Free Malware Removal Forum

by **Buckeye** » May 5th, 2008, 10:53 pm

For about the last month, Internet Explorer takes several minutes to load. Any link that opens in a new window also takes several minutes to load. I normally use FireFox, but there are a few site that are heavy with ActiveX content and require Internet Explorer. Trend Micro had this site listed to evaluate the log file.

I would really appreciate your time in helping me work through this. The HiJackThis log is attached.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:49 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\mirra\mirra.watchdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Mirra\Mirra.Client.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\mirra\mirra.service.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.primericaonline.com/Login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mirra.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://vdpalmpilot.supportsoft.com/sdcc ... gctlcm.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MirraSync Service (Mirra.Service) - Mirra, Inc. - c:\program files\mirra\mirra.service.exe
O23 - Service: Mirra Watchdog Service (Mirra.Watchdog) - Mirra, Inc. - c:\program files\mirra\mirra.watchdog.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11736 bytes

by **Carolyn** » May 8th, 2008, 10:16 pm

Hello and Welcome to the forums!

Important: Do not attach any log or other material except as specifically instructed to do so by a helper. Normally, contents of logs should be posted directly into the thread.

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

we are currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

by **Buckeye** » May 8th, 2008, 10:39 pm

Carolyn,
Thanks for your help on this one. I appreciate you taking the time to do this. Below is the install log that you requested. I only have access to my PC at night, but I have been checking it every night.

Chris

ABBYY FineReader 7.0 Professional Edition
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AOPA's Real-Time Flight Planner 1.2.2
AutoFile Plus
Bob Vila's Home Design
CallAtlanta
Conexant HD Audio
Crimson Editor (remove only)
Customer Experience Enhancement
DivX
Documents To Go
Easy HTML Construction Kit 8.87
FreePDF XP (Remove only)
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ 2.8.18-1 runtime environment
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
HP DVD Play 2.3
HP Extended Capabilities 4.7
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 4.7
HP Quick Launch Buttons 6.10 A2
HP Rhapsody
HP Update
HP User Guides 0027
HP Wireless Assistant 2.00 G2
IRA Analyst
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Laridian Easton's Bible Dictionary for PalmOS
Laridian Matthew Henry Concise Commentary for PalmOS
Laridian MyBible 4 Demo for PalmOS
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional
Microsoft SQL Server Desktop Engine (SHIPWORKS)
Microsoft Visual C++ 2005 Redistributable
Mirra 2.00.0006
Move Networks Player for Internet Explorer
Mozilla Firefox (2.0.0.14)
Mozilla Thunderbird (2.0.0.6)
MSN
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 5.0
My HP Games
Netscape Browser (remove only)
NetWaiting
NVIDIA Drivers
Office 2003 Trial Assistant
Palm
Pdf995
QuickTime
RedMon - Redirection Port Monitor
SeaMonkey (1.1.

Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Series 26 Drill and Practice
ShipWorks 2.9.0
Skype™ 3.6
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SplashID
Spy Sweeper for MSN
Synaptics Pointing Device Driver
The GIMP 2.2.11
ToolbarBrowser v2.4
Trellian SEO Toolkit v2.0
Trellian WebPage
TurboApps Conduit
Umbrella Screen Saver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
WildTangent Web Driver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinFlex
Wireless Home Network Setup

by **Carolyn** » May 10th, 2008, 4:22 pm

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.

For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight Wild Tangent, click Remove.
Close the Add or Remove Programs and the Control Panel windows.

Please download Malwarebytes' Anti-Malware and save it to a convenient location.

Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

Please post the Malewarebytes' Anti-Malware log along with the contents of main.txt and extra.txt.

by **Buckeye** » May 10th, 2008, 11:28 pm

Attached are the 3 logs you requested. The first is the Malwarebytes, the other 2 are the dss logs.

Thanks,
Chris

Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152419
Time elapsed: 51 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\mirra\mirra.watchdog.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\mirra\mirra.service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mirra\Mirra.Client.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Chris Grieser\Desktop\dss.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris Grieser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.primericaonline.com/Login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mirra.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://vdpalmpilot.supportsoft.com/sdcc ... gctlcm.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MirraSync Service (Mirra.Service) - Mirra, Inc. - c:\program files\mirra\mirra.service.exe
O23 - Service: Mirra Watchdog Service (Mirra.Watchdog) - Mirra, Inc. - c:\program files\mirra\mirra.watchdog.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11419 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 portio (CMS Openfile Service) - c:\windows\system32\drivers\portd64.sys (file missing)
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Mirra.Service (MirraSync Service) - "c:\program files\mirra\mirra.service.exe" <Not Verified; Mirra, Inc.; Mirra>
R2 Mirra.Watchdog (Mirra Watchdog Service) - c:\program files\mirra\mirra.watchdog.exe <Not Verified; Mirra, Inc.; Mirra>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-01 01:00:07 368 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-15 01:27:45 366 --a------ C:\WINDOWS\Tasks\McDefragTask.job

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 22:27:46 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Malwarebytes
2008-05-10 22:27:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 22:27:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-05 22:13:44 0 d-------- C:\Program Files\Trend Micro
2008-05-02 23:39:01 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2008-04-19 12:26:12 0 d-------- C:\Program Files\Common Files\L&H
2008-04-12 23:37:04 0 d-------- C:\a4b08570cdb87269431746a956
2008-04-10 10:51:25 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-04-10 09:54:32 0 d-------- C:\pfsesd
2008-04-10 09:54:29 49152 --a------ C:\WINDOWS\system32\DZ_EZ32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 DZ-Easy (Multi-Threaded)>

-- Find3M Report ---------------------------------------------------------------

2008-05-10 23:15:21 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Skype
2008-05-10 22:16:27 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\skypePM
2008-05-03 08:29:29 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\MSN6
2008-04-19 12:27:15 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-19 12:26:12 0 d-------- C:\Program Files\Common Files
2008-04-16 21:16:45 0 d-------- C:\Program Files\DOSBox-0.71
2008-04-15 07:14:13 0 d-------- C:\Program Files\Palm
2008-04-09 16:03:07 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-09 15:52:21 0 d-------- C:\Program Files\ShipWorks
2008-04-04 23:32:49 0 d-------- C:\Program Files\Yahoo!
2008-04-04 23:32:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-04 23:32:48 0 d-------- C:\Program Files\Windows NT
2008-04-04 23:32:45 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 23:32:44 0 d-------- C:\Program Files\WildTangent
2008-04-04 23:32:22 0 d-------- C:\Program Files\Webroot
2008-04-04 23:32:05 0 d-------- C:\Program Files\Trellian
2008-04-04 23:31:49 0 d--h----- C:\Program Files\system.sav
2008-04-04 23:31:43 0 d-------- C:\Program Files\Synaptics
2008-04-04 23:31:43 0 d-------- C:\Program Files\SplashData
2008-04-04 23:31:40 0 d-------- C:\Program Files\Sonic
2008-04-04 23:31:01 0 d-------- C:\Program Files\Skype
2008-04-04 23:30:58 0 d-------- C:\Program Files\RothIRA
2008-04-04 23:30:57 0 d-------- C:\Program Files\QuickTime
2008-04-04 23:30:15 0 d-------- C:\Program Files\QuickMile
2008-04-04 23:30:14 0 d-------- C:\Program Files\Quickensetup
2008-04-04 23:30:06 0 d-------- C:\Program Files\Quicken
2008-04-04 23:29:56 0 d-------- C:\Program Files\pdf995
2008-04-04 23:28:30 0 d-------- C:\Program Files\PalmArchive
2008-04-04 23:26:27 0 d-------- C:\Program Files\Online Services
2008-04-04 23:26:27 0 d-------- C:\Program Files\ODO PC
2008-04-04 23:26:27 0 d-------- C:\Program Files\NetWaiting
2008-04-04 23:25:58 0 d-------- C:\Program Files\Netscape
2008-04-04 23:25:42 0 d-------- C:\Program Files\muvee Technologies
2008-04-04 23:25:42 0 d-------- C:\Program Files\music_now
2008-04-04 23:25:41 0 d-------- C:\Program Files\MTD Install v5.0
2008-04-04 23:25:41 0 d-------- C:\Program Files\MSXML 4.0
2008-04-04 23:25:40 0 d-------- C:\Program Files\MSN Messenger
2008-04-04 23:25:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-04 23:24:48 0 d-------- C:\Program Files\mozilla.org
2008-04-04 23:24:48 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-04 23:24:29 0 d-------- C:\Program Files\Movie Maker
2008-04-04 23:24:27 0 d-------- C:\Program Files\MobileRob
2008-04-04 23:24:27 0 d-------- C:\Program Files\Mirra
2008-04-04 23:24:24 0 d-------- C:\Program Files\Microsoft.NET
2008-04-04 23:24:24 0 d-------- C:\Program Files\Microsoft Office Trial Wizard
2008-04-04 23:23:30 0 d-------- C:\Program Files\Microsoft Money 2006
2008-04-04 23:23:29 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-04 23:23:28 0 d-------- C:\Program Files\microsoft frontpage
2008-04-04 23:23:28 0 d-------- C:\Program Files\Messenger
2008-04-04 23:23:27 0 d-------- C:\Program Files\McAfee.com
2008-04-04 23:23:18 0 d-------- C:\Program Files\McAfee
2008-04-04 23:23:10 0 d-------- C:\Program Files\Laridian
2008-04-04 23:23:09 0 d-------- C:\Program Files\Kodak
2008-04-04 23:22:46 0 d-------- C:\Program Files\Java
2008-04-04 23:22:06 0 d-------- C:\Program Files\iTunes
2008-04-04 23:21:55 0 d-------- C:\Program Files\iPod
2008-04-04 23:21:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 23:21:38 0 d-------- C:\Program Files\iambic Software
2008-04-04 23:21:37 0 d-------- C:\Program Files\HPQ
2008-04-04 23:21:35 0 d-------- C:\Program Files\HP Rhapsody
2008-04-04 23:21:25 0 d-------- C:\Program Files\HP Games
2008-04-04 23:11:55 0 d-------- C:\Program Files\HP
2008-04-04 23:08:18 0 d-------- C:\Program Files\HOTLLAMA MEDIA
2008-04-04 23:08:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-04 23:08:03 0 d-------- C:\Program Files\Hermetic Systems
2008-04-04 23:08:03 0 d-------- C:\Program Files\HanDBase3
2008-04-04 23:07:42 0 d-------- C:\Program Files\gs
2008-04-04 23:07:37 0 d-------- C:\Program Files\Google
2008-04-04 23:07:05 0 d-------- C:\Program Files\GIMP-2.0
2008-04-04 23:06:49 0 d-------- C:\Program Files\FreePDF_XP
2008-04-04 23:06:47 0 d-------- C:\Program Files\FileZ
2008-04-04 23:06:46 0 d-------- C:\Program Files\Encarta Online
2008-04-04 23:06:45 0 d-------- C:\Program Files\Documents To Go
2008-04-04 23:06:34 0 d-------- C:\Program Files\DivX
2008-04-04 23:06:34 0 d-------- C:\Program Files\DIFX
2008-04-04 23:06:30 0 d-------- C:\Program Files\Dearborn
2008-04-04 23:06:30 0 d-------- C:\Program Files\Crimson Editor
2008-04-04 23:06:19 0 d-------- C:\Program Files\CONEXANT
2008-04-04 23:05:58 0 d-------- C:\Program Files\Compton's Home Library
2008-04-04 23:05:57 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-04 23:05:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-04 23:05:51 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-04-04 23:05:51 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-04 23:05:51 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-04 23:05:46 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-04 23:05:46 0 d-------- C:\Program Files\Common Files\Skype
2008-04-04 23:05:46 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-04 23:05:46 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-04-04 23:05:27 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-04 23:05:07 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-04 23:05:04 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-04 23:04:57 0 d-------- C:\Program Files\Common Files\Java
2008-04-04 23:04:56 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-04 23:04:47 0 d-------- C:\Program Files\Common Files\HP
2008-04-04 23:04:46 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-04 23:04:41 0 d-------- C:\Program Files\Common Files\GTK
2008-04-04 23:04:41 0 d-------- C:\Program Files\Common Files\GE Financial Assurance
2008-04-04 23:04:41 0 d-------- C:\Program Files\Common Files\DataViz
2008-04-04 23:04:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-04 23:04:40 0 d-------- C:\Program Files\Common Files\ADO
2008-04-04 23:04:34 0 d-------- C:\Program Files\CMS Products
2008-04-04 23:04:31 0 d-------- C:\Program Files\AutoFile
2008-04-04 23:04:05 0 d-------- C:\Program Files\ABBYY FineReader 7.0 Professional Edition
2008-04-04 22:47:13 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\WildTangent
2008-04-04 22:47:10 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Webroot
2008-04-04 22:47:10 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Trellian
2008-04-04 22:47:10 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Thunderbird
2008-04-04 22:47:09 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Talkback
2008-04-04 22:47:05 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Sun
2008-04-04 22:47:05 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Sonic
2008-04-04 22:47:05 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Smith Micro
2008-04-04 22:46:59 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Real
2008-04-04 22:46:59 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\pdf995
2008-04-04 22:46:59 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\muvee Technologies
2008-04-04 22:46:59 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\MSNInstaller
2008-04-04 22:46:54 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Mozilla
2008-04-04 22:46:22 0 d--h----- C:\Documents and Settings\Chris Grieser\Application Data\Move Networks
2008-04-04 22:45:53 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Macromedia
2008-04-04 22:45:41 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Leadertech
2008-04-04 22:45:41 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Intuit
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\InstallShield Installation Information
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Identities
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\iambic
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\HP
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\HotSync
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Hermetic_Systems
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Help
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\GTek
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Google
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\CyberLink
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Arcsoft
2008-04-04 22:45:36 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Apple Computer
2008-04-04 22:45:35 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\AdobeUM
2008-04-04 22:45:35 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\Adobe
2008-04-04 22:45:30 0 d-------- C:\Documents and Settings\Chris Grieser\Application Data\ABBYY
2008-03-03 21:40:34 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 21:40:00 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-03-03 21:40:00 9233 --a------ C:\WINDOWS\mozver.dat
2008-03-03 21:39:40 118784 --a------ C:\WINDOWS\GREUninstall.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/14/2006 03:02 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [04/18/2006 07:29 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 01:22 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/12/2006 01:55 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 08:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 08:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 03:33 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/26/2006 08:18 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 02:23 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 01:52 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 07:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 03:11 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/22/2007 07:11 PM]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [12/10/2003 01:19 AM]
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [06/26/2007 08:27 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [12/04/2007 11:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/01/2007 09:05 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [6/9/2004 2:27:34 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Mirra.lnk - C:\Program Files\Mirra\Mirra.Client.exe [12/18/2006 10:48:01 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

-- Hosts -----------------------------------------------------------------------

192.168.1.45 HP00156047A54F

-- End of Deckard's System Scanner: finished at 2008-05-10 23:25:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 958.6 MiB / 426.85 MiB
Pagefile Memory (total/avail): 2314.36 MiB / 1792.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.82 MiB

C: is Fixed (NTFS) - 103.43 GiB total, 77.75 GiB free.
D: is Fixed (FAT32) - 8.35 GiB total, 1.27 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 103.43 GiB - C:
\PARTITION1 - Unknown - 8.37 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\pfs\\callatl\\rteng9.exe"="C:\\pfs\\callatl\\rteng9.exe:*:Enabled:Adaptive Server Anywhere Network Server"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:HP AiO Fax Manager"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe:*:Enabled:HP OfficeJet Settings Interface"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris Grieser\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRISLAPTOP2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris Grieser
LOGONSERVER=\\CHRISLAPTOP2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;C:\GAGEPROG;C:\GAGEDATA;C:\dos;c:\windows;c:\qfiler;c:\windows\command;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRISG~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRISG~1\LOCALS~1\Temp
USERDOMAIN=CHRISLAPTOP2
USERNAME=Chris Grieser
USERPROFILE=C:\Documents and Settings\Chris Grieser
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Chris Grieser (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Dora's Carnival Adventure\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tinos Fruit Stand\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
--> C:\WINDOWS\IsUninst.exe -fC:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\Setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 7.0 Professional Edition --> MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
AFPL Ghostscript 8.54 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
AOPA's Real-Time Flight Planner 1.2.2 --> c:\Jeppesen\RTFPClient\Uninstall.exe
AutoFile Plus --> C:\PROGRA~1\AutoFile\UNWISE.EXE C:\PROGRA~1\AutoFile\INSTALL.LOG
Bob Vila's Home Design --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compton's Home Library\BobVila\Uninst.isu"
CallAtlanta --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{206A595B-6ED6-4547-9293-C448139826EC}\setup.exe" -l0x9
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
Crimson Editor (remove only) --> C:\Program Files\Crimson Editor\uninstall.exe
Customer Experience Enhancement --> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Documents To Go --> MsiExec.exe /X{930D28D0-9FD8-4D50-B0C8-B55528064560}
Easy HTML Construction Kit 8.87 --> "C:\Program Files\Hermetic Systems\ehck887\unins000.exe"
FreePDF XP (Remove only) --> C:\Program Files\FreePDF_XP\fpsetup.exe /r
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ 2.8.18-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B5m\HXFSETUP.EXE -U -Iwis30B5m.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP DVD Play 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0027 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IRA Analyst --> C:\PROGRA~1\RothIRA\UNWISE.EXE C:\PROGRA~1\RothIRA\INSTALL.LOG
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Laridian Easton's Bible Dictionary for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\Laridian\Easton's Bible Dictionary\install.log -lC:\WINDOWS\ResENU.dll
Laridian Matthew Henry Concise Commentary for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\Laridian\Matthew Henry Concise Commentary\install.log -lC:\WINDOWS\ResENU.dll
Laridian MyBible 4 Demo for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\Laridian\MyBible 4 Demo\install.log -lC:\WINDOWS\ResENU.dll
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SHIPWORKS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirra 2.00.0006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B696523-A46D-46CB-B607-3ADE0240D99E}\setup.exe" -l0x9
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Chris Grieser\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Palm --> MsiExec.exe /X{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}
Palm VersaMail(tm) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4F454B69-4619-44E9-848F-3FC49BC8D9BB}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RedMon - Redirection Port Monitor --> C:\WINDOWS\system32\unredmon.exe
SeaMonkey (1.1.

--> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.8 (en)"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Series 26 Drill and Practice --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5580384F-A7EC-4B3F-9A9C-05EFCA476BDB}\setup.exe"
ShipWorks 2.9.0 --> "C:\Program Files\ShipWorks\Uninstall\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SplashID --> "C:\Program Files\InstallShield Installation Information\{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spy Sweeper for MSN --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The GIMP 2.2.11 --> "C:\Program Files\GIMP-2.0\unins000.exe"
ToolbarBrowser v2.4 --> "C:\Program Files\TRELLIAN\Toolbar\unToolbarBrowser\unins000.exe"
Trellian SEO Toolkit v2.0 --> "C:\Program Files\TRELLIAN\SEO Toolkit v2.0\unins000.exe"
Trellian WebPage --> "C:\Program Files\Trellian\Trellian WebPage\unins000.exe"
TurboApps Conduit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C587A6C6-A6EF-4FF2-892F-0088C64D7A76}\setup.exe" custom
Umbrella Screen Saver --> C:\WINDOWS\azssuninst.exe Umbrella
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
WinFlex --> C:\WINDOWS\IsUninst.exe -fC:\WinFlex6\DeIsL2.isu
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly

-- Application Event Log -------------------------------------------------------

Event Record #/Type6234 / Warning
Event Submitted/Written: 05/10/2008 10:14:00 PM
Event ID/Source: 19011 / MSSQL$SHIPWORKS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type6170 / Error
Event Submitted/Written: 05/09/2008 10:58:36 PM
Event ID/Source: 0 / Mirra.Watchdog
Event Description:
Failed in handling the PowerEvent. The error that occurred was: System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Mirra.Watchdog.Watchdog.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.ServiceCommandCallbackEx(Int32 command, Int32 eventType, IntPtr eventData, IntPtr eventContext).

Event Record #/Type6167 / Error
Event Submitted/Written: 05/09/2008 10:58:31 PM
Event ID/Source: 0 / Mirra.Watchdog
Event Description:
Failed in handling the PowerEvent. The error that occurred was: System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Mirra.Watchdog.Watchdog.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.ServiceCommandCallbackEx(Int32 command, Int32 eventType, IntPtr eventData, IntPtr eventContext).

Event Record #/Type6149 / Error
Event Submitted/Written: 05/09/2008 07:18:57 AM
Event ID/Source: 0 / Mirra.Watchdog
Event Description:
Failed in handling the PowerEvent. The error that occurred was: System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Mirra.Watchdog.Watchdog.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.ServiceCommandCallbackEx(Int32 command, Int32 eventType, IntPtr eventData, IntPtr eventContext).

Event Record #/Type6139 / Error
Event Submitted/Written: 05/09/2008 07:17:35 AM
Event ID/Source: 0 / Mirra.Watchdog
Event Description:
Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException: Cannot stop Mirra.Service service on computer '.'. ---> System.ComponentModel.Win32Exception: The service did not respond to the start or control request in a timely fashion
--- End of inner exception stack trace ---
at System.ServiceProcess.ServiceController.Stop()
at Mirra.Watchdog.Watchdog.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.ServiceCommandCallbackEx(Int32 command, Int32 eventType, IntPtr eventData, IntPtr eventContext).

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3643 / Warning
Event Submitted/Written: 05/09/2008 10:59:38 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type3640 / Error
Event Submitted/Written: 05/09/2008 10:59:37 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Mirra.Watchdog service.

Event Record #/Type3637 / Error
Event Submitted/Written: 05/09/2008 10:59:07 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Mirra.Watchdog service.

Event Record #/Type3636 / Warning
Event Submitted/Written: 05/09/2008 10:58:46 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type3635 / Warning
Event Submitted/Written: 05/09/2008 10:58:46 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

-- End of Deckard's System Scanner: finished at 2008-05-10 23:25:23 ------------

by **Carolyn** » May 12th, 2008, 12:10 pm

Hello Chris,

Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6.
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

by **Buckeye** » May 13th, 2008, 6:56 am

Following are the logs from Kaspersky and HJT. The original problem of Internet Explorer being very slow is still there. It takes from 1 - 3 minutes to open and load the home page. IE itself actually opens very quickly, with the home page address in the title bar and browser bars, but the tab shows "Connecting..." for several minutes. I know it is not the connection, as Firefox opens, with 4 tabs loaded in about 15 seconds.

Given the number of scans we have done and that nothing has been found yet, I would guess it is not malware related. I wanted to try this first, as several of the forums indicated that malware may be the cause. Any other suggestions?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 13, 2008 6:45:21 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/05/2008
Kaspersky Anti-Virus database records: 765113
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 113116
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:18:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{FA2D4265-4890-48EB-BB1A-C208514D8BAE}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\cert8.db Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\history.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\key3.db Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\parent.lock Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\call256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\chat512.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\index2.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\user1024.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\user16384.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\user256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Skype\chris.grieser\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Chris Grieser\Application Data\Webroot\Spy Sweeper\Logs\080512212113.ses Object is locked skipped
C:\Documents and Settings\Chris Grieser\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\ApplicationHistory\Mirra.Client.exe.f6fbef35.ini.inuse Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Application Data\Mozilla\Firefox\Profiles\4iyr2zq6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Temp\~DF1575.tmp Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Temp\~DF53E6.tmp Object is locked skipped
C:\Documents and Settings\Chris Grieser\Local Settings\Temp\~DFF974.tmp Object is locked skipped
C:\Documents and Settings\Chris Grieser\ntuser.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris Grieser\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Chris Grieser\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0003E83B-4215-43D7-97AE-853A66DC2FB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS006ACE69-DDAE-468F-BBAC-D08A761EA7AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0305EFEA-1132-427E-A968-269CFC496BCC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS04E8AED7-F616-48AC-BBCC-1E93A3186264.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS06F3FA39-81F9-4CE0-8EC9-E12F6C352D9B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS081ADC4F-C001-4C8A-81AE-833156E97F77.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B0AB985-E36C-49B1-8B2C-4600DC5C2970.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EA20D97-A597-4C87-A485-679ECE8E4454.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS10D27400-9F28-4408-85CE-CA1320BD1538.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1157C312-1237-4EAA-82FC-EE317F26E3C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS11B4EA8F-954F-4B67-9016-AC28DE20DE6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A766BAE-B239-4104-83A6-DDB59F5E46F2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B69C1E6-209B-4F46-AAEA-A7045CBF5223.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D2A50E2-0381-4A56-96B2-6B6CF90D921F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D454AC8-080E-44B4-9D27-8F7FBA4F2B1F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1DCE1D76-C735-47CF-99BD-F22313FC48D7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1EBDF135-CEED-4FFE-8C05-B1EA3821260F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1EE4180C-E182-408D-9B81-B70395ADD465.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS251E404D-9679-490B-B7EC-B6A2CA6A5D7D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2758F62E-647C-42F0-BE26-E6CA103C4BEF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS28EB5221-19AC-4CD9-B80C-489BD69637B1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2988FCD7-7F28-454C-8132-91F9508047A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2BB7023A-2CF2-4FB9-9277-8BE96270579E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C57E2A3-651E-476C-BBCF-45969CE88491.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E42DA36-44EA-405F-A05E-EC25981238B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2FD76464-01B3-4236-956B-6E9609B58C0E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3958AF9C-816B-4EFA-BC7C-5BDC527526F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS39AB7D95-4D6B-426A-A639-F061BAA55F2F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B6CA7D6-669A-49B1-8060-C5B18BB60C97.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS44D35F3D-E4DE-481C-B85C-1690560371F2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS44FF5550-6352-40A0-A4F3-62C45ABBEEB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS46A41A69-EAF4-4E21-A741-BFB9BF9ADAC3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS47720CEF-DA80-41CD-AEB5-D2ECCA685B8E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS49F06CCB-2D24-48BC-84E0-F3A3E7CC5650.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C31F64F-D133-43F3-81B3-565E04CBAE04.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D1E8C15-3094-4588-9254-23C9A908C44F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS5669C862-5708-405F-AFD5-7BF5086DE29D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS5DB3EF76-F96A-413C-94E3-D7FF47026B56.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS613E3325-D955-47AA-A8AA-4435D4D65E1A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS61A5CC84-5F9D-45BE-AE0B-6262F233BE94.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS67770D83-D95A-4044-A719-0666C40C2406.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6855C171-D9A7-4E39-81C0-7FB3CA353527.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A9976DA-6E01-48E1-BA9B-98B02C787F73.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B0085B4-B8AD-478E-8EF4-4FD6224A45DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EBA6A54-A225-45EA-8408-4C454BFAB4AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS70A75CCD-10E0-409C-A5EF-67C4C48E9FE3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS72A21DEE-36CD-4D74-A6C2-D57EDDF245F9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS77528296-125C-45C4-BC94-A9C75019FE31.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS77D1069B-4F6A-4E88-AD92-307079FBF3CE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS824114D5-B845-491C-81CC-8FC488F9792C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8761FE8E-C899-474E-82F3-937811785061.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E1E6068-41D3-4642-AEE1-CAA8FD22B814.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E702741-EF86-4415-A4DD-C3E57DBDFAC1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS91A6FB8E-C7ED-4A3C-B17C-DED1986AEDAC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS92F9B30C-C213-4D49-AD2D-CB5119772E75.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS95E7E528-0D7C-43DC-8543-344967775655.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS97B43A0B-CDB2-489F-930E-EFB8A79A0B42.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C966192-E2A8-4A22-BEA0-609C2715AD5A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CB6FE7C-333C-42AB-A589-CBCC6D634D0F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9DF74034-A62C-4C3E-A917-9FF752226CD3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA08C4837-9679-47E1-9D8F-192CC05D94D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA1201E4-019A-4CFF-B3D0-8F0C32224380.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB04A862-1A4B-4C5C-BF99-E3163BF0DEE9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAE469418-2033-485A-A5C2-BF4ABC44E7BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFC61777-7AEE-44B8-9B6D-143DC74BC390.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB18AF478-675C-4824-BBD4-EF85630A889C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6508DC6-31D0-477B-8F08-74796FF9DA0D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB8892F77-B5FA-431F-BD7C-72E99024C7BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBACBCDB4-EAAC-4520-A77F-510C94196AB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBDC71679-D120-40C7-9B3E-87CE051CECEC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC91651DE-557D-4DE0-8328-CA485FF5159F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC68E887-17B9-4692-8C22-B923CDDF7B6D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE89B483-BC87-452C-81C1-96BA54DE1AB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF5C9334-2241-4313-A513-AEB89DD8147B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD11BB48F-3EF2-48C0-8EEE-992EB21D207C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1544503-C25D-4968-888F-5A2063EF5F0D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1E2B2B5-DA60-47E9-BA67-A8AFAD920321.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4CC76DB-F613-45A8-B4C3-E2E6D2497B4C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD684B196-8110-42D7-83C7-20C0D4591D21.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCB41E34-42EC-4129-AECC-20A3767D3ED0.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE63DEFDF-99B5-4958-9A7F-360294531C51.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7215D9D-B76A-4E63-B24B-75076A90C4A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7CC70B1-46FA-4BD1-8E99-FE697FBEE1DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC67DA59-8A22-4C26-BCB0-150661CFA584.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF1F7822F-CF54-44E1-BCE6-9B71E1129A0C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3ADB626-A086-46A7-9307-FE8C23678844.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5424568-D47F-4E52-A45D-EF66FCBB18B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF79C97BA-FC62-4574-A55B-083C6DA8DB39.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9DDF45E-5F20-4F25-9D43-6E1D3390BEE2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBF8965F-CF83-466A-85E7-035FC0F11CC4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFDC27EE2-B1EC-4250-AE9A-8AA406268672.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP49\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9A936EBB-FF6E-4F13-A5CF-2046F4CB2BE8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\mcafee_zsHUfsgJvfbtTDx Object is locked skipped
C:\WINDOWS\temp\mcmsc_6cokGxgbvDmhk95 Object is locked skipped
C:\WINDOWS\temp\mcmsc_9z4BBtdYCrvaXGW Object is locked skipped
C:\WINDOWS\temp\mcmsc_fH6DBGcPVcaLqnT Object is locked skipped
C:\WINDOWS\temp\mcmsc_h8jRZFYfwB7Rpi5 Object is locked skipped
C:\WINDOWS\temp\mcmsc_kdUndQRGlebfApx Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_e0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:31 AM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\mirra\mirra.watchdog.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Mirra\Mirra.Client.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\mirra\mirra.service.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.primericaonline.com/Login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Mirra.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://vdpalmpilot.supportsoft.com/sdcc ... gctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MirraSync Service (Mirra.Service) - Mirra, Inc. - c:\program files\mirra\mirra.service.exe
O23 - Service: Mirra Watchdog Service (Mirra.Watchdog) - Mirra, Inc. - c:\program files\mirra\mirra.watchdog.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11748 bytes

by **Carolyn** » May 13th, 2008, 5:52 pm

Hello,

Given the number of scans we have done and that nothing has been found yet, I would guess it is not malware related. I wanted to try this first, as several of the forums indicated that malware may be the cause. Any other suggestions?

You are correct, this is not a malware issue.

There are a couple of programs installed on your computer that might be the cause of the problem.

Mirra 2.00.0006
Webroot Spysweeper

I suggest that you uninstall Mirra and see if Internet Explorer is more responsive. If that doesn't fix the problem, try uninstalling Spysweeper to see if that helps.

Please post the results of uninstalling one or both of those programs.

by **Buckeye** » May 14th, 2008, 6:37 am

I tried WebRoot Spysweeper, which always has seemed like a resource hog, and it did not change.

As for the Mirra, what is it about Mirra that you believe may be causing the problem? The reason I ask is that I have had it on all of my computers for 3+ years now, and it has never been an issue and the problem with IE has just been the last few months. A bigger reason yet is that it is tied in to every aspect of the file management system and it will not be an easy uninstall and re-install. (It is a physical backup server, with software to track file usage and back it up whenever updated. It has paid for itself many times over.) If it is not a VERY high likelihood, then I would like to avoid this if at all possible.

Thanks again for your dedication to this process...

by **Carolyn** » May 14th, 2008, 11:23 am

Hello Buckeye,

I have been told that Mirra "phones home alot". Whether that is an issue here with IE settings, I can't really say.

I am afraid that I will be of little help troubleshooting browser issues. I suggest you use the following link to go to the BleepingComputer Web Browsing/Email and Other Internet Applications forum for help with your IE problem. The helpers there have the expertise you are looking for to resolve your problem.

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic.

This is my general post for when your logs show no more signs of malware

- Please let me know if you still are having problems with your computer and what these problems are

:Time for some housekeeping:
Please delete Deckard's System Scanner (dss.exe} from your computer.

:Set correct settings for files:

Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please check Hide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK

:clear system restore points:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

:Make your Internet Explorer more secure:

http://surfthenetsafely.com/ieseczone8.htm

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

:Turn On Automatic Updates:

Start

Run,

sysdm.cpl

ENTER

Automatic Updates

Automatic (recommended)

http://www.windowsupdate.com

:antispyware programs:

and the updating of them regularly

WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.

Consider a custom hosts file

MVPS HOSTS

WinHelp2002

DNS Client

before

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

by **Buckeye** » May 14th, 2008, 9:00 pm

I received the message. Thank you so much for your time. I have learned a lot from this experience and am grateful to know it is not spyware related. I will go to the other site to see what I can find out.

by **Elrond** » May 16th, 2008, 1:39 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Free Malware Removal Forum

Internet Explorer is running VERY slow

Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Re: Internet Explorer is running VERY slow

Who is online