ZV6000 hijackthis log

[iamslotman]

I hope I did this correctly My daughters laptop will not open these programs (Add/delete programs) (defrag) and I was advised to post here and to mention that the DSS program also wouldn't open after following the 5 step guide I was earlier advised to try.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:24:43 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1129169169\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129169169\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\angela selvaggio\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Hewlett Packard Manager] hpmanager.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [pmbsvsf] C:\WINDOWS\pmbsvsf.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB003" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Hewlett Packard Manager] hpmanager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [NEWPICSAVER] "C:\Windows\NEWPICSAVER.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbi...3/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames...f.cab40641.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/chuz...pcaploader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 17407 bytes

[amateur]

Welcome to the TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

[iamslotman]

I have been patiently waiting all these days. I haven't gone anywhere but you guys shouldn't have left me unsupervised so long. I received the OS disk from HP and I ran a repair program using it and that made defrag and add/delete work again. I then followed step one (now that I could) and I removed all unwanted programs listed as well as the poker sites. This led to suddenly the keyboard freezing the screen whenever I tried to type. I then ran a restore putting everything back in place but still no keyboard. I own the identical twin laptop to this one so I was able to copy and install the missing files that appeared on startup. These were Oleaut32.dll, eabfiltr.sys, eabusb.sys, and btwhidcs.dll. All worked except the last one because I still get the error message saying "BTTray.exe unable to locate component btwhidcs.DLL". Possible I copied it to the wrong folder. But the keyboard is working so I will proceed and try the requested instructions. Thank you

[iamslotman]

I ran the panda program again and saved the report. The Dss program says "sorry we encountered a problem and need to close" so I cannot run that but I am including both Activescan reports, one from last week and Activescan2 from tonight.

[amateur]

Hi,

Sounds like this computer has suffered quite a bit. I don't know if we can revive it, but let's try. Not only it's infected (which we can fix if we can get the tools running) but may also be missing some system and/or software files missing. When did all this problem start? Can you restore it to a date when the computer worked without any problems?

You are also using a Beta version of the HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may uninstall/delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

[iamslotman]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:19 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Palm\Hotsync.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1129169169\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129169169\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Hewlett Packard Manager] hpmanager.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [pmbsvsf] C:\WINDOWS\pmbsvsf.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB003" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [Hewlett Packard Manager] hpmanager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [NEWPICSAVER] "C:\Windows\NEWPICSAVER.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbi...3/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames...f.cab40641.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16880 bytes


My daughter and her husband used this laptop for 3 years. The screen went black 9months ago and they used it connected to an externalmonitor as I am now. They bought a new laptop a few months back when the new problems started. It seems the only restore date available is Feb 4th of this year which I used to get back all I deleted when he keyboard stopped working 3 nights ago. (After I deleted unwanted programs)

[iamslotman]

My wife uses the exact clone to this HP laptop and it works fine (other than being slow) in case you need me to copy any tools from it to reinstall here.

[amateur]

Hi,

Do you have the XP installation disk? Before we begin, you might like to back up all your personal data (documents and photos) to a removable data storage media.

===================================

Go to Start>Control Panel>Add or Remove Programs and remove the following, if you haven't already:

ViewPoint
MyWebSearch
iWin Games
Morpheus
LimeWire

===================================

Run HJT and click on Open the Misc Tools section.
Click on delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\Windows\System32\hpmanager.exe

When you are asked "Do you want to restart your computer now?", click NO.
Repeat these steps for the following file(s) and this time, when you reach the end, click OK:

C:\WINDOWS\pmbsvsf.exe

Your PC MUST reboot to delete the files!

Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Hewlett Packard Manager] hpmanager.exe
O4 - HKLM\..\Run: [pmbsvsf] C:\WINDOWS\pmbsvsf.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Hewlett Packard Manager] hpmanager.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/din...g.1.0.0.33.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

==================================

Restart the computer for the changes to take effect.

==================================

I really need the DSS log. Let's see if we can have it run like this:

Make sure DSS.exe is on your Desktop
Press the Start->Run, copy/paste the following command into the box and press OK:

Quote:

"%userprofile%\desktop\dss.exe" /config

A configuration box will appear, click the Check All button and press Scan!

==================================

Please post back the DSS main.txt, extra.txt and a fresh HijackThis log.

[iamslotman]

I followed the instructions with the following exceptions..
Some programs listed to delete were not found
Some files I was supposed to click to remove were not listed
DSS still stops and closes during temp files checkup and it says
error signature
AppName: dss.exe AppVer 3.2.8.1 ModName: dss.dll ModVer0.0.0.0 Offset00002120
under technical imformation it says C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\55be_appcompat.txt

[amateur]

Quote:

Originally Posted by iamslotman

I followed the instructions with the following exceptions..
Some programs listed to delete were not found
Some files I was supposed to click to remove were not listed
DSS still stops and closes during temp files checkup and it says
error signature
AppName: dss.exe AppVer 3.2.8.1 ModName: dss.dll ModVer0.0.0.0 Offset00002120
under technical imformation it says C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\55be_appcompat.txt

OK. Try running DSS again.

Click Start>Select 'Run' - then copy/paste the following bolded text into the run box & click OK


"%userprofile%\desktop\dss.exe" /config


Under the Main Log heading-- Uncheck Temp Cleanup

Click Scan!

[iamslotman]

Deckard's System Scanner v20071014.68
Run by angela selvaggio on 2008-02-13 12:52:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
31: 2008-02-13 10:33:29 UTC - RP31 - Deckard's System Scanner Restore Point
30: 2008-02-13 08:00:32 UTC - RP30 - Software Distribution Service 3.0
29: 2008-02-13 01:33:42 UTC - RP29 - Deckard's System Scanner Restore Point
28: 2008-02-13 01:30:57 UTC - RP28 - Software Distribution Service 3.0
27: 2008-02-13 01:28:16 UTC - RP27 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-11 20:08:15 UTC - RP1 - System Checkpoint


Backed up registry hives.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as angela selvaggio.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:50 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Palm\Hotsync.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1129169169\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129169169\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\angela selvaggio\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\angela selvaggio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB003" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [NEWPICSAVER] "C:\Windows\NEWPICSAVER.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbi...3/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames...f.cab40641.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14622 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080213-093949-149 O4 - Global Startup: BTTray.lnk = ?
backup-20080213-093949-209 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20080213-093949-231 O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
backup-20080213-093949-454 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
backup-20080213-093949-609 O4 - HKLM\..\Run: [pmbsvsf] C:\WINDOWS\pmbsvsf.exe
backup-20080213-093949-662 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080213-093949-818 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20080213-093949-828 O4 - HKLM\..\RunServices: [Hewlett Packard Manager] hpmanager.exe
backup-20080213-093949-891 O4 - HKLM\..\Run: [Hewlett Packard Manager] hpmanager.exe
backup-20080213-093950-210 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20080213-093950-721 O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/din...g.1.0.0.33.cab
backup-20080213-093950-917 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 HSFHWATI - c:\windows\system32\drivers\hsfhwati.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 VBus (Virtual Bus) - c:\windows\system32\drivers\nkvbus.sys <Not Verified; Nikon Corporation; Virtual Bus Device Driver>

S3 dbustrcm - c:\documents and settings\angela selvaggio\local settings\temp\dbustrcm.sys
S3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NkPtpEnumP2 - "c:\program files\nikon\wireless camera setup utility\nkptpenum.exe" -a -d="c:\program files\nikon\wireless camera setup utility\nkptpip.dll" <Not Verified; Nikon Corporation; PTP/IP Enumerator>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\ED014064553F0200
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\ED014064553F0200
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 19:30:01 362 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-02-03 06:28:51 354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 09:46:53 0 d-------- C:\WINDOWS\LastGood
2008-02-13 01:42:00 0 d-------- C:\Program Files\Trend Micro
2008-02-12 19:08:32 8576 --a------ C:\WINDOWS\system32\drivers\fcbqnijlvbcj.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-12 09:42:17 0 d-------- C:\Program Files\Dell Photo Printer 720
2008-02-12 09:42:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
2008-02-12 09:42:11 0 d-------- C:\WINDOWS\EPSON PhotoStarter Essential
2008-02-12 09:41:56 0 d-------- C:\Program Files\GamesGrid
2008-02-12 09:41:45 0 d-------- C:\Documents and Settings\angela selvaggio\Application Data\Jasc Software Inc
2008-02-12 09:41:44 0 d-------- C:\Program Files\Dell Computer
2008-02-12 09:41:11 0 d-------- C:\Program Files\Lexmark 7300 Series
2008-02-12 09:40:41 0 d-------- C:\Program Files\Pet Vet
2008-02-12 09:40:33 0 d-------- C:\Program Files\PictureProject In Touch Downloader
2008-02-12 09:40:26 0 d-------- C:\Program Files\InfinitySW
2008-02-12 09:40:03 0 d-------- C:\WINDOWS\system32\color
2008-02-12 09:39:47 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-02-12 09:39:38 0 d-------- C:\Program Files\Microsoft Games
2008-02-12 09:39:20 0 d-------- C:\Program Files\SplashData
2008-02-12 09:39:19 0 d-------- C:\Program Files\Common Files\Sonic
2008-02-12 09:39:18 0 d-------- C:\Program Files\DK Multimedia
2008-02-12 09:39:15 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-02-12 09:39:02 0 d-------- C:\Program Files\Radio@Netscape
2008-02-12 09:39:01 0 d-------- C:\Program Files\BetZip
2008-02-12 09:39:01 0 d-------- C:\Program Files\Astraware
2008-02-12 09:39:00 0 d-------- C:\WINDOWS\EPSON CardMonitor Essential
2008-02-12 09:38:57 0 d-------- C:\Program Files\iTunes
2008-02-12 09:38:57 0 d-------- C:\Program Files\iPod
2008-02-12 09:38:55 0 d-------- C:\Program Files\CONEXANT
2008-02-12 09:38:53 0 d-------- C:\Program Files\Learn2.com
2008-02-12 09:35:49 0 d-------- C:\Program Files\Synaptics
2008-02-11 19:16:30 0 d-------- C:\Documents and Settings\angela selvaggio\Application Data\MSNInstaller
2008-02-11 14:57:42 0 d-------- C:\WINDOWS\Prefetch
2008-02-11 14:49:54 0 --a------ C:\CONFIG.SYS
2008-02-11 14:49:54 0 --a------ C:\AUTOEXEC.BAT
2008-02-11 14:11:59 0 d-------- C:\WINDOWS\setup.pss
2008-02-11 13:57:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-02-11 12:36:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-02-11 12:35:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-11 12:30:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\MySpace
2008-02-11 12:30:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-02-11 09:17:25 0 d-------- C:\WINDOWS\system32\ras
2008-02-07 07:43:07 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-06 21:09:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-06 21:01:24 0 d-------- C:\ie-spyad_zo
2008-02-06 20:55:24 0 d-------- C:\Program Files\SpywareBlaster
2008-02-06 18:46:14 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-06 18:36:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-02-06 18:25:04 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-04 19:18:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-02-04 19:15:34 65536 --a------ C:\WINDOWS\wanmpsvc.exe <Not Verified; America Online, Inc.; America Online>
2008-02-04 19:14:15 0 d-------- C:\Program Files\AOL 9.0
2008-02-04 09:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 06:29:04 0 d-------- C:\mcafee_mcpr
2008-02-03 06:28:10 0 d-------- C:\Program Files\McAfee
2008-02-03 06:28:09 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-03 06:22:28 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2008-02-13 09:43:36 0 d-------- C:\Program Files\Plaxo
2008-02-13 08:56:08 0 d-------- C:\Program Files\MorpheusBar
2008-02-13 08:44:28 0 d-------- C:\Program Files\Morpheus
2008-02-13 08:42:06 0 d-------- C:\Documents and Settings\angela selvaggio\Application Data\Viewpoint
2008-02-12 19:53:14 0 d-------- C:\Program Files\QuickTime
2008-02-12 19:52:56 0 d-------- C:\Program Files\Palm
2008-02-12 19:48:43 0 d-------- C:\Program Files\Messenger
2008-02-12 19:42:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-02-12 19:41:24 0 d-------- C:\Program Files\Common Files\DataViz
2008-02-12 19:38:48 0 d-------- C:\Program Files\America Online 9.0
2008-02-12 09:42:37 0 d-------- C:\Program Files\Amco Poker
2008-02-12 09:42:25 0 d-------- C:\Program Files\Bodog Poker
2008-02-12 09:41:55 0 d-------- C:\Program Files\Google
2008-02-12 09:41:25 0 d-------- C:\Program Files\VUGames
2008-02-12 09:40:55 0 d-------- C:\Program Files\PacificPoker
2008-02-12 09:40:42 0 d-------- C:\Program Files\PartyGaming
2008-02-12 09:40:40 0 d-------- C:\Program Files\Common Files\Nikon
2008-02-12 09:40:29 0 d-------- C:\Program Files\PopCap Games
2008-02-12 09:40:29 0 d-------- C:\Program Files\Poker
2008-02-12 09:40:25 0 d-------- C:\Program Files\Lexmark Applications
2008-02-12 09:39:42 0 d-------- C:\Program Files\iWin.com Games
2008-02-12 09:39:30 0 d-------- C:\Program Files\Hasbro Interactive
2008-02-12 09:39:30 0 d-------- C:\Program Files\Disney Interactive
2008-02-12 09:39:29 0 d-------- C:\Program Files\Games
2008-02-12 09:39:24 0 d-------- C:\Program Files\UltimateBet
2008-02-12 09:38:45 0 d-------- C:\Documents and Settings\angela selvaggio\Application Data\Adobe
2008-02-12 09:38:30 0 d-------- C:\Program Files\LimeWire
2008-02-12 09:38:04 0 d-------- C:\Program Files\Common Files
2008-02-12 09:38:01 0 d-------- C:\Program Files\Viewpoint
2008-02-12 09:37:56 0 d-------- C:\Program Files\Nikon
2008-02-12 09:37:08 0 d-------- C:\Program Files\MySpace
2008-02-12 09:36:40 0 d-------- C:\Program Files\AOL Games
2008-02-12 09:36:39 0 d-------- C:\Program Files\iWin.com
2008-02-12 09:36:23 0 d-------- C:\Program Files\Chief Architect Inc
2008-02-12 09:36:08 0 d-------- C:\Program Files\Barbie(tm)
2008-02-12 01:02:40 0 d-------- C:\Program Files\EPSON
2008-02-11 19:23:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-11 18:27:13 0 d-------- C:\Program Files\Jasc Software Inc
2008-02-11 14:46:46 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-09 21:22:07 0 d-------- C:\Program Files\HP
2008-02-07 07:42:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-04 19:18:46 0 d-------- C:\Program Files\Common Files\AOL
2008-02-04 19:17:26 0 d-------- C:\Program Files\Common Files\aolshare
2008-02-03 09:57:12 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-02-03 06:33:49 0 d-------- C:\Program Files\McAfee.com
2008-02-02 09:37:33 0 d-------- C:\Program Files\Java
2008-02-02 08:04:06 0 d-------- C:\Program Files\Lx_cats


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/22/2004 12:05 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 04:01 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/04/2004 01:40 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/04/2004 01:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/04/2005 09:12 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [11/05/2004 04:52 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 12:38 PM]
"EPSON PictureMate"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.exe" [09/19/2003 02:00 AM]
"EPSON PictureMate Deluxe"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe" [10/17/2004 02:00 AM]
"LXCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [09/08/2005 01:44 PM]
"lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [09/30/2005 09:47 AM]
"EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [08/01/2005 07:05 AM]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/04/2004 03:38 PM]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2004 08:23 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe" [04/12/2007 04:23 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 07:50 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [06/08/2005 10:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [11/16/2006 12:42 PM]
"NEWPICSAVER"="C:\Windows\NEWPICSAVER.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/25/2007 10:00 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [03/07/2007 12:06 AM]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [04/18/2007 01:49 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\angela selvaggio\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [6/13/2005 1:20:06 PM]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [3/21/2005 5:30:34 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [9/5/2006 11:45:36 PM]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [5/25/2006 12:32:04 PM]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [6/9/2004 1:16:08 PM]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [6/9/2004 1:16:08 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 9:31:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [12/27/2005 8:36:59 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.amazon.com
127.0.0.1 www.amazon.co.uk
127.0.0.1 www.amazon.ca
127.0.0.1 www.amazon.fr
127.0.0.1 www.paypal.com
127.0.0.1 paypal.com
127.0.0.1 moneybookers.com
127.0.0.1 www.moneybookers.com
127.0.0.1 www.ebay.com
127.0.0.1 ebay.com


-- End of Deckard's System Scanner: finished at 2008-02-13 12:53:55 ------------

[iamslotman]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 510.48 MiB / 150.91 MiB
Pagefile Memory (total/avail): 1245.51 MiB / 838.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.4 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 50.69 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9808211A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe:*:Disabled:McAfee SecurityCenter Agent"
"C:\\Program Files\\McAfee.com\\VSO\\McVSEscn.exe"="C:\\Program Files\\McAfee.com\\VSO\\McVSEscn.exe:*:Disabled:McAfee VirusScan E-mail Scan Module"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\1129169169\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1129169169\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1129169169\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1129169169\\ee\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\angela selvaggio\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANGELA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\angela selvaggio
LOGONSERVER=\\ANGELA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp
USERDOMAIN=ANGELA
USERNAME=angela selvaggio
USERPROFILE=C:\Documents and Settings\angela selvaggio
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

angela selvaggio (admin)
mark kelly (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F651C08B-D29D-429D-9EA9-8FAED1D3DB87}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
5 Spots II --> C:\PROGRA~1\Disney\DISNEY~1\5SPOTS~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\5SPOTS~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Amco Poker --> "C:\Program Files\Amco Poker\Uninstall.exe" "C:\Program Files\Amco Poker\install.log"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barbie(TM) Fashion Show(TM) CD-ROM --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\FashionUn.exe
Better Homes and Gardens Home Designer 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D503B8E-97E3-45B7-96CB-4936269B902C}\setup.exe" -l0x9 -removeonly
Better Homes and Gardens Home Designer 7.0 Training Videos --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3419BF10-127A-42EB-9723-9A611AEBE853}\Setup.exe" -l0x9 -uninst -removeonly
BetZip Version 2.0.6.91 --> "C:\Program Files\BetZip\unins000.exe"
Big Money for Pocket PC --> C:\PROGRA~1\ASTRAW~1\BIGMON~1\UNWISE.EXE C:\PROGRA~1\ASTRAW~1\BIGMON~1\INSTALL.LOG
Bodog Poker Version 2.6.0.18 --> "C:\Program Files\Bodog Poker\unins000.exe"
BookWorm Deluxe 1.03 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
Conexant AC-Link Audio --> CIAunwdm.exe
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Diner Dash - Flo on the Go (remove only) --> "C:\Program Files\AOL Games\Diner Dash - Flo on the Go\Uninstall.exe"
Diner Dash 2 (remove only) --> "C:\Program Files\AOL Games\Diner Dash 2\Uninstall.exe"
Diner Dash Flo on the Go (remove only) --> "C:\Program Files\iWin.com\Diner Dash Flo on the Go\Uninstall.exe"
Documents To Go --> MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76E927F-E292-434B-9661-3858F5D7BF63}\setup.exe" -l0x9 anything
EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON PictureMate Deluxe User's Guide --> C:\Program Files\epson\guide\picturemate_dlx_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Family Feud --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFB50C42-4905-11D4-8BA5-0050BAAA20E2}\setup.exe"
Family Feud (remove only) --> "C:\Program Files\iWin.com\Family Feud\Uninstall.exe"
FamilyFeudOnlineParty (remove only) --> "C:\Program Files\iWin.com\FamilyFeudOnlineParty\Uninstall.exe"
Film Factory --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
GamesGrid Poker --> MsiExec.exe /X{A051BC3F-FC12-4BCD-B97B-3EE67A74D33F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Hidden Expedition Titanic (remove only) --> "C:\Program Files\AOL Games\Hidden Expedition Titanic\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2 --> C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavillion zv6000 User Guides --> C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
HP Wireless Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9
HPIZ402 --> MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jewel Quest --> C:\PROGRA~1\Disney\DISNEY~1\JEWELQ~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\JEWELQ~1\INSTALL.LOG
JumpStart 4th Grade v1.1 --> C:\WINDOWS\uninst.exe -fC:\KA\4G\DeIsL1.isu
Kid Pix Deluxe 3 --> C:\Program Files\Broderbund\Kid Pix Deluxe 3\uninstal.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Leisure Suit Larry - Magna Cum Laude --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark 7300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxciUNST.EXE -NOLICENSE
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Zoo Tycoon --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
muvee autoProducer 3.5 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37E31FCE-A048-4D8C-B167-31891BCF6585}\setup.exe" -l0x9
My Amazing Human Body --> C:\WINDOWS\uninst.exe -r"DK Multimedia\My Amazing Human Body\1.00.0182" -n"My Amazing Human Body" -fC:\PROGRA~1\DKMULT~1\MYAMAZ~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\MYAMAZ~1\uninst.dll
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Noble Poker --> "C:\WINDOWS\Noble Poker setup.exe" /uninstall
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
palmOne --> MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PCI 1620 Cardbus Controller and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
Pet Vet (remove only) --> C:\Program Files\Pet Vet\Uninstall.exe
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch 1.0 --> C:\Program Files\Nikon\PictureProject In Touch\uninst.exe
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Pirates of the Caribbean Pinball --> C:\PROGRA~1\Disney\DISNEY~1\PIRATE~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\PIRATE~1\INSTALL.LOG
Pizza Frenzy 1.0 --> C:\Program Files\PopCap Games\PizzaFrenzy\PopUninstall.exe "C:\Program Files\PopCap Games\PizzaFrenzy\Install.log"
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.12.1.1\uninstall.exe
Poker (remove only) --> "C:\Program Files\Poker\uninst.exe"
powerOne Personal v3.1.4 for Handhelds --> C:\PROGRA~1\INFINI~1\POWERO~1\UNWISE.EXE C:\PROGRA~1\INFINI~1\POWERO~1\INSTALL.LOG
Presto! Forms 3.50.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 anything
Presto! PageManager 7.12.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9
Princess Castle Party --> C:\PROGRA~1\Disney\DISNEY~1\PRINCE~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\PRINCE~1\INSTALL.LOG
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Puppy Luv: A New Breed --> C:\PROGRA~1\Disney\DISNEY~1\PUPPYL~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\PUPPYL~1\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Radio@Netscape --> C:\Program Files\Radio@Netscape\Uninstall Radio@Netscape.exe
Reader Rabbit's Math Ages 4-6 --> C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\rrm46\Uninst\DeIsL1.isu
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SeaWorld Adventure Parks Tycoon 3D --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A1F1E81-A017-43EE-8A24-E88878164C91}\setup.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shopmania (remove only) --> "C:\Program Files\iWin.com Games\Shopmania\Uninstall.exe"
SoftV90 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SplashPhoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tetris® for Palm OS® --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Tetris for Palm OS\uninstal.log
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D71AC256-FA83-45EA-9F14-1B20BB5105C9} /l1033
UltimateBet --> C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
Ultrasoft CheckBook for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\Ultrasoft\CheckBook\install.log -lC:\WINDOWS\ResENU.dll
UserGuides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
Virtual Villagers (remove only) --> "C:\Program Files\Games\Virtual Villagers\Uninstall.exe"
Wheel Of Fortune --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Wheel Of Fortune\Uninst.isu"
Wheel of Fortune 2nd Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29B11F9F-5E2D-11D4-8BA5-0050BAAA20E2}\setup.exe"
Who Wants To Be A Millionaire --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\WHOWAN~1\DeIsL1.isu
Wireless Camera Setup Utility --> MsiExec.exe /I{AA0A1531-C625-4B1D-A3FA-273A181B017B}
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
Zoo Vet --> C:\PROGRA~1\Disney\DISNEY~1\ZOOVET~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\ZOOVET~1\INSTALL.LOG
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3457 / Error
Event Submitted/Written: 02/13/2008 09:57:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type3456 / Error
Event Submitted/Written: 02/13/2008 09:55:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type3442 / Error
Event Submitted/Written: 02/13/2008 05:38:10 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 538819053.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3441 / Error
Event Submitted/Written: 02/13/2008 05:34:17 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type3433 / Error
Event Submitted/Written: 02/12/2008 08:36:13 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 538819053.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39739 / Error
Event Submitted/Written: 02/13/2008 00:47:00 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type39738 / Error
Event Submitted/Written: 02/13/2008 00:47:00 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type39637 / Error
Event Submitted/Written: 02/13/2008 09:18:51 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type39636 / Error
Event Submitted/Written: 02/13/2008 09:18:51 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type39570 / Error
Event Submitted/Written: 02/13/2008 08:25:20 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service mcmispupdmgr with arguments ""
in order to run the server:
{7323885B-407F-4839-9695-96F545FF6286}



-- End of Deckard's System Scanner: finished at 2008-02-13 12:53:55 ------------

[amateur]

Hi,

It appears that the McAfee Security Center is disabled. Please re-enable it.

Let's see if you can run the next tool:

Please visit this webpage for download links, and instructions for running Combofix: http://www.bleepingcomputer.com/comb...o-use-combofix

• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[iamslotman]

ComboFix 08-02-13.2 - angela selvaggio 2008-02-13 14:45:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -5:00]
Running from: C:\Documents and Settings\angela selvaggio\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 09:46 . 2008-02-13 09:46 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-13 01:42 . 2008-02-13 01:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 19:08 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\fcbqnijlvbcj.sys
2008-02-12 10:35 . 2008-02-12 10:35 207 --a------ C:\Shortcut to CD Drive.lnk
2008-02-12 10:23 . 2003-06-06 14:46 5,220 -ra------ C:\WINDOWS\system32\drivers\EabUsb.sys
2008-02-12 10:16 . 2004-04-14 10:36 7,432 -ra------ C:\WINDOWS\system32\drivers\eabfiltr.sys
2008-02-12 09:42 . 2008-02-12 09:42 <DIR> d-------- C:\WINDOWS\EPSON PhotoStarter Essential
2008-02-12 09:42 . 2008-02-12 09:42 <DIR> d-------- C:\Program Files\Dell Photo Printer 720
2008-02-12 09:42 . 2008-02-12 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
2008-02-12 09:41 . 2008-02-12 19:48 <DIR> d-------- C:\Program Files\Lexmark 7300 Series
2008-02-12 09:41 . 2008-02-12 09:41 <DIR> d-------- C:\Program Files\GamesGrid
2008-02-12 09:41 . 2008-02-12 09:41 <DIR> d-------- C:\Program Files\Dell Computer
2008-02-12 09:41 . 2008-02-12 09:41 <DIR> d-------- C:\Documents and Settings\angela selvaggio\Application Data\Jasc Software Inc
2008-02-12 09:40 . 2008-02-12 09:40 <DIR> d-------- C:\WINDOWS\system32\color
2008-02-12 09:40 . 2008-02-12 09:40 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2008-02-12 09:40 . 2008-02-12 09:40 <DIR> d-------- C:\Program Files\Pet Vet
2008-02-12 09:40 . 2008-02-12 09:40 <DIR> d-------- C:\Program Files\InfinitySW
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\WINDOWS\EPSON CardMonitor Essential
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\SplashData
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\Radio@Netscape
2008-02-12 09:39 . 2008-02-12 09:40 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\DK Multimedia
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\Common Files\Sonic
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\BetZip
2008-02-12 09:39 . 2008-02-12 09:39 <DIR> d-------- C:\Program Files\Astraware
2008-02-12 09:38 . 2008-02-12 09:38 <DIR> d-------- C:\Program Files\Learn2.com
2008-02-12 09:38 . 2008-02-12 19:45 <DIR> d-------- C:\Program Files\iTunes
2008-02-12 09:38 . 2008-02-12 09:38 <DIR> d-------- C:\Program Files\iPod
2008-02-12 09:38 . 2008-02-12 09:38 <DIR> d-------- C:\Program Files\CONEXANT
2008-02-12 09:35 . 2008-02-12 09:35 <DIR> d-------- C:\Program Files\Synaptics
2008-02-12 01:01 . 2008-02-12 09:38 <DIR> d-------- C:\Documents and Settings\mark kelly(2)\Local Settings(2)
2008-02-11 19:16 . 2008-02-11 19:16 <DIR> d-------- C:\Documents and Settings\angela selvaggio\Application Data\MSNInstaller
2008-02-11 18:46 . 2008-02-11 18:47 976,367 --a------ C:\lxciUNST.csv
2008-02-11 15:06 . 2008-02-11 15:06 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-11 14:52 . 2004-08-04 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-11 14:51 . 2004-08-04 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-11 14:50 . 2004-08-04 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-11 14:48 . 2008-02-11 14:48 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-11 14:48 . 2008-02-11 14:48 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-11 14:48 . 2008-02-11 14:48 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-11 14:48 . 2008-02-11 14:48 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-11 14:48 . 2008-02-11 14:48 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-11 14:48 . 2008-02-11 14:48 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-11 14:47 . 2004-08-04 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-02-11 14:34 . 2004-08-04 07:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-02-11 14:34 . 2004-08-04 07:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-02-11 14:34 . 2004-08-04 07:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-02-11 14:34 . 2004-08-04 07:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-02-11 12:36 . 2008-02-11 12:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-02-11 12:30 . 2008-02-11 12:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MySpace
2008-02-11 12:30 . 2008-02-11 12:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-02-11 09:17 . 2008-02-11 09:20 <DIR> d-------- C:\WINDOWS\system32\ras
2008-02-09 20:59 . 2005-03-15 11:14 346,496 -ra------ C:\WINDOWS\system32\drivers\camc6hal.sys
2008-02-09 20:59 . 2005-03-15 11:14 37,760 -ra------ C:\WINDOWS\system32\drivers\camc6aud.sys
2008-02-07 07:43 . 2008-02-07 08:09 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-06 21:11 . 2008-02-06 21:11 <DIR> d-------- C:\Deckard
2008-02-06 21:01 . 2008-02-06 21:01 <DIR> d-------- C:\ie-spyad_zo
2008-02-06 20:55 . 2008-02-12 20:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-06 18:46 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-06 18:25 . 2008-02-12 20:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-06 18:25 . 2008-02-12 19:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-06 18:25 . 2008-02-12 19:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-06 18:25 . 2008-02-12 19:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-04 19:15 . 2003-08-27 10:29 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-02-04 19:14 . 2008-02-12 19:39 <DIR> d-------- C:\Program Files\AOL 9.0
2008-02-04 09:59 . 2008-02-04 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 06:37 . 2008-02-13 12:47 10,130 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-03 06:29 . 2008-02-03 06:29 <DIR> d-------- C:\mcafee_mcpr
2008-02-03 06:29 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-03 06:29 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-03 06:29 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-03 06:29 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-03 06:29 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-03 06:29 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-03 06:28 . 2008-02-03 06:34 <DIR> d-------- C:\Program Files\McAfee
2008-02-03 06:28 . 2008-02-03 06:29 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-03 06:22 . 2008-02-03 06:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-02 09:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 14:43 --------- d-----w C:\Program Files\Plaxo
2008-02-13 13:56 --------- d-----w C:\Program Files\MorpheusBar
2008-02-13 13:44 --------- d-----w C:\Program Files\Morpheus
2008-02-13 13:42 --------- d-----w C:\Documents and Settings\angela selvaggio\Application Data\Viewpoint
2008-02-13 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-13 00:53 --------- d-----w C:\Program Files\QuickTime
2008-02-13 00:52 --------- d-----w C:\Program Files\Palm
2008-02-13 00:42 --------- d-----w C:\Program Files\Common Files\Scanner
2008-02-13 00:41 --------- d-----w C:\Program Files\Common Files\DataViz
2008-02-13 00:38 --------- d-----w C:\Program Files\America Online 9.0
2008-02-13 00:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-12 14:42 --------- d-----w C:\Program Files\Bodog Poker
2008-02-12 14:42 --------- d-----w C:\Program Files\Amco Poker
2008-02-12 14:41 --------- d-----w C:\Program Files\VUGames
2008-02-12 14:41 --------- d-----w C:\Program Files\Google
2008-02-12 14:40 --------- d-----w C:\Program Files\PopCap Games
2008-02-12 14:40 --------- d-----w C:\Program Files\Poker
2008-02-12 14:40 --------- d-----w C:\Program Files\PartyGaming
2008-02-12 14:40 --------- d-----w C:\Program Files\PacificPoker
2008-02-12 14:40 --------- d-----w C:\Program Files\Lexmark Applications
2008-02-12 14:40 --------- d-----w C:\Program Files\Common Files\Nikon
2008-02-12 14:39 --------- d-----w C:\Program Files\UltimateBet
2008-02-12 14:39 --------- d-----w C:\Program Files\iWin.com Games
2008-02-12 14:39 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-12 14:39 --------- d-----w C:\Program Files\Games
2008-02-12 14:39 --------- d-----w C:\Program Files\Disney Interactive
2008-02-12 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 14:38 --------- d-----w C:\Program Files\Viewpoint
2008-02-12 14:38 --------- d-----w C:\Program Files\LimeWire
2008-02-12 14:37 --------- d-----w C:\Program Files\Nikon
2008-02-12 14:37 --------- d-----w C:\Program Files\MySpace
2008-02-12 14:36 --------- d-----w C:\Program Files\iWin.com
2008-02-12 14:36 --------- d-----w C:\Program Files\Chief Architect Inc
2008-02-12 14:36 --------- d-----w C:\Program Files\Barbie(tm)
2008-02-12 14:36 --------- d-----w C:\Program Files\AOL Games
2008-02-12 06:02 --------- d-----w C:\Program Files\EPSON
2008-02-12 00:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 23:27 --------- d-----w C:\Program Files\Jasc Software Inc
2008-02-10 02:22 --------- d-----w C:\Program Files\HP
2008-02-07 12:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 00:18 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-05 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-05 00:17 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-05 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-03 14:57 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-02-03 11:33 --------- d-----w C:\Program Files\McAfee.com
2008-02-03 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-02 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-02 14:37 --------- d-----w C:\Program Files\Java
2008-02-02 13:04 --------- d-----w C:\Program Files\Lx_cats
2007-05-03 18:38 7,146 ----a-w C:\Documents and Settings\angela selvaggio\Application Data\wklnhst.dat
2007-04-09 17:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-11-12 22:40 65,864 ----a-w C:\Documents and Settings\angela selvaggio\Application Data\GDIPFONTCACHEV1.DAT
2006-10-13 13:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 12:42 183367]
"NEWPICSAVER"="C:\Windows\NEWPICSAVER.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 10:00 171448]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 00:06 5181440]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 01:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-22 00:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 13:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 13:38 688218]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-04 21:12 98304]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 16:52 233534]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"EPSON PictureMate"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.exe" [2003-09-19 02:00 99840]
"EPSON PictureMate Deluxe"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe" [2004-10-17 02:00 98304]
"LXCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2005-09-08 13:44 73728]
"lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 09:47 200704]
"EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 07:05 94208]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 15:38 286720]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 20:23 790528]
"HostManager"="C:\Program Files\Common Files\AOL\1129169169\ee\AOLSoftware.exe" [2007-04-12 16:23 42032]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-08 10:46 26112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 00:06 5181440]

C:\Documents and Settings\angela selvaggio\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [2005-06-13 13:20:06 2355200]
PictureProject In Touch.lnk - C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 17:30:34 8384512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-09-05 23:45:36 28672]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-05-25 12:32:04 315392]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:16:08 471040]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:16:08 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38 241664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-12-27 20:36:59 118784]

R2 NkPtpEnumP2;NkPtpEnumP2;"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a []
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 09:59]
R3 lxci_device;lxci_device;C:\WINDOWS\system32\lxcicoms.exe [2005-10-24 07:33]
R3 VBus;Virtual Bus;C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2005-06-17 11:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 00:30:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-03 11:28:51 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 14:48:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?8?9?8??@???? ?,?B?????????????hLC? ??????
LXCICATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 14:48:57
ComboFix-quarantined-files.txt 2008-02-13 19:48:34
ComboFix2.txt 2008-02-13 19:33:22
.
2008-02-13 08:00:32 --- E O F ---

[amateur]

This is the log from the second run of Combofix.

Please post the following log:

C:\ComboFix2.txt 2008-02-13 19:33:22

[iamslotman]

where woud I find this log?

[amateur]

Click on "My Computer", then click on "Local Disk (C:)". On the right hand pane, you should see the file ComboFix2.txt, with the date of 2008-02-13 19:33:22

[iamslotman]

I see combofix.txt but there is no combofix2.txt folder nor did anything show up in the search mode

[amateur]

Quote:

Completion time: 2008-02-13 14:48:57
ComboFix-quarantined-files.txt 2008-02-13 19:48:34
ComboFix2.txt 2008-02-13 19:33:22

Please post the ComboFix-quarantined-files.txt then, in the same location.

[iamslotman]

I am sorry and I know you are working hard, but this file is alsono where to be found