:21:21 0 d-------- C:\Program Files\NavigationProgram
2008-04-12 09:00:48 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-07 07:07:49 0 d-------- C:\Program Files\UltimateZip 2007
2008-04-06 11:13:24 0 d-------- C:\Program Files\Ashampoo
2008-04-06 09:44:58 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-05 21:10:15 0 d-------- C:\Program Files\Google
2008-04-05 20:48:29 0 d-------- C:\Program Files\PCPitstop
2008-04-05 20:34:36 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 20:15:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 11:16:45 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-05 10:50:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 10:43:25 0 d-------- C:\Program Files\MSXML 4.0
2008-04-05 10:41:08 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 10:25:22 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-05 10:20:53 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-05 09:30:00 0 d-------- C:\Program Files\Sky Broadband
2008-04-05 09:18:32 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
09/05/2008 20:32 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [09/05/2008 20:32 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [08/05/1998 07:04]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [18/03/2004 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/08/2007 01:59]
"nwiz"="nwiz.exe" [28/08/2007 01:59 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [08/06/2004 09:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [08/06/2004 09:42]
"KBD"="C:\HP\KBD\KBD.EXE" [12/02/2003 10:02]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [05/11/2004 08:26]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [05/11/2004 09:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/06/2004 14:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [15/04/2004 11:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [26/10/2004 12:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [15/10/2004 12:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14/12/2004 02:23]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 18:45]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 06:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 09:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [01/12/2005 19:38]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [12/02/2007 14:50]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [10/05/2007 17:05]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [10/05/2007 16:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 22:45]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 06:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [01/07/2005 19:22]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [08/07/2005 17:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [02/05/2008 21:09]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/05/2008 08:02]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [03/10/2005 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [6/16/2005 11:11:42 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 3:28:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f7229e8-900f-11d9-855f-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-14 04:04:55 ------------
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 14th, 2008, 3:42 am

How are things with the pc at this moment in time?

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Please note! The HijackThis O6 section corresponds to an Administrative lock down for changing the options or the homepage in Internet explorer by changing certain settings in the registry.
This entry would legitimately show if an administrator set the restriction on purpose or if the user utilized Spybot S&D's Home Page and Option Lock down features in the Mode ->Advanced Mode -> Tools -> IE Tweaks section. (Or there could be other similar tools with similar options/functions.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit



Just post a new HJT log you don't have to run a dss log each time unless I ask for it. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 14th, 2008, 3:50 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49:50, on 14/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11256 bytes
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby spud » May 14th, 2008, 3:53 am

my cpu is a lot faster now thanks & also will i need to change any of my passwords for sites i log on to like ebay
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 14th, 2008, 4:24 am

will i need to change any of my passwords for sites i log on to like ebay

I don't think you would need to but for peace of mind, I would, to be on the safe side

Can you copy and paste or type this command into the command prompt window then copy and paste the content back to me.

Code: Select all
dir /a C:\WINDOWS\system32\bits >> log.txt
notepad log.txt
del log.txt
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 14th, 2008, 6:11 am

untitled-notepad pops up & it said cannot find the log.txt file
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby spud » May 14th, 2008, 6:13 am

i think i have sorted it Volume in drive C is HP_PAVILION
Volume Serial Number is 00D4-C65F

Directory of C:\WINDOWS\system32\bits

11/05/2008 22:42 <DIR> .
11/05/2008 22:42 <DIR> ..
14/04/2008 01:12 409,088 qmgr.dll
1 File(s) 409,088 bytes
2 Dir(s) 171,739,639,808 bytes free
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 14th, 2008, 6:35 am

ok, that was fine, can you do the same again place the text in the command prompt window and press enter.

Code: Select all
dir /a /s C:\WINDOWS\system32\bits >> log.txt
notepad log.txt
del log.txt


dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 14th, 2008, 11:46 am

Volume in drive C is HP_PAVILION
Volume Serial Number is 00D4-C65F

Directory of C:\WINDOWS\system32\bits

11/05/2008 22:42 <DIR> .
11/05/2008 22:42 <DIR> ..
14/04/2008 01:12 409,088 qmgr.dll
1 File(s) 409,088 bytes
2 Dir(s) 171,739,639,808 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 00D4-C65F

Directory of C:\WINDOWS\system32\bits

11/05/2008 22:42 <DIR> .
11/05/2008 22:42 <DIR> ..
14/04/2008 01:12 409,088 qmgr.dll
1 File(s) 409,088 bytes

Total Files Listed:
1 File(s) 409,088 bytes
2 Dir(s) 171,995,615,232 bytes free
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby spud » May 14th, 2008, 11:48 am

sorry think i done first bit wrong done now thanks
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 14th, 2008, 3:48 pm

Double click on OTMoveIt2.

Click on CleanUp!.

You will receive a prompt that it has finished downloaded a list. Click OK.

After this, it will prompt you to restart your computer. Please restart your computer.


Are you still having any issues?
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware