Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijackthis log

Unread postby spud » May 8th, 2008, 2:21 am

can you tell me if i have a virus please here is my hyjackthis logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:18:14, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ljJDVnNH - ljJDVnNH.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 14448 bytes
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am
Advertisement
Register to Remove

Re: hijackthis log

Unread postby dan12 » May 8th, 2008, 3:25 am

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby dan12 » May 8th, 2008, 3:35 am

AntiVirus
You have several AV's running, you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

Please note that almost all "free" security software is only free for home/private users



Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 8th, 2008, 3:54 am

i tried the dss all i get is an error telling me to report it to microsoft i tried it 3 times same thing i even uninstalled & tried again with no luck
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 8th, 2008, 4:56 am

Are you the administrator of this machine?
Go to Start=>Run and copy the following "%userprofile%\desktop\dss.exe" /config in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 8th, 2008, 9:41 am

tried what you said to do & window poped up & it started but it got as far as the following (examining event log) then an error window poped up saying dss has incounted an error & needs to close please tell microsoft about this
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby spud » May 8th, 2008, 10:18 am

tried again this time it woeked here is the logsDeckard's System Scanner v20071014.68
Run by HP_Owner on 2008-05-08 14:59:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
7: 2008-05-08 07:40:31 UTC - RP41 - Deckard's System Scanner Restore Point
6: 2008-05-07 12:55:41 UTC - RP40 - Software Distribution Service 3.0
5: 2008-05-06 15:04:31 UTC - RP39 - Software Distribution Service 3.0
4: 2008-05-06 15:03:17 UTC - RP38 - Installed Windows Defender
3: 2008-05-06 14:54:40 UTC - RP37 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-05 15:55:31 UTC - RP35 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:26, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\HP_Owner.HOME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ljJDVnNH - ljJDVnNH.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 14285 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2F0CD211D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2F0CD211D800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 14:58:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-08 12:17:36 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-05 04:56:25 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-04 04:52:16 278 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 14:47:54 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Help
2008-05-08 13:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-08 07:17:45 0 d-------- C:\Program Files\Trend Micro
2008-05-08 06:32:07 0 d-------- C:\Program Files\Recuva
2008-05-08 06:28:31 0 dr-h----- C:\Documents and Settings\HP_Owner.HOME\Recent
2008-05-07 17:43:20 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Spyware Terminator
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\My Documents
2008-05-07 16:50:41 0 d--h----- C:\Documents and Settings\Administrator.HOME\Local Settings
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Favorites
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Desktop
2008-05-07 16:50:41 0 d--hs---- C:\Documents and Settings\Administrator.HOME\Cookies
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Symantec
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Sun
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\SampleView
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Real
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Intervideo
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Identities
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Apple Computer
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\WINDOWS
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Templates
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Start Menu
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\SendTo
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Recent
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\PrintHood
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\NetHood
2008-05-07 16:50:39 2097152 --ah----- C:\Documents and Settings\Administrator.HOME\NTUSER.DAT
2008-05-07 16:47:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-07 16:42:42 0 d-------- C:\Program Files\Yahoo!
2008-05-07 16:42:29 0 d-------- C:\Program Files\CCleaner
2008-05-07 15:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-07 15:53:41 0 d-------- C:\Program Files\Security Task Manager
2008-05-07 08:03:03 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\BitTorrent
2008-05-07 08:02:12 0 d-------- C:\Program Files\BitTorrent
2008-05-06 13:56:59 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Gaijin Ent
2008-05-05 15:37:42 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\AdobeUM
2008-05-05 15:05:30 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-05 09:18:44 0 d-------- C:\Program Files\SymNetDrv
2008-05-05 09:05:16 0 d-------- C:\Program Files\Norton Internet Security
2008-05-05 09:04:38 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Symantec
2008-05-05 09:02:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 09:02:47 0 d-------- C:\Program Files\Symantec
2008-05-05 06:52:54 0 d--h----- C:\$AVG8.VAULT$
2008-05-05 06:51:18 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-05 05:21:28 8977 --ahs---- C:\WINDOWS\system32\aHNpAJjl.ini2
2008-05-05 05:13:17 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-05-05 05:13:14 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\!
2008-05-05 05:12:00 0 d-------- C:\WINDOWS\system32\bkEur05
2008-05-05 05:06:55 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\LimeWire
2008-05-05 04:57:49 0 d-------- C:\Program Files\iPod
2008-05-05 04:57:46 0 d-------- C:\Program Files\iTunes
2008-05-05 04:57:09 0 d-------- C:\Program Files\Bonjour
2008-05-05 04:56:37 0 d-------- C:\Program Files\QuickTime
2008-05-05 04:56:22 0 d-------- C:\Program Files\Apple Software Update
2008-05-05 04:56:05 0 d-------- C:\Program Files\Common Files\Apple
2008-05-05 04:56:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-05 04:02:53 0 d-------- C:\Program Files\Toshiba
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 01:07:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DivX
2008-05-05 01:06:57 0 d-------- C:\Program Files\DivX
2008-05-04 23:54:27 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-04 23:04:45 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-04 22:51:34 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:34 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:32 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-05-04 22:45:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-04 16:33:59 0 d-------- C:\Catalog
2008-05-04 11:29:17 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\PC Tools
2008-05-04 11:19:15 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Contacts
2008-05-04 11:16:53 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-04 11:14:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-04 11:14:01 0 d-------- C:\Program Files\Windows Live
2008-05-04 11:13:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-04 10:50:54 0 d-------- C:\WINDOWS\network diagnostic
2008-05-04 10:40:07 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\McAfee
2008-05-04 10:32:32 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Adobe
2008-05-04 10:13:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-04 10:07:14 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DNA
2008-05-04 09:30:03 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-04 09:30:03 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Spyware Terminator
2008-05-04 09:30:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-04 09:30:00 0 d-------- C:\Program Files\Spyware Terminator
2008-05-04 09:25:50 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Simply Super Software
2008-05-04 06:51:03 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\UserData
2008-05-04 06:15:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\WinRAR
2008-05-04 06:07:39 0 d-------- C:\Program Files\SharedFolder
2008-05-04 05:52:01 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-05-04 05:43:10 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Macromedia
2008-05-04 05:40:51 0 dr-hs---- C:\cmdcons
2008-05-04 05:40:18 0 d-------- C:\WINDOWS\setupupd
2008-05-04 05:39:48 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\FaxCtr
2008-05-04 05:35:13 25472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:12 12178688 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:07 73728 --a------ C:\WINDOWS\system32\vsnp2std.dll <Not Verified; Sonix; >
2008-05-04 05:35:07 151552 --a------ C:\WINDOWS\system32\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-05-04 05:35:07 77824 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-05-04 05:34:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\InstallShield
2008-05-04 05:28:26 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Talkback
2008-05-04 05:28:11 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Mozilla
2008-05-04 05:16:05 0 d-------- C:\spoolerlogs
2008-05-04 05:04:56 40960 --a------ C:\WINDOWS\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 32768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-05-04 05:04:56 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:04:56 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Templates
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Start Menu
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\SendTo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\PrintHood
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\NetHood
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Local Settings
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-05-04 05:02:10 0 d---s---- C:\Documents and Settings\HP_Owner\Cookies
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Intervideo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-04 05:02:09 2097152 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-05-04 04:59:33 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2008-05-04 04:50:23 0 d-------- C:\WINDOWS\system32\Lang
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Intervideo
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Identities
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Apple Computer
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\WINDOWS
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Templates
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Start Menu
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\SendTo
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\PrintHood
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\NetHood
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\My Documents
2008-05-04 04:48:45 0 d--h----- C:\Documents and Settings\HP_Owner.HOME\Local Settings
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\Favorites
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Desktop
2008-05-04 04:48:45 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\Cookies
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Sun
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\SampleView
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Real
2008-05-04 04:48:44 4194304 --a------ C:\Documents and Settings\HP_Owner.HOME\NTUSER.DAT
2008-05-04 04:47:16 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-04 04:44:32 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-04 03:19:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-05-04 03:19:48 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-05-04 03:13:03 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Talkback
2008-05-04 03:12:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-05-04 03:12:21 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
2008-05-04 03:03:55 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-05-03 08:59:49 0 d-------- C:\Program Files\McAfee
2008-05-03 08:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-03 08:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-03 08:59:10 0 d-------- C:\Program Files\McAfee.com
2008-05-02 23:36:25 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-02 23:35:36 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-02 20:15:58 0 d-------- C:\Program Files\YourWare Solutions
2008-05-02 09:45:38 0 d-------- C:\Program Files\AC3Filter
2008-05-02 08:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-01 07:47:02 0 d-------- C:\USERDATA
2008-04-30 18:08:14 0 d-------- C:\Program Files\Trojan Remover
2008-04-29 15:51:37 0 d-------- C:\Program Files\AVG
2008-04-28 09:08:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 22:16:38 0 d-------- C:\VundoFix Backups
2008-04-27 09:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-26 08:54:26 0 d--h----- C:\WINDOWS\PIF
2008-04-26 07:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-26 01:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-04-24 07:08:48 0 d-------- C:\Program Files\Microsoft Bootvis
2008-04-20 08:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-17 17:48:17 0 d-------- C:\Program Files\SpywareBlaster
2008-04-17 16:25:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-17 12:09:55 0 d-------- C:\Softpaq
2008-04-16 15:31:11 0 d-------- C:\WINDOWS\Internet Logs
2008-04-15 17:00:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2008-04-13 16:13:14 2582 --a------ C:\WINDOWS\mozver.dat
2008-04-13 14:30:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-13 12:43:39 0 d-------- C:\Program Files\Alwil Software
2008-04-13 11:02:56 0 d-------- C:\WINDOWS\pss
2008-04-13 10:26:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 06:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-04-12 16:20:21 0 d-------- C:\Program Files\NavigationProgram
2008-04-12 14:22:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-12 09:00:48 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-12 01:35:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-12 01:28:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\PrintHood
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\NetHood
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-12 01:26:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-12 01:26:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-12 01:26:31 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-12 01:26:31 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-04-12 01:26:31 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-04-12 01:26:28 2097152 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-12 00:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 06:52:20 0 d-------- C:\Program Files\LucasArts


-- Find3M Report ---------------------------------------------------------------

2008-05-08 13:27:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-08 12:16:08 0 d-------- C:\Program Files\lx_cats
2008-05-08 12:15:30 0 d-------- C:\Program Files\Common Files
2008-05-06 16:03:19 0 d-------- C:\Program Files\Windows Defender
2008-05-05 05:06:37 0 d-------- C:\Program Files\Java
2008-05-04 23:04:35 0 d-------- C:\Program Files\PCRescue4.0
2008-05-04 22:45:25 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 11:36:05 0 d-------- C:\Program Files\Windows NT
2008-05-04 11:36:03 0 d-------- C:\Program Files\Movie Maker
2008-05-04 11:29:28 0 d-------- C:\Program Files\Spyware Doctor
2008-05-04 10:45:14 0 d-------- C:\Program Files\Messenger
2008-05-04 05:52:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark 2400 Series
2008-05-04 05:35:14 0 d-------- C:\Program Files\Common Files\snp2std
2008-05-04 04:52:16 0 d-------- C:\Program Files\Easy Internet signup
2008-05-03 11:19:28 56 --a------ C:\Program Files\sample.vcf
2008-05-02 08:44:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-25 09:54:45 0 d-------- C:\Program Files\DNA
2008-04-07 07:07:49 0 d-------- C:\Program Files\UltimateZip 2007
2008-04-06 11:13:24 0 d-------- C:\Program Files\Ashampoo
2008-04-06 09:44:58 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-05 21:10:15 0 d-------- C:\Program Files\Google
2008-04-05 20:48:29 0 d-------- C:\Program Files\PCPitstop
2008-04-05 20:34:36 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 20:15:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 11:16:45 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-05 10:50:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 10:43:25 0 d-------- C:\Program Files\MSXML 4.0
2008-04-05 10:41:08 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 10:25:22 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-05 10:20:53 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-05 09:30:00 0 d-------- C:\Program Files\Sky Broadband
2008-04-05 09:18:32 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [08/05/1998 07:04]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [18/03/2004 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/08/2007 01:59]
"nwiz"="nwiz.exe" [28/08/2007 01:59 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [30/06/2004 08:06 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [08/06/2004 09:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [08/06/2004 09:42]
"KBD"="C:\HP\KBD\KBD.EXE" [12/02/2003 10:02]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [05/11/2004 08:26]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [05/11/2004 09:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/06/2004 14:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [15/04/2004 11:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [26/10/2004 12:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [15/10/2004 12:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14/12/2004 02:23]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 18:45]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 06:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 09:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [01/12/2005 19:38]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [12/02/2007 14:50]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [10/05/2007 17:05]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [10/05/2007 16:58]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [01/07/2005 19:22]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [08/07/2005 17:16]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" [01/06/2005 14:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 22:45]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 06:51]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [05/05/2008 09:18]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [02/05/2008 21:09]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/05/2008 08:02]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [03/10/2005 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [16/06/2005 11:11:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [05/11/2004 03:28:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDVnNH]
ljJDVnNH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJApNHa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f7229e8-900f-11d9-855f-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-08 15:01:07 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1535.29 MiB / 912.24 MiB
Pagefile Memory (total/avail): 3431.78 MiB / 2867.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.77 MiB

C: is Fixed (NTFS) - 180.09 GiB total, 162.02 GiB free.
D: is Fixed (FAT32) - 6.2 GiB total, 2.49 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 6.21 GiB - D:
\PARTITION1 (bootable) - Installable File System - 180.09 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Norton Internet Security v2005 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner.HOME\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner.HOME
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_OWN~1.HOM\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_OWN~1.HOM\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner.HOME
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner.HOME (admin)
Administrator.HOME (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
AiO_Scan -->
AiOSoftware -->
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoUpdate -->
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Bluetooth Stack for Windows --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BufferChm -->
CameraDrivers -->
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Copy -->
CP_AtenaShokunin1Config -->
cp_dwSharkTaleAlbums1 -->
cp_dwSharkTaleCards1 -->
cp_dwShrek2Albums1 -->
cp_dwShrek2Cards1 -->
CP_PLSBusinessFlyers -->
CreativeProjects -->
CreativeProjectsTemplates -->
CueTour -->
Destinations -->
Director -->
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DocProc -->
DocumentViewer -->
Easy Internet Sign-up -->
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Fax -->
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Theater -->
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Diagnostic Assistant -->
HP Image Zone 4.5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.3 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450 --> MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
HpSdpAppCoreApp -->
InstantShare -->
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo Home Theater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL
InterVideo WinDVD Creator -->
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player -->
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LS_HSI -->
McAfee QuickClean 6.0 --> MsiExec.exe /I{60BA4569-596D-45BE-97E7-15C340273B7A}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PanoStandAlone -->
PC-Doctor for Windows -->
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PCRescue v4.0 -->
PhotoGallery -->
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PrintScreen -->
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PSPrinters06 -->
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QFolder -->
QuickProjects -->
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Readme -->
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Scan -->
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SkinsHP1 -->
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Network Drivers Update -->
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TrayApp -->
Unload -->
USB20 PC Camera-268 --> C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
WebFldrs XP -->
WebReg -->
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type776 / Error
Event Submitted/Written: 05/08/2008 02:35:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type754 / Error
Event Submitted/Written: 05/08/2008 08:51:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type752 / Error
Event Submitted/Written: 05/08/2008 08:47:01 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type750 / Error
Event Submitted/Written: 05/08/2008 08:42:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type705 / Error
Event Submitted/Written: 05/07/2008 04:52:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nmain.exe, version 103.0.2.10, faulting module ascompbr.dll, version 2005.1.0.163, fault address 0x00009179.
Processing media-specific event for [nmain.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1864 / Warning
Event Submitted/Written: 05/08/2008 00:14:57 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011D8E55061. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1829 / Warning
Event Submitted/Written: 05/08/2008 06:23:16 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011D8E55061. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1825 / Error
Event Submitted/Written: 05/07/2008 09:09:48 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type1824 / Error
Event Submitted/Written: 05/07/2008 09:09:48 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type1823 / Warning
Event Submitted/Written: 05/07/2008 09:09:45 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{700ADCB5-6E2E-4561-A479-87016A755184}.



-- End of Deckard's System Scanner: finished at 2008-05-08 15:01:07 ------------
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 9th, 2008, 8:44 am

Hi, can you address the multiple a\v's running on your system may be the reason were having problems with the scans. If your going to remove norton and McAfee let me know as it invariable leaves bits behind, I will give you a tool to help with removal, let me know which your going to stay with!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby dan12 » May 12th, 2008, 12:47 am

you still needing help? :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 12th, 2008, 4:01 am

yes istill want your help & are the scanner resulDeckard's System Scanner v20071014.68
Run by HP_Owner on 2008-05-12 08:55:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:24, on 12/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner.HOME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ljJDVnNH - ljJDVnNH.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12009 bytes

-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 08:43:10 0 dr-h----- C:\Documents and Settings\HP_Owner.HOME\Recent
2008-05-12 07:21:12 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Motive
2008-05-12 00:11:26 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 22:42:06 0 d-------- C:\WINDOWS\system32\scripting
2008-05-11 22:42:05 0 d-------- C:\WINDOWS\l2schemas
2008-05-11 22:42:03 0 d-------- C:\WINDOWS\system32\bits
2008-05-11 22:37:54 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-11 22:30:51 0 d-------- C:\WINDOWS\EHome
2008-05-11 09:53:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 09:52:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 09:39:23 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 03:33:58 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Uniblue
2008-05-09 21:01:54 5750816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 20:32:04 0 d-------- C:\Program Files\ZoneAlarmSB
2008-05-09 20:29:56 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-09 20:29:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-09 20:29:41 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-05-09 20:29:22 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-09 19:33:35 0 d-------- C:\Program Files\LimeWire
2008-05-08 14:47:54 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Help
2008-05-08 13:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-05-08 07:17:45 0 d-------- C:\Program Files\Trend Micro
2008-05-07 17:43:20 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Spyware Terminator
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\My Documents
2008-05-07 16:50:41 0 d--h----- C:\Documents and Settings\Administrator.HOME\Local Settings
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Favorites
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Desktop
2008-05-07 16:50:41 0 d--hs---- C:\Documents and Settings\Administrator.HOME\Cookies
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Symantec
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Sun
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\SampleView
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Real
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Intervideo
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Identities
2008-05-07 16:50:41 0 d-------- C:\Documents and Settings\Administrator.HOME\Application Data\Apple Computer
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\WINDOWS
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Templates
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Start Menu
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\SendTo
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\Recent
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\PrintHood
2008-05-07 16:50:40 0 d-------- C:\Documents and Settings\Administrator.HOME\NetHood
2008-05-07 16:50:39 2097152 --ah----- C:\Documents and Settings\Administrator.HOME\NTUSER.DAT
2008-05-07 16:47:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-07 16:42:42 0 d-------- C:\Program Files\Yahoo!
2008-05-07 16:42:29 0 d-------- C:\Program Files\CCleaner
2008-05-07 15:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-07 15:53:41 0 d-------- C:\Program Files\Security Task Manager
2008-05-07 08:03:03 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\BitTorrent
2008-05-07 08:02:12 0 d-------- C:\Program Files\BitTorrent
2008-05-06 13:56:59 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Gaijin Ent
2008-05-05 15:37:42 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\AdobeUM
2008-05-05 15:05:30 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-05 06:52:54 0 d--h----- C:\$AVG8.VAULT$
2008-05-05 06:51:18 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-05 05:21:28 8977 --ahs---- C:\WINDOWS\system32\aHNpAJjl.ini2
2008-05-05 05:13:17 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-05-05 05:12:00 0 d-------- C:\WINDOWS\system32\bkEur05
2008-05-05 05:06:55 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\LimeWire
2008-05-05 04:57:49 0 d-------- C:\Program Files\iPod
2008-05-05 04:57:46 0 d-------- C:\Program Files\iTunes
2008-05-05 04:57:09 0 d-------- C:\Program Files\Bonjour
2008-05-05 04:56:37 0 d-------- C:\Program Files\QuickTime
2008-05-05 04:56:05 0 d-------- C:\Program Files\Common Files\Apple
2008-05-05 04:56:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-05 04:02:53 0 d-------- C:\Program Files\Toshiba
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-05 02:48:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 01:07:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DivX
2008-05-05 01:06:57 0 d-------- C:\Program Files\DivX
2008-05-04 23:54:27 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-04 23:04:45 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-04 22:51:34 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:34 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-04 22:51:32 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-05-04 22:45:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-04 16:33:59 0 d-------- C:\Catalog
2008-05-04 11:29:17 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\PC Tools
2008-05-04 11:19:15 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Contacts
2008-05-04 11:16:53 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-04 11:14:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-04 11:14:01 0 d-------- C:\Program Files\Windows Live
2008-05-04 11:13:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-04 10:50:54 0 d-------- C:\WINDOWS\network diagnostic
2008-05-04 10:40:07 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\McAfee
2008-05-04 10:32:32 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Adobe
2008-05-04 10:13:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-04 10:07:14 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\DNA
2008-05-04 09:25:50 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Simply Super Software
2008-05-04 06:51:03 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\UserData
2008-05-04 06:15:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\WinRAR
2008-05-04 06:07:39 0 d-------- C:\Program Files\SharedFolder
2008-05-04 05:52:01 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-05-04 05:43:10 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Macromedia
2008-05-04 05:40:51 0 dr-hs---- C:\cmdcons
2008-05-04 05:40:18 0 d-------- C:\WINDOWS\setupupd
2008-05-04 05:39:48 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\FaxCtr
2008-05-04 05:35:13 25472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:12 12178688 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-05-04 05:35:07 73728 --a------ C:\WINDOWS\system32\vsnp2std.dll <Not Verified; Sonix; >
2008-05-04 05:35:07 151552 --a------ C:\WINDOWS\system32\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-05-04 05:35:07 77824 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-05-04 05:34:56 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\InstallShield
2008-05-04 05:28:26 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Talkback
2008-05-04 05:28:11 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Mozilla
2008-05-04 05:16:05 0 d-------- C:\spoolerlogs
2008-05-04 05:04:56 40960 --a------ C:\WINDOWS\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 32768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2008-05-04 05:04:56 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-05-04 05:04:56 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:04:56 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Templates
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Start Menu
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\SendTo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\PrintHood
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\NetHood
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Local Settings
2008-05-04 05:02:10 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-05-04 05:02:10 0 d---s---- C:\Documents and Settings\HP_Owner\Cookies
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Intervideo
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-05-04 05:02:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-04 05:02:09 2097152 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-05-04 04:59:33 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2008-05-04 04:50:23 0 d-------- C:\WINDOWS\system32\Lang
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Intervideo
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Identities
2008-05-04 04:48:46 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Apple Computer
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\WINDOWS
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Templates
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Start Menu
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\SendTo
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\PrintHood
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\NetHood
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\My Documents
2008-05-04 04:48:45 0 d--h----- C:\Documents and Settings\HP_Owner.HOME\Local Settings
2008-05-04 04:48:45 0 dr------- C:\Documents and Settings\HP_Owner.HOME\Favorites
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Desktop
2008-05-04 04:48:45 0 d--hs---- C:\Documents and Settings\HP_Owner.HOME\Cookies
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Sun
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\SampleView
2008-05-04 04:48:45 0 d-------- C:\Documents and Settings\HP_Owner.HOME\Application Data\Real
2008-05-04 04:48:44 4718592 --a------ C:\Documents and Settings\HP_Owner.HOME\NTUSER.DAT
2008-05-04 04:47:16 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-04 04:44:32 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-04 03:19:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-05-04 03:19:48 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-05-04 03:13:03 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Talkback
2008-05-04 03:12:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-05-04 03:12:21 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
2008-05-04 03:03:55 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-05-03 08:59:49 0 d-------- C:\Program Files\McAfee
2008-05-03 08:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-03 08:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-03 08:59:10 0 d-------- C:\Program Files\McAfee.com
2008-05-02 23:36:25 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-02 23:35:36 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-02 20:15:58 0 d-------- C:\Program Files\YourWare Solutions
2008-05-02 09:45:38 0 d-------- C:\Program Files\AC3Filter
2008-05-02 08:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-01 07:47:02 0 d-------- C:\USERDATA
2008-04-30 18:08:14 0 d-------- C:\Program Files\Trojan Remover
2008-04-29 15:51:37 0 d-------- C:\Program Files\AVG
2008-04-28 09:08:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-27 22:16:38 0 d-------- C:\VundoFix Backups
2008-04-27 09:43:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-26 08:54:26 0 d--h----- C:\WINDOWS\PIF
2008-04-26 07:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-26 01:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-04-24 07:08:48 0 d-------- C:\Program Files\Microsoft Bootvis
2008-04-20 08:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-17 17:48:17 0 d-------- C:\Program Files\SpywareBlaster
2008-04-17 16:25:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-17 12:09:55 0 d-------- C:\Softpaq
2008-04-16 15:31:11 0 d-------- C:\WINDOWS\Internet Logs
2008-04-15 17:00:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2008-04-13 16:13:14 2582 --a------ C:\WINDOWS\mozver.dat
2008-04-13 14:30:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-13 12:43:39 0 d-------- C:\Program Files\Alwil Software
2008-04-13 11:02:56 0 d-------- C:\WINDOWS\pss
2008-04-13 10:26:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 06:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-04-12 16:20:21 0 d-------- C:\Program Files\NavigationProgram
2008-04-12 14:22:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-12 09:00:48 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-12 01:35:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-12 01:28:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-12 01:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\PrintHood
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\NetHood
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-12 01:26:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-12 01:26:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-12 01:26:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-12 01:26:31 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-12 01:26:31 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-04-12 01:26:31 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-04-12 01:26:28 2359296 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-12 00:28:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes


-- Find3M Report ---------------------------------------------------------------

2008-05-11 22:42:33 0 d-------- C:\Program Files\Messenger
2008-05-11 22:42:03 0 d-------- C:\Program Files\Movie Maker
2008-05-11 22:37:35 0 d-------- C:\Program Files\Windows NT
2008-05-11 21:51:32 0 d-------- C:\Program Files\lx_cats
2008-05-11 07:24:05 0 d-------- C:\Program Files\LucasArts
2008-05-11 07:15:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 03:46:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 02:46:42 0 d-------- C:\Program Files\Common Files
2008-05-09 22:08:39 0 d-------- C:\Program Files\Windows Defender
2008-05-05 05:06:37 0 d-------- C:\Program Files\Java
2008-05-04 23:04:35 0 d-------- C:\Program Files\PCRescue4.0
2008-05-04 22:45:25 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 11:29:28 0 d-------- C:\Program Files\Spyware Doctor
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-04 05:37:49 0 d-------- C:\Program Files\Lexmark 2400 Series
2008-05-04 05:35:14 0 d-------- C:\Program Files\Common Files\snp2std
2008-05-04 04:52:16 0 d-------- C:\Program Files\Easy Internet signup
2008-05-03 11:19:28 56 --a------ C:\Program Files\sample.vcf
2008-05-02 08:44:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-25 09:54:45 0 d-------- C:\Program Files\DNA
2008-04-07 07:07:49 0 d-------- C:\Program Files\UltimateZip 2007
2008-04-06 11:13:24 0 d-------- C:\Program Files\Ashampoo
2008-04-06 09:44:58 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-05 21:10:15 0 d-------- C:\Program Files\Google
2008-04-05 20:48:29 0 d-------- C:\Program Files\PCPitstop
2008-04-05 20:34:36 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 20:15:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 11:16:45 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-05 10:50:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 10:43:25 0 d-------- C:\Program Files\MSXML 4.0
2008-04-05 10:41:08 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 10:25:22 0 d-------- C:\Program Files\Lexmark Toolbar
2008-04-05 10:20:53 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-05 09:30:00 0 d-------- C:\Program Files\Sky Broadband
2008-04-05 09:18:32 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
09/05/2008 20:32 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [09/05/2008 20:32 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [08/05/1998 07:04]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [18/03/2004 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/08/2007 01:59]
"nwiz"="nwiz.exe" [28/08/2007 01:59 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [30/06/2004 08:06 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [08/06/2004 09:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [08/06/2004 09:42]
"KBD"="C:\HP\KBD\KBD.EXE" [12/02/2003 10:02]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [05/11/2004 08:26]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [05/11/2004 09:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/06/2004 14:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/06/2004 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [15/04/2004 11:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [26/10/2004 12:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [15/10/2004 12:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14/12/2004 02:23]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 18:45]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 06:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 09:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [01/12/2005 19:38]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [12/02/2007 14:50]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [10/05/2007 17:05]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [10/05/2007 16:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 22:45]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 06:51]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [08/07/2005 17:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [01/07/2005 19:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [02/05/2008 21:09]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/05/2008 08:02]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [03/10/2005 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [6/16/2005 11:11:42 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 3:28:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDVnNH]
ljJDVnNH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJApNHa

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f7229e8-900f-11d9-855f-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-12 08:58:26 ------------

ts
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 12th, 2008, 4:36 am

Before I can go any further you still haven't addressed your a\v's that are running as I asked.
you only need one running at any one time, this could do all sorts of things to the future scans I ask for.
let me know which one you are going to stay with and I will assist you to remove the others.
we need to get on top of this infection, I can only help if I have your assistance too. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 12th, 2008, 9:55 am

i have uninstalled norton & mcafee is only the quickclean running i have not installed the rest of the mcafee security & now the only antivirus program running is avg
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 12th, 2008, 12:09 pm

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent
LimeWire


Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall BitTorrent
LimeWire
, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

_______


Upload this file here: C:\WINDOWS\system32\ljJApNHa

http://www.bleepingcomputer.com/submit-malware.php?channel=4
Just add the link to this topic, browse and find the above file and submit it.

___________________

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\WINDOWS\system32\ljJApNHa
C:\WINDOWS\system32\aHNpAJjl.ini2
C:\VundoFix Backups
C:\WINDOWS\system32\bkEur05

    

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2
_____________________

Copy/paste the following text into a new Notepad document. (You must use Notepad, NOT Wordpad). Make sure that you have NO blank lines at the beginning of the document before REGEDIT4 and ONE blank line at the end of the document as shown in the codebox text:

Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00  

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDVnNH]



Save it to your desktop as Fixme.reg. Save it as follows...
File Type: "All Files" (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.

Let me know that all went ok!
post the otmoveit report and a new HJT log
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: hijackthis log

Unread postby spud » May 13th, 2008, 4:10 am

i cannot find them files in system 32 or anywhere on my pc only found vundo backups which is empty
spud
Regular Member
 
Posts: 18
Joined: May 8th, 2008, 2:11 am

Re: hijackthis log

Unread postby dan12 » May 13th, 2008, 5:37 am

You were not supposed to look for the files/folders, otmoveit will have done that for you.
Please carry out the Instruction given.
can I see the otmoveit2 report and the jotti's report.

Did you carry out the reg fix as I Instructed as this is important!
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 387 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware