PC repeatedly reboots

Chapin98 · 02-09-2007, 01:33 PM

Hi,

My PC repeatedly reboots itself throughout the day. Normally this occurs while surfing the web. Also, while using FF it will not allow me to connect to some sites like Usatoday, MSN, MSNBC, Myspace and others; I can connect to those using IE7 (except Usatoday).

When the reboot is done I have a screen telling me that my active desktop is not working properly. Also, Firefox 2.0.0.1 and the Windows desktop revert to their default settings.

I have run the following: CWShredder, AVG AntiSpyware, WebRoot Anti-Spyware, Stinger, Spybot, Adaware and Norton AV all found nothing other than "normal" tracking cookies which I deleted. I have also run Webroot Windows Washer.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:20:52 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\KEMailKb\KEMailKb.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svcmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\HP_Owner\Desktop\Don\stng260.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live Mail desktop\wlmail.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MSRT] svcmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\RunServices: [MSRT] svcmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Event Reminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135210195328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O18 - Protocol: bw+0 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks in advance for your help.

**Deckard** · 02-11-2007, 01:58 PM

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Since it has been a few days since you first posted, please download ComboScan and save it to your Desktop. Double-click on comboscan.exe and follow the prompts. Please note that some firewalls may warn that sigcheck.exe is trying to access the Internet -- please allow it. When it has finished, ComboScan will open Notepad with a log file -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) this logfile as your reply.

Additionally, a folder will open with two text files. Please attach the Supplementary.txt file with your reply. To attach a file to a new post, simply:

Click the [Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
Copy and paste the following into the "Upload File from your Computer" box:
C:\ComboScan\Supplementary.txt
Click Upload.

Thank you.

Chapin98 · 02-11-2007, 02:28 PM

ComboScan v20070210.13 run by HP_Owner on 2007-02-11 at 17:16:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Sorry the last part was supposed to be an attachment!

Successfully created restore point.
Performed disk cleanup.

-- HijackThis log (run as HP_Owner.com) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:17:19 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\KEMailKb\KEMailKb.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svcmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Live Mail desktop\wlmail.exe
C:\Documents and Settings\HP_Owner\Desktop\comboscan.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~sjxvoko.tmp\HP_Owner.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MSRT] svcmon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunServices: [MSRT] svcmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Event Reminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk.disabled
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135210195328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O18 - Protocol: bw+0 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
1 AmdK8 (AMD Processor Driver) - system32\DRIVERS\AmdK8.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
0 bb-run (Promise driver accelerator) - system32\DRIVERS\bb-run.sys
2 CdaC15BA - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - System32\Drivers\DKbFltr.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 ENETHUSB (Speedstream Ethernet USB Adapter) - system32\DRIVERS\enethusb.sys
0 ftsata2 - system32\DRIVERS\ftsata2.sys
0 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - system32\DRIVERS\gagp30kx.sys
3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
0 iaStor (Intel RAID Controller) - system32\DRIVERS\iaStor.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
3 Jukebox3 - system32\DRIVERS\ctpdusb.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 L8042PR2 (Logitech PS/2 Mouse Filter Driver) - System32\Drivers\l8042pr2.sys
3 LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - system32\DRIVERS\LHidFlt2.Sys
3 LMouFlt2 (Logitech Mouse Class Filter Driver) - System32\Drivers\LMouFlt2.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\naveng.sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\navex15.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
3 Point32 (Microsoft IntelliPoint Filter Driver) - system32\DRIVERS\point32.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
1 SAVRT - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
2 SAVRTPEL - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
3 Sfloppy (High-Capacity Floppy Disk Drive) - system32\DRIVERS\sfloppy.sys
3 SiS315 - system32\DRIVERS\sisgrp.sys
0 SISAGP (SiS AGP Filter) - system32\DRIVERS\SISAGPX.sys
0 SiSide - system32\DRIVERS\siside.sys
0 sisidex - system32\drivers\sisidex.sys
1 SiSkp - system32\DRIVERS\srvkp.sys
3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - system32\DRIVERS\sisnic.sys
3 SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - system32\DRIVERS\sisnicxp.sys
0 sisperf (Add Performance Filter Driver) - system32\drivers\sisperf.sys
3 smserial - system32\DRIVERS\smserial.sys
0 srescan - system32\ZoneLabs\srescan.sys
0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - SYSTEM32\Drivers\SSFS0509.SYS
0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - SYSTEM32\Drivers\SSHRMD.SYS
0 SSIDRV (Spy Sweeper Interdiction Driver) - SYSTEM32\Drivers\SSIDRV.SYS
3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - System32\Drivers\sskbfd.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20051228.053\symidsco.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - system32\DRIVERS\usbohci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 USB_RNDIS (Texas Instruments AR7D01 DSL Router) - system32\DRIVERS\usb8023.sys
0 ViaIde - system32\DRIVERS\viaide.sys
1 vsdatant - System32\vsdatant.sys
3 WpdUsb - system32\DRIVERS\wpdusb.sys
0 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 C-DillaCdaC11BA - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2 ccEvtMgr (Symantec Event Manager) - "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2 Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE
2 DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
2 Diskeeper - "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
3 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 ISSVC - "c:\Program Files\Norton Internet Security\ISSVC.exe"
2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
2 SMART Board Service - "C:\Program Files\SMART Board Software\SMARTBoardService.exe"
3 SNDSrvc (Symantec Network Drivers Service) - "c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
2 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup

-- Scheduled Tasks --------------------------------------------------------------

2007-02-11 17:04:06 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{265442CC-E0C4-4B9A-9CCF-18AAC0AC9DB9}.job<USER_F~1.JOB>
2007-02-11 15:31:01 370 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-02-11 11:40:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-09 11:56:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

-- Files created between 2007-01-11 and 2007-02-11 ------------------------------

2007-02-10 13:31:18 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-10 11:52:37 49024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys<Unsigned: Windows (R) 2000 DDK provider>
2007-02-10 11:52:36 139264 --a------ C:\WINDOWS\system32\IDEproperty.dll<IDEPRO~1.DLL><Unsigned: n/a>
2007-02-10 11:52:31 9472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys<Unsigned: Silicon Integrated Systems Corp.>
2007-02-10 11:38:34 0 d-------- C:\Program Files\sisagp
2007-02-10 11:21:17 106496 -----n--- C:\WINDOWS\SiSUSBrg.exe<Unsigned: Silicon Integrated Systems Corp.>
2007-02-10 11:21:17 3583 -----n--- C:\WINDOWS\SiSport.sys<Unsigned: Windows (R) 2000 DDK provider>
2007-02-10 11:21:17 32768 -----n--- C:\WINDOWS\SIS_LIB.DLL<Unsigned: n/a>
2007-02-10 11:20:22 258048 --a------ C:\WINDOWS\system32\SiSParse.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:20:22 49152 -----n--- C:\WINDOWS\system32\SiSBase.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:20:01 0 d-------- C:\Program Files\SiS VGA Utilities V3.65<SISVGA~1.65>
2007-02-10 11:17:42 0 d-------- C:\WINDOWS\SIS
2007-02-10 11:17:41 110592 -----n--- C:\WINDOWS\system32\TVMode.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:17:41 28672 -----n--- C:\WINDOWS\system32\SiSHook.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:17:40 176128 -----n--- C:\WINDOWS\system32\SiSApCom.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:17:31 331776 --a------ C:\WINDOWS\system32\sistray.exe<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:17:27 0 d-------- C:\WINDOWS\system32\trayres
2007-02-10 11:16:11 184320 --a------ C:\WINDOWS\system32\SiSInst.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:16:10 258048 --a------ C:\WINDOWS\system32\_SiSParse.dll<_SISPA~1.DLL><Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:16:10 49152 --a------ C:\WINDOWS\system32\_SiSBase.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:16:09 49152 --a------ C:\WINDOWS\system32\SiSPower.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-10 11:16:09 32768 -----n--- C:\WINDOWS\InstFunc.exe<Unsigned: n/a>
2007-02-10 11:16:09 7168 --a------ C:\WINDOWS\InstFunc.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-02-09 17:59:18 0 d-------- C:\Program Files\PC Wizard 2007<PCWIZA~1>
2007-01-29 17:26:21 1 --a------ C:\tempdeleft.exe<TEMPDE~2.EXE><Unsigned: n/a>
2007-01-29 17:11:19 0 --a------ C:\tempdelet.exe<TEMPDE~1.EXE><Unsigned: n/a>
2007-01-29 17:03:34 0 --a------ C:\deleteme.exe<Unsigned: n/a>
2007-01-28 12:53:34 0 d-------- C:\Program Files\Legacy Interactive<LEGACY~1>
2007-01-28 12:05:02 0 d-------- C:\Program Files\Edmark
2007-01-21 23:02:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-01-21 23:02:39 15360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys<Unsigned: Webroot Software Inc (www.webroot.com)>
2007-01-21 23:02:39 122368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys<Unsigned: Webroot Software Inc (www.webroot.com)>
2007-01-21 23:02:39 15872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys<Unsigned: Webroot Software Inc (www.webroot.com)>
2007-01-21 23:02:39 14848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys<Unsigned: Webroot Software Inc (www.webroot.com)>
2007-01-21 22:59:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-01-21 12:17:43 0 d-------- C:\Program Files\Virtools Web Player 3.0<VIRTOO~1.0>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.>
2007-01-14 01:07:01 53248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll<CIAXPR~1.DLL><Unsigned: CIA, The Company>
2007-01-14 01:07:00 200704 --a------ C:\WINDOWS\system32\ciaSCls20.dll<CIASCL~1.DLL><Unsigned: CIA, The company>
2007-01-14 00:59:44 497488 --a------ C:\WINDOWS\system32\XceedZip.dll<Signed: Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com>
2007-01-14 00:59:43 65536 --a------ C:\WINDOWS\system32\ssfm1032.dll<Unsigned: Sheridan Software Systems, Inc>
2007-01-14 00:59:42 89360 --a------ C:\WINDOWS\system32\VB5DB.dll<Unsigned: Microsoft Corporation>
2007-01-14 00:59:42 38400 --a------ C:\WINDOWS\system32\lttwn11n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:59:42 3824 --a------ C:\WINDOWS\system32\ltthk11w.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:59:41 226816 --a------ C:\WINDOWS\system32\ltefx11n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:59:41 26112 --a------ C:\WINDOWS\system32\lfmsp11n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:59:41 27136 --a------ C:\WINDOWS\system32\lfimg11n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:59:41 35328 --a------ C:\WINDOWS\system32\lfcal11n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 453120 --a------ C:\WINDOWS\system32\ltkrn13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 445440 --a------ C:\WINDOWS\system32\ltimg13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 154112 --a------ C:\WINDOWS\system32\ltfil13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 206848 --a------ C:\WINDOWS\system32\ltefx13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 265216 --a------ C:\WINDOWS\system32\ltdis13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 1693696 --a------ C:\WINDOWS\system32\ltclr13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 142848 --a------ C:\WINDOWS\system32\lftif13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 90112 --a------ C:\WINDOWS\system32\lfjbg13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 246272 --a------ C:\WINDOWS\system32\lfj2k13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 73728 --a------ C:\WINDOWS\system32\lffax13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:20:21 388608 --a------ C:\WINDOWS\system32\lfcmp13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-14 00:19:58 0 d-------- C:\Program Files\MFInstall<MFINST~1>
2007-01-13 18:42:12 0 d-------- C:\Program Files\Windows Live Mail desktop<WINDOW~4>
2007-01-13 17:32:20 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>

-- Find3M Report ----------------------------------------------------------------

2007-02-11 11:38:40 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-02-10 15:19:43 13977 --a------ C:\WINDOWS\mozver.dat
2007-02-10 13:15:37 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Registry Booster<REGIST~1>
2007-02-10 13:13:43 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-10 11:48:33 4096 --a------ C:\WINDOWS\system32\drivers\siside.sys<Signed: Silicon Integrated Systems Corp.>
2007-02-10 11:42:25 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-10 11:42:05 32768 --a------ C:\WINDOWS\system32\drivers\sisnicxp.sys<Signed: SiS Corporation>
2007-02-10 11:08:20 36992 --a------ C:\WINDOWS\system32\drivers\SISAGPX.SYS<Signed: Silicon Integrated Systems Corporation>
2007-02-08 17:37:12 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-07 12:24:45 0 d-------- C:\Program Files\Zylom Games<ZYLOMG~1>
2007-02-07 12:23:15 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-02-07 07:22:57 0 d-------- C:\Program Files\Opera
2007-02-05 21:54:06 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\BitTorrent<BITTOR~1>
2007-02-04 15:18:35 0 d-------- C:\Program Files\Family Tree Maker 2005<FAMILY~1>
2007-02-04 11:19:17 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\U3
2007-01-31 20:50:35 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-01-31 08:59:34 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2007-01-28 12:37:06 0 d-------- C:\Program Files\Yahoo! Games<YAHOO!~1>
2007-01-26 12:01:38 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-26 12:00:12 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-01-21 23:02:37 0 d-------- C:\Program Files\Webroot
2007-01-21 22:58:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Webroot
2007-01-21 16:42:05 0 d-------- C:\Program Files\Java
2007-01-20 17:38:41 0 d-------- C:\Program Files\SMART Board Software<SMARTB~1>
2007-01-15 20:52:24 0 d-------- C:\Program Files\Diner Dash<DINERD~1>
2007-01-14 16:16:41 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer<APPLEC~1>
2007-01-13 18:25:16 0 d-------- C:\Program Files\Family Tree Maker 2006<FAMILY~3>
2007-01-12 17:23:48 0 d-------- C:\Program Files\LimeWire
2007-01-10 00:33:43 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Opera
2007-01-09 22:15:00 1392640 --a------ C:\WINDOWS\system32\svcmon.exe<Unsigned: n/a>
2007-01-09 22:09:58 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-01-09 15:03:45 0 d-------- C:\Program Files\Diskeeper Corporation<DISKEE~1>
2006-12-30 14:23:20 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2006-12-30 11:04:49 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2006-12-30 11:04:49 0 d-------- C:\Program Files\MemTurbo
2006-12-30 11:04:02 0 d-------- C:\Program Files\KEMailKb
2006-12-30 11:02:02 0 d-------- C:\Program Files\iTunes
2006-12-30 10:57:35 0 d-------- C:\Program Files\Google
2006-12-30 10:54:52 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2006-12-30 08:14:08 0 d-------- C:\Program Files\WebIQ
2006-12-29 15:25:12 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Creative
2006-12-29 01:04:28 0 d-------- C:\Program Files\Yahoo!
2006-12-29 00:50:51 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2006-12-28 16:16:36 0 d--h----- C:\Program Files\Creative Installation Information<CREATI~1>
2006-12-28 16:12:56 0 d-------- C:\Program Files\Creative
2006-12-28 16:12:23 0 d-------- C:\Program Files\Common Files\Creative
2006-12-27 19:08:49 0 d-------- C:\Program Files\iPod
2006-12-26 18:40:00 0 d-------- C:\Program Files\Micro Innovations<MICROI~1>
2006-12-24 19:35:00 87 --a------ C:\WINDOWS\popcinfo.dat
2006-12-16 11:24:43 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2006-12-11 17:33:14 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Zylom

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\""
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"MtdAcqu"="\"C:\\Program Files\\Creative\\MediaSource5\\MtdAcqu.exe\" /s"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"ISUSScheduler"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\issch.exe\" -start"
"Logitech Utility"="Logi_MwX.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"KEMailKb"="C:\\PROGRA~1\\KEMailKb\\KEMailKb.EXE"
"RegistryMechanic"=""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"MSRT"="svcmon.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"SiSPower"="\"Rundll32.exe\" SiSPower.dll,ModeAgent"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"MSRT"="svcmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd08"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="sm56hlpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ZinioDeliveryManager"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/HP_Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

-- End of ComboScan: finished at 2007-02-11 at 17:19:04 -------------------------

ComboScan v20070210.13 run by HP_Owner on 2007-02-11 at 17:16:32
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 895.48 MiB / 500.86 MiB
Pagefile Memory (total/avail): 1486.18 MiB / 831.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.76 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 67.01 GiB total, 34.68 GiB free.
D: is Fixed (FAT32) - 7.5 GiB total, 2.08 GiB free.
E: is CDROM (Unformatted)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

-- Security Center --------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is unknown.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: ZoneAlarm Pro Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation)

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SANKER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\SANKER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Diskeeper Corporation\Diskeeper\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SANKER
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ----------------------------------------------------------------

HP_Owner

-- Add/Remove Programs ----------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\uninst.exe -fC:\Maxis\SimFarm\DeIsL1.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adventure Inlay(TM) --> C:\PROGRA~1\SHOCKW~1.COM\ADVENT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ADVENT~1\INSTALL.LOG
Agnitum Tauscan 1.7 --> C:\PROGRA~1\Agnitum\TAUSCA~1.7\UNWISE.EXE C:\PROGRA~1\Agnitum\TAUSCA~1.7\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backspin Billiards --> C:\PROGRA~1\SHOCKW~1.COM\BACKSP~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BACKSP~1\INSTALL.LOG
Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BookWorm Deluxe 1.02 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
Bounce Out --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDEC8492-94F7-43E3-8C7C-29CA97B3CE95}\Setup.exe"
ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}
Christmas 1.0 --> "c:\Hiyah\Christmas\SETUP\setup.exe" /u
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Collapse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75F66C39-B41E-11D5-B743-00D0B74C4519}\Setup.exe"
Cool Timer 2.2 --> "C:\Program Files\Cool Timer\unins000.exe"
CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreVorbis-uninstall.exe"
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Micro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Digital Locker Assistant --> MsiExec.exe /I{7AA56274-7E3A-45AD-8C9D-34D11AED41A9}
Diner Dash --> "C:\WINDOWS\Diner Dash\uninstall.exe" "/U:C:\Program Files\Diner Dash\Uninstall\uninstall.xml"
Diner Dash 2 (remove only) --> "C:\Documents and Settings\HP_Owner\Desktop\Games\Diner Dash 2\Uninstall.exe"
Diner Dash Two --> C:\Program Files\Diner Dash Two\Uninstal.exe
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{B1D8CAE1-62E8-4259-8B57-1755629F71EC}
DrawPlus 3.0 --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL1.isu"
Dynomite Deluxe 2.71 --> C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Efficient Networks SpeedStream DSL --> C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
Family Feud (remove only) --> "C:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe"
Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\Setup.exe" -l0x9
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
Insaniquarium Deluxe 1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Insaniquarium Deluxe\irunin.ini"
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
KEMailKb --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
Legacy 6.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Lexmark Supplies Monitor --> C:\WINDOWS\system32\LXSMUNIN.EXE
Lexmark Z25-Z35 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAXUN5C.EXE -dLexmark Z25-Z35
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Links LS 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Games\Links LS 2000\Uninst.isu"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Millie's Math House (Remove only) --> C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Millie's Math House "
Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MySpaceIM --> MsiExec.exe /I{C3C42F6E-EB61-4784-BC97-B0C64E163CED}
Mystery Case Files - Huntsville (remove only) --> "C:\Program Files\Mystery Case Files - Huntsville\Uninstall.exe"
NingPo MahJong Deluxe 1.04 --> C:\Program Files\PopCap Games\NingPo MahJong Deluxe\UnGins.exe "C:\Program Files\PopCap Games\NingPo MahJong Deluxe\install.log"
Noah's Ark Deluxe 1.1 --> C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
PC Wizard 2007.1.72 --> "C:\Program Files\PC Wizard 2007\unins000.exe"
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PCMagazine SurfSpeed --> "C:\Program Files\PC Magazine Utilities\SurfSpeed\unins000.exe"
Photo Organizer --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL1.isu"
PrintMaster Gold 17 --> MsiExec.exe /I{C4DCAD15-B754-4FD9-8035-713FE919B118}
PureVoice --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}\Setup.exe" -l0x9
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
SimCity 2000® CD Collection --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem40.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Slingo Deluxe --> C:\PROGRA~1\SHOCKW~1.COM\SLINGO~1\product\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SLINGO~1\product\INSTALL.LOG
SMART Board Software --> MsiExec.exe /I{EE2A5345-CBE2-4932-83B0-D628D0D24AF8}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
The Emporer's Mahjong --> "C:\Program Files\Emperors Mahjong\unins000.exe"
The Incredible Machine: Even More Contraptions --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF7A031F-96C8-404C-99C9-96C675D6099F}\Setup.exe"
The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebIQ Client Software --> C:\WINDOWS\system32\WebIQInstall.exe /u
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Mail desktop --> MsiExec.exe /I{7EAADEA9-D36D-46A2-BC8E-7B3F097835B8}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoo Vet (remove only) --> "C:\Program Files\Legacy Interactive\Zoo Vet\Uninstall.exe"
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zuma Deluxe! 1.0 --> C:\WINDOWS\iun6002.exe "C:\My Games\zuma\irunin.ini"

-- End of ComboScan: finished at 2007-02-11 at 17:19:04 -------------------------

**Deckard** · 02-11-2007, 03:04 PM

Okay, let's get rid of what I can see.

P2P Software
I see you have P2P software (i.e. Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Disable SpySweeper
Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable SpySweeper:

Go to the Options>Program Options.
Uncheck Load at Windows Startup.
Click Shields and uncheck all items there.
Uncheck Home page shield.

Disable Windows Defender
Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. To disable Defender:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Disable AVG AntiSpyware Guard
Please disable AVG AntiSpyware's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable AVG AS Guard:

Open AVG AntiSpyware by double-clicking the AVG AS system tray icon.
Click the Shield tab at the top
Click on the word active to change it to inactive.
Close AVG AntiSpyware.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

J2SE Runtime Environment 5.0
Viewpoint Media Player

Please let me know if any of these were unable to uninstall.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.

HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):

O4 - HKLM\..\Run: [MSRT] svcmon.exe
O4 - HKLM\..\RunServices: [MSRT] svcmon.exe

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\Viewpoint
C:\WINDOWS\system32\svcmon.exe
C:\deleteme.exe
C:\tempdeleft.exe
C:\tempdelet.exe

Reboot
Reboot your system to Normal Mode.

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database: extended
- Scan Options: Scan Archives and Scan Mail Bases
Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has been infected.
Click on the Save as Text button and save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

With Your Next Post...
Please paste the following with your next reply (in this order please):

Kaspersky scan report,
a new HiJackThis log taken after Kaspersky finishes.

Chapin98 · 02-11-2007, 06:37 PM

As requested:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 11, 2007 9:28:06 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/02/2007
Kaspersky Anti-Virus database records: 266872
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 147079
Number of viruses found: 13
Number of infected objects: 46 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:29:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01132007-173234.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0000.VBN Infected: Trojan-Clicker.Win32.Delf.dm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0001.VBN Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300001.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09100000.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09100001.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000.VBN Infected: Trojan-PSW.Win32.Sinowal.ch skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280001.VBN Infected: Trojan-Clicker.Win32.Costrat.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900000.VBN Infected: Trojan-PSW.Win32.Sinowal.ch skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900001.VBN Infected: Trojan-Clicker.Win32.Costrat.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.asd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN/run.exe Infected: Trojan-Downloader.Win32.Zlob.asd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340000.VBN Infected: Backdoor.Win32.IRCBot.yc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AEC0000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AEC0001.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0001.VBN Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0002.VBN Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0003.VBN Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0004.VBN Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0005.VBN Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0006.VBN Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0000.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0001.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF40000.VBN Infected: Backdoor.Win32.IRCBot.yc skipped
C:\Documents and Settings\HP_Owner\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\MSNBC~dcom_ Newsweek~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\MSNBC~dcom_ Top MSNBC Headlines~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\USATODAY~dcom News - Top Stories~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D0B67B12-0455-430F-947E-A10293B100ED} Infected: Trojan.Win32.Qhost skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DC0BB28E-A6CD-4B45-A8C7-3EE7EE98BA94} Infected: Trojan.Win32.Qhost skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\donsanker@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\donsanker@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\edb.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\edbtmp.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\Hotmail (do 1c7\Deleted items\5AF141BB-000006D8.eml Infected: Trojan-Spy.HTML.Paylap.ad skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\tmp.edb Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\WindowsLiveMaildesktop.MSMessageStore Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\JETFDC0.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_c6c.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF2B72.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF2B8F.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF3FDF.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF412C.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF440C.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF44AA.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF4971.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF49A9.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF4A4C.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF4A69.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF8E0.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF9195.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF9E4.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFCD99.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFCF57.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFDB09.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFDB32.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\SMART Board Software\SMARTBoardService.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP552\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SANKER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_248.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT000ae.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT000b2.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP552\change.log Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 9:32:19 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\KEMailKb\KEMailKb.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Mail desktop\wlmail.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Event Reminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk.disabled
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135210195328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O18 - Protocol: bw+0 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks

**Deckard** · 02-11-2007, 07:00 PM

Please follow Symantec's guide to clean out your Norton quarantine directory.

How is your system behaving now?

Chapin98 · 02-12-2007, 09:23 AM

Just as I was closing Firefox after checking the system performance it crashed again. I have not had any involuntary reboots since then however, (perhaps 4 hours). I have an updater for Sonic update manager trying to find a file at reboot (um.msi). It can not be found and it takes three or four cancel cycles to get the updater to go away. Then after 15 minutes or so it returns.

Other than that I things are running a bit smoother.

Chapin

**Deckard** · 02-12-2007, 09:23 PM

Here's something I found about your Roxio error that potentially might help:

Quote:

"Usually, a "UM.MSI" error means that the update manager may have become corrupted and needs to be reinstalled. To resolve there are three options:

Permanently remove the Sonic Update Manager. This will not affect the performance of any Sonic/Roxio software currently installed on the system.

Reinstall the application. If your software was bundled with hardware you may have to contact the manufacturer. While Sonic provides support for the software, the manufacturer of the bundle is in charge of any updates and replacements. Please visit the manufacturer's website for replacement discs and updates to your Sonic/Roxio software.

This may be caused by removing certain non-Sonic/Roxio applications that share file resources with our Sonic/Roxio software. To fix, you will need to replace these files with this fix utility:

http://tools.roxio.com/support/dell/isum_hotfix.exe

Be sure all Sonic and Roxio applications are shut down before launching this utility. This hotfix requires a reboot. No reinstallation of the software is necessary."

Let's run one more online scan. If it comes up clean and your system continues to not have any more involuntary reboots, we'll call it good. Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Post that report and one more HijackThis log after it finishes for me.

Chapin98 · 02-13-2007, 06:26 AM

Panda Active Scan as requested:

Incident Status Location

Virus:Trj/Qhost.gen Disinfected C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D0B67B12-0455-430F-947E-A10293B100ED}
Virus:Trj/Qhost.gen Disinfected C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DC0BB28E-A6CD-4B45-A8C7-3EE7EE98BA94}
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
fixed the Sonic Update Manager problem, too thanks.

**Deckard** · 02-13-2007, 08:12 PM

Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address. QHosts may have affected your HOSTS file, so I recommend you install the MVPS Hosts File referenced below.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm and then click OK.

Reset System Restore

Go to Start>Run, type SYSDM.CPL and press Enter.
Select the System Restore tab.
Check "Turn off System Restore on all drives" and click Apply.
Now uncheck the same option and click OK.

Re-enable Protection
Turn back on any malware prevention tools we might have had you switch off (Spysweeper, Windows Defender, AVG AntiSpyware Guard).

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Please ensure that you have already patched your system against these recent critical exploits:

WMF exploit: KB912919
VML exploit: KB925486

Enable Windows Auto Update:

Go to Start>Run, type WUAUCPL.CPL and press Enter.
Make sure "Keep my computer up to date" is checked.
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Tool Deletions
Feel free to remove ComboScan and it's folder.

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.

AOL Active Virus Shield (powered by Kaspersky Antivirus)
Avast!
AVG
Avira PersonalEdition Classic

Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:

Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.

Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.

Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:

Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
Miranda-IM - another Instant Messenger client with multiple IM capabilities.
Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.

Chapin98 · 02-14-2007, 05:07 AM

one final question. The Panda Active Scan showed this line in the text file:

Defender\FileTracker\{DC0BB28E-A6CD-4B45-A8C7-3EE7EE98BA94}
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe

should I be concerned about that?

**Deckard** · 02-14-2007, 08:47 PM

Nope, that's a legitimate HP utility. KillIt can be used for good or bad purposes; but in this case it's in HP's directory and so it came with your computer. It's safe to ignore it.

Chapin98 · 02-15-2007, 07:52 AM

Deckard,

that said then I think you have done it once again and saved another computer from being launched out the window!

Thanks so much.

Chapin

02-09-2007, 01:33 PM	#1 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	PC repeatedly reboots Hi, My PC repeatedly reboots itself throughout the day. Normally this occurs while surfing the web. Also, while using FF it will not allow me to connect to some sites like Usatoday, MSN, MSNBC, Myspace and others; I can connect to those using IE7 (except Usatoday). When the reboot is done I have a screen telling me that my active desktop is not working properly. Also, Firefox 2.0.0.1 and the Windows desktop revert to their default settings. I have run the following: CWShredder, AVG AntiSpyware, WebRoot Anti-Spyware, Stinger, Spybot, Adaware and Norton AV all found nothing other than "normal" tracking cookies which I deleted. I have also run Webroot Windows Washer. Here is the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 4:20:52 PM, on 2/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\KEMailKb\KEMailKb.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svcmon.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\MemTurbo\MemTurbo.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\HP_Owner\Desktop\Don\stng260.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Live Mail desktop\wlmail.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [MSRT] svcmon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe O4 - HKLM\..\RunServices: [MSRT] svcmon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: Event Reminder.lnk.disabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Updates from HP.lnk.disabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135210195328 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O18 - Protocol: bw+0 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Thanks in advance for your help.

02-11-2007, 01:58 PM	#2 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hello, and welcome to the HijackThis Help Forum. Apologies for any delay in replying, but we have been rather busy lately. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Since it has been a few days since you first posted, please download ComboScan and save it to your Desktop. Double-click on comboscan.exe and follow the prompts. Please note that some firewalls may warn that sigcheck.exe is trying to access the Internet -- please allow it. When it has finished, ComboScan will open Notepad with a log file -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) this logfile as your reply. Additionally, a folder will open with two text files. Please attach the Supplementary.txt file with your reply. To attach a file to a new post, simply: Click the [Manage Attachments] button under Additional Options > Attach Files on the post composition page, and Copy and paste the following into the "Upload File from your Computer" box: C:\ComboScan\Supplementary.txt Click Upload. Thank you. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

02-11-2007, 02:28 PM	#3 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	ComboScan v20070210.13 run by HP_Owner on 2007-02-11 at 17:16:32 Computer is in Normal Mode. -------------------------------------------------------------------------------- Sorry the last part was supposed to be an attachment! Successfully created restore point. Performed disk cleanup. -- HijackThis log (run as HP_Owner.com) ----------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 5:17:19 PM, on 2/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\KEMailKb\KEMailKb.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svcmon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\MemTurbo\MemTurbo.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Live Mail desktop\wlmail.exe C:\Documents and Settings\HP_Owner\Desktop\comboscan.exe C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~sjxvoko.tmp\HP_Owner.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [MSRT] svcmon.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\RunServices: [MSRT] svcmon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: Event Reminder.lnk.disabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Updates from HP.lnk.disabled O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135210195328 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O18 - Protocol: bw+0 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS 1 AmdK8 (AMD Processor Driver) - system32\DRIVERS\AmdK8.sys 3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys 1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys 0 bb-run (Promise driver accelerator) - system32\DRIVERS\bb-run.sys 2 CdaC15BA - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS 3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - System32\Drivers\DKbFltr.sys 1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 3 ENETHUSB (Speedstream Ethernet USB Adapter) - system32\DRIVERS\enethusb.sys 0 ftsata2 - system32\DRIVERS\ftsata2.sys 0 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - system32\DRIVERS\gagp30kx.sys 3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys 3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys 0 iaStor (Intel RAID Controller) - system32\DRIVERS\iaStor.sys 1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys 3 Jukebox3 - system32\DRIVERS\ctpdusb.sys 1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys 3 L8042PR2 (Logitech PS/2 Mouse Filter Driver) - System32\Drivers\l8042pr2.sys 3 LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - system32\DRIVERS\LHidFlt2.Sys 3 LMouFlt2 (Logitech Mouse Class Filter Driver) - System32\Drivers\LMouFlt2.sys 3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys 3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys 3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\naveng.sys 3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070207.017\navex15.sys 3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys 0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys 0 PCIIde - system32\DRIVERS\pciide.sys 3 Point32 (Microsoft IntelliPoint Filter Driver) - system32\DRIVERS\point32.sys 0 PxHelp20 - System32\Drivers\PxHelp20.sys 3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS 1 SAVRT - \??\C:\Program Files\Symantec AntiVirus\savrt.sys 2 SAVRTPEL - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys 3 Sfloppy (High-Capacity Floppy Disk Drive) - system32\DRIVERS\sfloppy.sys 3 SiS315 - system32\DRIVERS\sisgrp.sys 0 SISAGP (SiS AGP Filter) - system32\DRIVERS\SISAGPX.sys 0 SiSide - system32\DRIVERS\siside.sys 0 sisidex - system32\drivers\sisidex.sys 1 SiSkp - system32\DRIVERS\srvkp.sys 3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - system32\DRIVERS\sisnic.sys 3 SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - system32\DRIVERS\sisnicxp.sys 0 sisperf (Add Performance Filter Driver) - system32\drivers\sisperf.sys 3 smserial - system32\DRIVERS\smserial.sys 0 srescan - system32\ZoneLabs\srescan.sys 0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - SYSTEM32\Drivers\SSFS0509.SYS 0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - SYSTEM32\Drivers\SSHRMD.SYS 0 SSIDRV (Spy Sweeper Interdiction Driver) - SYSTEM32\Drivers\SSIDRV.SYS 3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - System32\Drivers\sskbfd.sys 3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS 3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS 3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS 3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS 3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20051228.053\symidsco.sys 3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS 3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS 1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS 3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys 3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys 3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - system32\DRIVERS\usbohci.sys 3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys 3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys 3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS 3 USB_RNDIS (Texas Instruments AR7D01 DSL Router) - system32\DRIVERS\usb8023.sys 0 ViaIde - system32\DRIVERS\viaide.sys 1 vsdatant - System32\vsdatant.sys 3 WpdUsb - system32\DRIVERS\wpdusb.sys 0 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys 3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 2 C-DillaCdaC11BA - C:\WINDOWS\system32\drivers\CDAC11BA.EXE 2 ccEvtMgr (Symantec Event Manager) - "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" 3 ccPwdSvc (Symantec Password Validation) - "c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" 2 ccSetMgr (Symantec Settings Manager) - "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" 2 Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE 2 DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe" 2 Diskeeper - "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" 3 Fax - %systemroot%\system32\fxssvc.exe 3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" 3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe" 2 ISSVC - "c:\Program Files\Norton Internet Security\ISSVC.exe" 2 LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE 2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" 3 SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe" 2 SMART Board Service - "C:\Program Files\SMART Board Software\SMARTBoardService.exe" 3 SNDSrvc (Symantec Network Drivers Service) - "c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" 2 Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" 3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe" 2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service 2 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" 2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe" 3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe" 2 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup -- Scheduled Tasks -------------------------------------------------------------- 2007-02-11 17:04:06 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{265442CC-E0C4-4B9A-9CCF-18AAC0AC9DB9}.job<USER_F~1.JOB> 2007-02-11 15:31:01 370 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB> 2007-02-11 11:40:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB> 2007-02-09 11:56:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> -- Files created between 2007-01-11 and 2007-02-11 ------------------------------ 2007-02-10 13:31:18 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-10 11:52:37 49024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys<Unsigned: Windows (R) 2000 DDK provider> 2007-02-10 11:52:36 139264 --a------ C:\WINDOWS\system32\IDEproperty.dll<IDEPRO~1.DLL><Unsigned: n/a> 2007-02-10 11:52:31 9472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys<Unsigned: Silicon Integrated Systems Corp.> 2007-02-10 11:38:34 0 d-------- C:\Program Files\sisagp 2007-02-10 11:21:17 106496 -----n--- C:\WINDOWS\SiSUSBrg.exe<Unsigned: Silicon Integrated Systems Corp.> 2007-02-10 11:21:17 3583 -----n--- C:\WINDOWS\SiSport.sys<Unsigned: Windows (R) 2000 DDK provider> 2007-02-10 11:21:17 32768 -----n--- C:\WINDOWS\SIS_LIB.DLL<Unsigned: n/a> 2007-02-10 11:20:22 258048 --a------ C:\WINDOWS\system32\SiSParse.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:20:22 49152 -----n--- C:\WINDOWS\system32\SiSBase.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:20:01 0 d-------- C:\Program Files\SiS VGA Utilities V3.65<SISVGA~1.65> 2007-02-10 11:17:42 0 d-------- C:\WINDOWS\SIS 2007-02-10 11:17:41 110592 -----n--- C:\WINDOWS\system32\TVMode.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:17:41 28672 -----n--- C:\WINDOWS\system32\SiSHook.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:17:40 176128 -----n--- C:\WINDOWS\system32\SiSApCom.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:17:31 331776 --a------ C:\WINDOWS\system32\sistray.exe<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:17:27 0 d-------- C:\WINDOWS\system32\trayres 2007-02-10 11:16:11 184320 --a------ C:\WINDOWS\system32\SiSInst.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:16:10 258048 --a------ C:\WINDOWS\system32\_SiSParse.dll<_SISPA~1.DLL><Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:16:10 49152 --a------ C:\WINDOWS\system32\_SiSBase.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:16:09 49152 --a------ C:\WINDOWS\system32\SiSPower.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-10 11:16:09 32768 -----n--- C:\WINDOWS\InstFunc.exe<Unsigned: n/a> 2007-02-10 11:16:09 7168 --a------ C:\WINDOWS\InstFunc.dll<Unsigned: Silicon Integrated Systems Corporation> 2007-02-09 17:59:18 0 d-------- C:\Program Files\PC Wizard 2007<PCWIZA~1> 2007-01-29 17:26:21 1 --a------ C:\tempdeleft.exe<TEMPDE~2.EXE><Unsigned: n/a> 2007-01-29 17:11:19 0 --a------ C:\tempdelet.exe<TEMPDE~1.EXE><Unsigned: n/a> 2007-01-29 17:03:34 0 --a------ C:\deleteme.exe<Unsigned: n/a> 2007-01-28 12:53:34 0 d-------- C:\Program Files\Legacy Interactive<LEGACY~1> 2007-01-28 12:05:02 0 d-------- C:\Program Files\Edmark 2007-01-21 23:02:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-01-21 23:02:39 15360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys<Unsigned: Webroot Software Inc (www.webroot.com)> 2007-01-21 23:02:39 122368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys<Unsigned: Webroot Software Inc (www.webroot.com)> 2007-01-21 23:02:39 15872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys<Unsigned: Webroot Software Inc (www.webroot.com)> 2007-01-21 23:02:39 14848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys<Unsigned: Webroot Software Inc (www.webroot.com)> 2007-01-21 22:59:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-01-21 12:17:43 0 d-------- C:\Program Files\Virtools Web Player 3.0<VIRTOO~1.0> 2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.> 2007-01-14 01:07:01 53248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll<CIAXPR~1.DLL><Unsigned: CIA, The Company> 2007-01-14 01:07:00 200704 --a------ C:\WINDOWS\system32\ciaSCls20.dll<CIASCL~1.DLL><Unsigned: CIA, The company> 2007-01-14 00:59:44 497488 --a------ C:\WINDOWS\system32\XceedZip.dll<Signed: Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com> 2007-01-14 00:59:43 65536 --a------ C:\WINDOWS\system32\ssfm1032.dll<Unsigned: Sheridan Software Systems, Inc> 2007-01-14 00:59:42 89360 --a------ C:\WINDOWS\system32\VB5DB.dll<Unsigned: Microsoft Corporation> 2007-01-14 00:59:42 38400 --a------ C:\WINDOWS\system32\lttwn11n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:59:42 3824 --a------ C:\WINDOWS\system32\ltthk11w.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:59:41 226816 --a------ C:\WINDOWS\system32\ltefx11n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:59:41 26112 --a------ C:\WINDOWS\system32\lfmsp11n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:59:41 27136 --a------ C:\WINDOWS\system32\lfimg11n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:59:41 35328 --a------ C:\WINDOWS\system32\lfcal11n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 453120 --a------ C:\WINDOWS\system32\ltkrn13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 445440 --a------ C:\WINDOWS\system32\ltimg13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 154112 --a------ C:\WINDOWS\system32\ltfil13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 206848 --a------ C:\WINDOWS\system32\ltefx13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 265216 --a------ C:\WINDOWS\system32\ltdis13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 1693696 --a------ C:\WINDOWS\system32\ltclr13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 142848 --a------ C:\WINDOWS\system32\lftif13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 90112 --a------ C:\WINDOWS\system32\lfjbg13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 246272 --a------ C:\WINDOWS\system32\lfj2k13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 73728 --a------ C:\WINDOWS\system32\lffax13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:20:21 388608 --a------ C:\WINDOWS\system32\lfcmp13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-01-14 00:19:58 0 d-------- C:\Program Files\MFInstall<MFINST~1> 2007-01-13 18:42:12 0 d-------- C:\Program Files\Windows Live Mail desktop<WINDOW~4> 2007-01-13 17:32:20 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1> -- Find3M Report ---------------------------------------------------------------- 2007-02-11 11:38:40 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1> 2007-02-10 15:19:43 13977 --a------ C:\WINDOWS\mozver.dat 2007-02-10 13:15:37 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Registry Booster<REGIST~1> 2007-02-10 13:13:43 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1> 2007-02-10 11:48:33 4096 --a------ C:\WINDOWS\system32\drivers\siside.sys<Signed: Silicon Integrated Systems Corp.> 2007-02-10 11:42:25 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-10 11:42:05 32768 --a------ C:\WINDOWS\system32\drivers\sisnicxp.sys<Signed: SiS Corporation> 2007-02-10 11:08:20 36992 --a------ C:\WINDOWS\system32\drivers\SISAGPX.SYS<Signed: Silicon Integrated Systems Corporation> 2007-02-08 17:37:12 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-02-07 12:24:45 0 d-------- C:\Program Files\Zylom Games<ZYLOMG~1> 2007-02-07 12:23:15 0 d-------- C:\Program Files\BitTorrent<BITTOR~1> 2007-02-07 07:22:57 0 d-------- C:\Program Files\Opera 2007-02-05 21:54:06 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\BitTorrent<BITTOR~1> 2007-02-04 15:18:35 0 d-------- C:\Program Files\Family Tree Maker 2005<FAMILY~1> 2007-02-04 11:19:17 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\U3 2007-01-31 20:50:35 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Yahoo! 2007-01-31 08:59:34 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire 2007-01-28 12:37:06 0 d-------- C:\Program Files\Yahoo! Games<YAHOO!~1> 2007-01-26 12:01:38 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-01-26 12:00:12 0 d-------- C:\Program Files\Apple Software Update<APPLES~1> 2007-01-21 23:02:37 0 d-------- C:\Program Files\Webroot 2007-01-21 22:58:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Webroot 2007-01-21 16:42:05 0 d-------- C:\Program Files\Java 2007-01-20 17:38:41 0 d-------- C:\Program Files\SMART Board Software<SMARTB~1> 2007-01-15 20:52:24 0 d-------- C:\Program Files\Diner Dash<DINERD~1> 2007-01-14 16:16:41 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer<APPLEC~1> 2007-01-13 18:25:16 0 d-------- C:\Program Files\Family Tree Maker 2006<FAMILY~3> 2007-01-12 17:23:48 0 d-------- C:\Program Files\LimeWire 2007-01-10 00:33:43 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Opera 2007-01-09 22:15:00 1392640 --a------ C:\WINDOWS\system32\svcmon.exe<Unsigned: n/a> 2007-01-09 22:09:58 0 d-------- C:\Program Files\Avant Browser<AVANTB~1> 2007-01-09 15:03:45 0 d-------- C:\Program Files\Diskeeper Corporation<DISKEE~1> 2006-12-30 14:23:20 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2006-12-30 11:04:49 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2006-12-30 11:04:49 0 d-------- C:\Program Files\MemTurbo 2006-12-30 11:04:02 0 d-------- C:\Program Files\KEMailKb 2006-12-30 11:02:02 0 d-------- C:\Program Files\iTunes 2006-12-30 10:57:35 0 d-------- C:\Program Files\Google 2006-12-30 10:54:52 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2006-12-30 08:14:08 0 d-------- C:\Program Files\WebIQ 2006-12-29 15:25:12 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Creative 2006-12-29 01:04:28 0 d-------- C:\Program Files\Yahoo! 2006-12-29 00:50:51 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1> 2006-12-28 16:16:36 0 d--h----- C:\Program Files\Creative Installation Information<CREATI~1> 2006-12-28 16:12:56 0 d-------- C:\Program Files\Creative 2006-12-28 16:12:23 0 d-------- C:\Program Files\Common Files\Creative 2006-12-27 19:08:49 0 d-------- C:\Program Files\iPod 2006-12-26 18:40:00 0 d-------- C:\Program Files\Micro Innovations<MICROI~1> 2006-12-24 19:35:00 87 --a------ C:\WINDOWS\popcinfo.dat 2006-12-16 11:24:43 0 d-------- C:\Program Files\Trend Micro<TRENDM~1> 2006-12-11 17:33:14 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Zylom -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\"" "Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\"" "MtdAcqu"="\"C:\\Program Files\\Creative\\MediaSource5\\MtdAcqu.exe\" /s" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run" "ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "ISUSScheduler"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\issch.exe\" -start" "Logitech Utility"="Logi_MwX.Exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "KEMailKb"="C:\\PROGRA~1\\KEMailKb\\KEMailKb.EXE" "RegistryMechanic"="" "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\"" "MSRT"="svcmon.exe" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "SiSPower"="\"Rundll32.exe\" SiSPower.dll,ModeAgent" "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "MSRT"="svcmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hphupd08" "hkey"="HKLM" "command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackWeb-8876480" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sm56hlpr" "hkey"="HKLM" "command"="sm56hlpr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ZinioDeliveryManager" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ file:///C:/DOCUME~1/HP_Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 -- End of ComboScan: finished at 2007-02-11 at 17:19:04 ------------------------- ComboScan v20070210.13 run by HP_Owner on 2007-02-11 at 17:16:32 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Sempron(tm) Processor 3000+ Percentage of Memory in Use: 44% Physical Memory (total/avail): 895.48 MiB / 500.86 MiB Pagefile Memory (total/avail): 1486.18 MiB / 831.11 MiB Virtual Memory (total/avail): 2047.88 MiB / 1993.76 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 67.01 GiB total, 34.68 GiB free. D: is Fixed (FAT32) - 7.5 GiB total, 2.08 GiB free. E: is CDROM (Unformatted) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) -- Security Center -------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is unknown. FirstRunDisabled is set. AntiVirusDisableNotify is set. FW: ZoneAlarm Pro Firewall v6.5.737.000 (Zone Labs, Inc.) AV: Symantec AntiVirus Corporate Edition v9.0.2.1000 (Symantec Corporation) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SANKER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Owner LOGONSERVER=\\SANKER NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Diskeeper Corporation\Diskeeper\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2c02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp tvdumpflags=8 USERDOMAIN=SANKER USERNAME=HP_Owner USERPROFILE=C:\Documents and Settings\HP_Owner windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------- HP_Owner -- Add/Remove Programs ---------------------------------------------------------- --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> C:\WINDOWS\uninst.exe -fC:\Maxis\SimFarm\DeIsL1.isu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe" Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adventure Inlay(TM) --> C:\PROGRA~1\SHOCKW~1.COM\ADVENT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ADVENT~1\INSTALL.LOG Agnitum Tauscan 1.7 --> C:\PROGRA~1\Agnitum\TAUSCA~1.7\UNWISE.EXE C:\PROGRA~1\Agnitum\TAUSCA~1.7\INSTALL.LOG Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe" Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe" AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Backspin Billiards --> C:\PROGRA~1\SHOCKW~1.COM\BACKSP~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BACKSP~1\INSTALL.LOG Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini" BookWorm Deluxe 1.02 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log" Bounce Out --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDEC8492-94F7-43E3-8C7C-29CA97B3CE95}\Setup.exe" ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D} Christmas 1.0 --> "c:\Hiyah\Christmas\SETUP\setup.exe" /u CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe Collapse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75F66C39-B41E-11D5-B743-00D0B74C4519}\Setup.exe" Cool Timer 2.2 --> "C:\Program Files\Cool Timer\unins000.exe" CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreVorbis-uninstall.exe" Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Creative Zen Micro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x9 /remove Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat Digital Locker Assistant --> MsiExec.exe /I{7AA56274-7E3A-45AD-8C9D-34D11AED41A9} Diner Dash --> "C:\WINDOWS\Diner Dash\uninstall.exe" "/U:C:\Program Files\Diner Dash\Uninstall\uninstall.xml" Diner Dash 2 (remove only) --> "C:\Documents and Settings\HP_Owner\Desktop\Games\Diner Dash 2\Uninstall.exe" Diner Dash Two --> C:\Program Files\Diner Dash Two\Uninstal.exe Diskeeper 2007 Pro Premier --> MsiExec.exe /X{B1D8CAE1-62E8-4259-8B57-1755629F71EC} DrawPlus 3.0 --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL1.isu" Dynomite Deluxe 2.71 --> C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log" Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033 Efficient Networks SpeedStream DSL --> C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall Family Feud (remove only) --> "C:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe" Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\Setup.exe" -l0x9 GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC} HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} Insaniquarium Deluxe 1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Insaniquarium Deluxe\irunin.ini" IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} KEMailKb --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI Legacy 6.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log Lexmark Supplies Monitor --> C:\WINDOWS\system32\LXSMUNIN.EXE Lexmark Z25-Z35 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAXUN5C.EXE -dLexmark Z25-Z35 LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Links LS 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Games\Links LS 2000\Uninst.isu" Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9} Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914} Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall Millie's Math House (Remove only) --> C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Millie's Math House " Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MySpaceIM --> MsiExec.exe /I{C3C42F6E-EB61-4784-BC97-B0C64E163CED} Mystery Case Files - Huntsville (remove only) --> "C:\Program Files\Mystery Case Files - Huntsville\Uninstall.exe" NingPo MahJong Deluxe 1.04 --> C:\Program Files\PopCap Games\NingPo MahJong Deluxe\UnGins.exe "C:\Program Files\PopCap Games\NingPo MahJong Deluxe\install.log" Noah's Ark Deluxe 1.1 --> C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125} Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B} Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F} Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF} Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22} Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C} Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033 PC Wizard 2007.1.72 --> "C:\Program Files\PC Wizard 2007\unins000.exe" PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe PCMagazine SurfSpeed --> "C:\Program Files\PC Magazine Utilities\SurfSpeed\unins000.exe" Photo Organizer --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL1.isu" PrintMaster Gold 17 --> MsiExec.exe /I{C4DCAD15-B754-4FD9-8035-713FE919B118} PureVoice --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}\Setup.exe" -l0x9 Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe" SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe" Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG SimCity 2000® CD Collection --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu" SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem40.inf SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9 Slingo Deluxe --> C:\PROGRA~1\SHOCKW~1.COM\SLINGO~1\product\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SLINGO~1\product\INSTALL.LOG SMART Board Software --> MsiExec.exe /I{EE2A5345-CBE2-4932-83B0-D628D0D24AF8} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe The Emporer's Mahjong --> "C:\Program Files\Emperors Mahjong\unins000.exe" The Incredible Machine: Even More Contraptions --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF7A031F-96C8-404C-99C9-96C675D6099F}\Setup.exe" The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009 Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe" Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u WebIQ Client Software --> C:\WINDOWS\system32\WebIQInstall.exe /u Window Washer --> C:\WINDOWS\Unwash6.exe Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Live Mail desktop --> MsiExec.exe /I{7EAADEA9-D36D-46A2-BC8E-7B3F097835B8} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe Zoo Vet (remove only) --> "C:\Program Files\Legacy Interactive\Zoo Vet\Uninstall.exe" Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log" Zuma Deluxe! 1.0 --> C:\WINDOWS\iun6002.exe "C:\My Games\zuma\irunin.ini" -- End of ComboScan: finished at 2007-02-11 at 17:19:04 ------------------------- Last edited by Chapin98; 02-11-2007 at 02:34 PM.

02-11-2007, 03:04 PM	#4 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Okay, let's get rid of what I can see. P2P Software I see you have P2P software (i.e. Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Disable SpySweeper Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable SpySweeper: Go to the Options>Program Options. Uncheck Load at Windows Startup. Click Shields and uncheck all items there. Uncheck Home page shield. Disable Windows Defender Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. To disable Defender: Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Disable AVG AntiSpyware Guard Please disable AVG AntiSpyware's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable AVG AS Guard: Open AVG AntiSpyware by double-clicking the AVG AS system tray icon. Click the Shield tab at the top Click on the word active to change it to inactive. Close AVG AntiSpyware. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): J2SE Runtime Environment 5.0 Viewpoint Media Player Please let me know if any of these were unable to uninstall. Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): O4 - HKLM\..\Run: [MSRT] svcmon.exe O4 - HKLM\..\RunServices: [MSRT] svcmon.exe Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\Viewpoint C:\WINDOWS\system32\svcmon.exe C:\deleteme.exe C:\tempdeleft.exe C:\tempdelet.exe Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded, click on NEXT. Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: extended Scan Options: Scan Archives and Scan Mail Bases Click OK Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done. Now under select a target to scan, select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run all the way. Once the scan is complete it will display if your system has been infected. Click on the Save as Text button and save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. With Your Next Post... Please paste the following with your next reply (in this order please): Kaspersky scan report, a new HiJackThis log taken after Kaspersky finishes. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

02-11-2007, 06:37 PM	#5 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	Follow Up as Requested after Kaspersky As requested: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, February 11, 2007 9:28:06 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/02/2007 Kaspersky Anti-Virus database records: 266872 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 147079 Number of viruses found: 13 Number of infected objects: 46 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:29:57 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01132007-173234.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN Infected: not-a-virus:AdWare.Win32.BHO.w skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0000.VBN Infected: Trojan-Clicker.Win32.Delf.dm skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05AC0001.VBN Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300001.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300001.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300001.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09100000.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09100001.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000.VBN Infected: Trojan-PSW.Win32.Sinowal.ch skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280001.VBN Infected: Trojan-Clicker.Win32.Costrat.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900000.VBN Infected: Trojan-PSW.Win32.Sinowal.ch skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900001.VBN Infected: Trojan-Clicker.Win32.Costrat.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.asd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN/run.exe Infected: Trojan-Downloader.Win32.Zlob.asd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN ZIP: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN CryptZ: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A340000.VBN Infected: Backdoor.Win32.IRCBot.yc skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AEC0000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AEC0001.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0001.VBN Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0002.VBN Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0003.VBN Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0004.VBN Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0005.VBN Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B2C0006.VBN Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0000.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B5C0001.VBN Infected: Trojan-Downloader.Win32.Small.ddp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0001.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF40000.VBN Infected: Backdoor.Win32.IRCBot.yc skipped C:\Documents and Settings\HP_Owner\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped C:\Documents and Settings\HP_Owner\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\MSNBC~dcom_ Newsweek~.feed-ms Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\MSNBC~dcom_ Top MSNBC Headlines~.feed-ms Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds\USATODAY~dcom News - Top Stories~.feed-ms Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D0B67B12-0455-430F-947E-A10293B100ED} Infected: Trojan.Win32.Qhost skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DC0BB28E-A6CD-4B45-A8C7-3EE7EE98BA94} Infected: Trojan.Win32.Qhost skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\donsanker@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\donsanker@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\edb.log Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\edbtmp.log Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\Hotmail (do 1c7\Deleted items\5AF141BB-000006D8.eml Infected: Trojan-Spy.HTML.Paylap.ad skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\tmp.edb Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\donsanker@hotmail.com\WindowsLiveMaildesktop.MSMessageStore Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\JETFDC0.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\Perflib_Perfdata_c6c.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF2B72.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF2B8F.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF3FDF.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF412C.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF440C.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF44AA.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF4971.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF49A9.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF4A4C.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF4A69.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF8E0.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF9195.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF9E4.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFCD99.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFCF57.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFDB09.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFDB32.tmp Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\SMART Board Software\SMARTBoardService.log Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP552\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\SANKER.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_248.dat Object is locked skipped C:\WINDOWS\Temp\ZLT000ae.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT000b2.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP552\change.log Object is locked skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 9:32:19 PM, on 2/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\KEMailKb\KEMailKb.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\MemTurbo\MemTurbo.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live Mail desktop\wlmail.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: Event Reminder.lnk.disabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Updates from HP.lnk.disabled O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135210195328 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O18 - Protocol: bw+0 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {B6790B4E-603F-49F1-AFC4-B9E707A3B134} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Thanks

02-11-2007, 07:00 PM	#6 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Please follow Symantec's guide to clean out your Norton quarantine directory. How is your system behaving now? __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

02-12-2007, 09:23 AM	#7 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	Just as I was closing Firefox after checking the system performance it crashed again. I have not had any involuntary reboots since then however, (perhaps 4 hours). I have an updater for Sonic update manager trying to find a file at reboot (um.msi). It can not be found and it takes three or four cancel cycles to get the updater to go away. Then after 15 minutes or so it returns. Other than that I things are running a bit smoother. Chapin

02-13-2007, 06:26 AM	#9 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	Panda Active Scan as requested: Incident Status Location Virus:Trj/Qhost.gen Disinfected C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D0B67B12-0455-430F-947E-A10293B100ED} Virus:Trj/Qhost.gen Disinfected C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DC0BB28E-A6CD-4B45-A8C7-3EE7EE98BA94} Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe fixed the Sonic Update Manager problem, too thanks.

02-13-2007, 08:12 PM	#10 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address. QHosts may have affected your HOSTS file, so I recommend you install the MVPS Hosts File referenced below. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm and then click OK. Reset System Restore Go to Start>Run, type SYSDM.CPL and press Enter. Select the System Restore tab. Check "Turn off System Restore on all drives" and click Apply. Now uncheck the same option and click OK. Re-enable Protection Turn back on any malware prevention tools we might have had you switch off (Spysweeper, Windows Defender, AVG AntiSpyware Guard). Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection. Please ensure that you have already patched your system against these recent critical exploits: WMF exploit: KB912919 VML exploit: KB925486 Enable Windows Auto Update: Go to Start>Run, type WUAUCPL.CPL and press Enter. Make sure "Keep my computer up to date" is checked. Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Tool Deletions Feel free to remove ComboScan and it's folder. Malware Prevention This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them. Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer". The following is a list of free software we recommend: Antivirus AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one. AOL Active Virus Shield (powered by Kaspersky Antivirus) Avast! AVG Avira PersonalEdition Classic Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use: Comodo Personal Firewall ZoneAlarm Realtime Malware Prevention Tools These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time. Spyware Guard Spybot Search & Destroy AdAware WinPatrol - with tutorial Passive Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources. SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates. IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage. MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites. McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firefox Opera Alternative Miscellaneous Here are some alternatives that are worth looking into if you use their features: Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.) Miranda-IM - another Instant Messenger client with multiple IM capabilities. Desktop Weather - A taskbar weather program that is free and resource light. Please respond to this thread one more time so we can mark this thread as resolved. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

02-14-2007, 05:07 AM	#11 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	one final question. The Panda Active Scan showed this line in the text file: Defender\FileTracker\{DC0BB28E-A6CD-4B45-A8C7-3EE7EE98BA94} Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe should I be concerned about that?

02-14-2007, 08:47 PM	#12 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Nope, that's a legitimate HP utility. KillIt can be used for good or bad purposes; but in this case it's in HP's directory and so it came with your computer. It's safe to ignore it. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

02-15-2007, 07:52 AM	#13 (permalink)
Chapin98 Registered User Join Date: Dec 2006 Posts: 10 OS: xp sp2	Deckard, that said then I think you have done it once again and saved another computer from being launched out the window! Thanks so much. Chapin