Hijackthis Log

[kathryn.r.h]

Yesterday while browsing my screen turned blue with a message about how my computer was going to shut down due to a spyware detection. I later learned that that message is now my permanent screen saver and my desktop has been changed to a blue background with a yellow box in the middle saying that I've got spyware and should use a program to remove it. When I right click the desktop and go to properties I no longer have the desktop and screen saver tabs up top. It seems as though that's all that it has affected. I've searched online and I've read some about others who have it, but no good fix. I ran Ad-Aware, AVG and Spy Sweeper. Ad-Aware and Spy Sweeper came up with nothing. And AVG found something called I-worm-nuwar.s, but I still can't change my desktop and stuff.

Anyways, any help would be great! Thanks.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:22:26 PM, on 7/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /nodetect

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [oovoo.exe] "C:\Program Files\ooVoo\oovoo.exe" /minimized

O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199302827203

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F752120-31ED-495B-8F96-D35B3353AE03}: NameServer = 24.192.64.53,24.159.193.40

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F752120-31ED-495B-8F96-D35B3353AE03}: NameServer = 24.192.64.53,24.159.193.40

O17 - HKLM\System\CS2\Services\Tcpip\..\{0F752120-31ED-495B-8F96-D35B3353AE03}: NameServer = 24.192.64.53,24.159.193.40

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 11007 bytes

[Andro1d]

Hello and Welcome to the forums.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

• NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  

• Download FixIEDef.exe by ShadowPuterDude to the Desktop.
  Note: FixIEDef now supports Non-English Language Systems
  
• Double-click FixIEDef.exe:
  
  
• That will open the About FixIEDef screen. Click OK to continue:
  
  
• Next, press the Scan! button:
  
  
• FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
  
  
• Wait for the scan to finish. It shouldn't take very long:
  
  
  
• WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
  
• After the !!! All Finished !!! message is displayed, click Exit:
  
  
• Post the FixIEDef log file, located on the Desktop.
  Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
  

See: http://www.beyondlogic.org/consulting/proc...processutil.htm

[kathryn.r.h]

I did go ahead and manually change my registry settings earlier this week and that worked, but nice to know what was there has been deleted. Thanks for the help!

Created at 22:02:58 on Tuesday, July 15, 2008

Time Zone : (GMT-05:00) Eastern Time (US & Canada)

Logged On User : test

Operating System : Microsoft Windows XP Professional Service Pack 2

OS Version : 5.1.2600

System Langauge : English (United States)

Keyboard Layout : English (United States)

Processor : X86 Intel® Core2 CPU T5600 @ 1.83GHz

System Drive : C:\

Windows Directory : C:\WINDOWS

System Directory : C:\WINDOWS\system32

Total Physical Memory : 1046508 KB

Free Physical Memory : 337608 KB

Total Virtual Memory : 2097024 KB

Free Virtual Memory : 2016588 KB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Documents and Settings\test\Application Data\Sun\Java\Deployment\cache\javapi\*.*

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispBackgroundPage"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispScrSavPage"

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

[Andro1d]

Hello again,

Please download Deckard's System Scanner (DSS) to your desktop.

• Close all applications and windows.
  
• Double-click on dss.exe to run it, and follow the prompts.
  
• When the scan is complete, a text file will open - Main.txt
  
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
  
• An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  
• Please go to that folder and also copy the contents of Extra.txt to your post as well.
  

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

[kathryn.r.h]

Deckard's System Scanner v20071014.68

Run by test on 2008-07-16 19:26:03

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

5: 2008-07-16 23:26:17 UTC - RP152 - Deckard's System Scanner Restore Point

4: 2008-07-16 05:35:59 UTC - RP151 - Software Distribution Service 3.0

3: 2008-07-16 02:14:09 UTC - RP150 - Removed Ad-Aware

2: 2008-07-13 01:07:59 UTC - RP149 - Software Distribution Service 3.0

1: 2008-07-10 16:38:16 UTC - RP148 - after virus

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-07-16 19:28:56

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\Mctray.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\test\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /nodetect

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} () - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199302827203

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0F752120-31ED-495B-8F96-D35B3353AE03}: NameServer = 24.192.64.53,24.159.193.40

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 11761 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing)

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-16 01:33:46 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

2008-05-19 10:00:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-11 19:35:21 0 d-------- C:\Documents and Settings\test\Application Data\WinRAR

2008-07-10 15:42:44 0 d-------- C:\QUARANTINE

2008-07-10 13:12:22 0 d--h----- C:\WINDOWS\system32\GroupPolicy

2008-07-09 13:38:44 0 d-------- C:\Program Files\Trend Micro

2008-07-09 00:41:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot

2008-07-09 00:41:47 0 d-------- C:\Program Files\Webroot

2008-07-09 00:41:32 164 --a------ C:\install.dat

2008-07-09 00:38:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot

2008-07-09 00:38:22 0 d-------- C:\Documents and Settings\test\Application Data\Webroot

2008-07-09 00:34:11 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>

2008-07-09 00:34:11 0 d-------- C:\Program Files\Common Files\Cisco Systems

2008-07-09 00:32:57 0 d-------- C:\Program Files\Common Files\McAfee

2008-07-08 23:56:37 0 d--h----- C:\$AVG8.VAULT$

2008-07-08 23:21:47 0 d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-08 23:21:27 0 d-------- C:\Program Files\AVG

2008-07-08 23:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-07-08 23:12:27 0 d-------- C:\Program Files\Windows Defender

2008-07-08 23:11:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2008-07-08 22:01:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-07-08 21:49:43 60928 --a------ C:\WINDOWS\system32\blphc3r1j0e12r.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>

2008-07-08 20:19:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek

2008-07-08 20:19:23 0 d-------- C:\Documents and Settings\test\Application Data\GTek

2008-06-22 01:45:45 0 d-------- C:\Documents and Settings\test\Application Data\Multi-Note

2008-06-18 00:23:59 0 d-------- C:\Documents and Settings\test\Application Data\Google

-- Find3M Report ---------------------------------------------------------------

2008-07-15 22:17:48 0 d-------- C:\Program Files\EphPod

2008-07-15 22:14:59 0 d-------- C:\Program Files\Common Files

2008-07-15 21:56:31 0 d-------- C:\Program Files\Avanquest update

2008-07-12 17:10:27 0 d-------- C:\Documents and Settings\test\Application Data\U3

2008-07-10 19:07:28 0 d-------- C:\Program Files\EA GAMES

2008-07-09 15:10:10 0 d-------- C:\Documents and Settings\test\Application Data\Skype

2008-07-09 15:08:28 0 d-------- C:\Documents and Settings\test\Application Data\skypePM

2008-07-09 00:34:10 0 d-------- C:\Program Files\McAfee

2008-07-08 23:04:04 0 d-------- C:\Program Files\Google

2008-07-07 23:16:42 0 d-------- C:\Documents and Settings\test\Application Data\Move Networks

2008-06-28 00:33:39 0 d-------- C:\Documents and Settings\test\Application Data\Mozilla

2008-06-15 22:00:26 0 d-------- C:\Documents and Settings\test\Application Data\ooVoo Details

2008-06-15 21:58:04 0 d-------- C:\Program Files\ooVoo

2008-06-15 21:58:02 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-06-01 17:51:43 0 d-------- C:\Documents and Settings\test\Application Data\Real

2008-06-01 17:46:45 1462 --a------ C:\WINDOWS\mozver.dat

2008-06-01 17:44:24 0 d-------- C:\Program Files\Common Files\xing shared

2008-06-01 17:44:22 0 d-------- C:\Program Files\Common Files\Real

2008-06-01 17:44:11 0 d-------- C:\Program Files\Real

2008-05-26 18:43:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 AM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 12:03 AM]

"NvCplDaemon"="RUNDLL32.exe" [03/16/2006 12:00 AM C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [03/16/2006 12:00 AM C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [07/20/2006 01:58 AM C:\WINDOWS\system32\nwiz.exe]

"MsmqIntCert"="regsvr32 /s mqrt.dll" []

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 01:22 AM]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/19/2006 06:14 PM]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 07:30 PM]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 07:30 PM]

"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [06/19/2006 01:50 PM]

"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/02/2006 11:02 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/01/2008 04:19 AM]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/24/2005 01:08 AM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/01/2008 05:44 PM]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/08/2008 11:21 PM]

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50 AM]

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]

"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/23/2008 01:23 PM]

"@"="" []

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [02/20/2008 04:19 PM]

C:\Documents and Settings\test\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 11:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 11:16:50 PM]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/24/2005 1:28:44 AM]

HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [11/30/2007 4:53:11 PM]

HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 12:39:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{039b3c6e-9fac-11dc-bb3a-001636bda324}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a849e02-b0a3-11dc-bb3c-001636bda324}]

AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a849e03-b0a3-11dc-bb3c-001636bda324}]

AutoRun\command- H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b11bbadb-9f84-11dc-b79a-806d6172696f}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b11bbadc-9f84-11dc-b79a-806d6172696f}]

AutoRun\command- E:\Autorun.exe

-- End of Deckard's System Scanner: finished at 2008-07-16 19:31:42 ------------

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Intel® Core2 CPU T5600 @ 1.83GHz

CPU 1: Intel® Core2 CPU T5600 @ 1.83GHz

Percentage of Memory in Use: 64%

Physical Memory (total/avail): 1021.98 MiB / 362.93 MiB

Pagefile Memory (total/avail): 2457.89 MiB / 1823.37 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1929.15 MiB

C: is Fixed (NTFS) - 80.45 GiB total, 31.24 GiB free.

D: is Fixed (FAT32) - 11.67 GiB total, 1.33 GiB free.

E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2100BH - 93.16 GiB - 3 partitions

\PARTITION0 (bootable) - Installable File System - 80.45 GiB - C:

\PARTITION1 - Unknown - 11.7 GiB - D:

\PARTITION2 - Unknown - 1027.6 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\Qnext\\qnextclient.exe"="C:\\Program Files\\Qnext\\qnextclient.exe:*:Enabled:qnextclient"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\test\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC139223223129

ComSpec=C:\WINDOWS\system32\cmd.exe

DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\test

LOGONSERVER=\\PC139223223129

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PCTYPE=PAVILION

PLATFORM=MCD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f06

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

SESSIONNAME=Console

SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\test\LOCALS~1\Temp

TMP=C:\DOCUME~1\test\LOCALS~1\Temp

USERDOMAIN=PC139223223129

USERNAME=test

USERPROFILE=C:\Documents and Settings\test

VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

test (admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}

AIM 6 --> C:\Program Files\AIM6\uninst.exe

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly

AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf

DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Desktop Plugin - gdSkype --> MsiExec.exe /X{B21F8E8C-3C67-4BB7-94D4-48542C85D60A}

Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

HP Deskjet 6900 series --> C:\Program Files\HP\Digital Imaging\{7ADE9F27-A175-447F-A4B4-B05FA82735E1}\setup\hpzscr01.exe -datfile hpfscr09.dat

HP Extended Capabilities 6.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly

HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP Pavilion Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x9 -u

HP Photosmart Essential --> MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}

HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall

HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}

HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP User Guides 0036 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4180B60-0239-48DE-89EF-2CE4C3650A71}\Setup.exe" -l0x9 -removeonly

HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst

Intel® PRO Network Connections Drivers --> Prounstl.exe

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}

Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}

McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}

Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}

ooVoo --> "C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x0009 -removeonly

Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"

PQ DVD to iPod Video Suite (remove only) --> "C:\Program Files\PQDVD\PQ DVD to iPod Video Suite\bt-uninst.exe"

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf

Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}

SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}

Sony Ericsson PC Suite 3.204.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly

Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe

The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe

The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe

The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe

The Simsâ„¢ 2 FreeTime --> C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe

The Sims™ 2 IKEA® Home Stuff --> C:\Program Files\EA GAMES\The Sims 2 IKEA® Home Stuff\EAUninstall.exe

The Simsâ„¢ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe

Update Rollup 2 for Windows XP Media Center Edition 2005 -->

VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}

Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB915381 --> "C:\WINDOWS\$NtUninstallKB915381$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly

-- Application Event Log -------------------------------------------------------

Event Record #/Type1875 / Error

Event Submitted/Written: 07/16/2008 11:45:07 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1873 / Error

Event Submitted/Written: 07/16/2008 01:33:44 AM

Event ID/Source: 5000 / MPSampleSubmission

Event Description:

EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type1853 / Warning

Event Submitted/Written: 07/15/2008 09:50:33 PM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1850 / Error

Event Submitted/Written: 07/15/2008 07:31:38 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application Sims2EP7.exe, version 1.13.0.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1849 / Error

Event Submitted/Written: 07/15/2008 07:31:37 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application Sims2EP7.exe, version 1.13.0.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type52285 / Warning

Event Submitted/Written: 07/15/2008 11:16:15 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%PC13922322312927 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PC13922322312927 can't undo changes that you allow.

For more information please see the following:

%PC139223223129275

Scan ID: {24944ACE-2795-4CE6-AE82-1535DC3C74C3}

User: PC139223223129\test

Name: %PC139223223129271

ID: %PC139223223129272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PC139223223129276

Alert Type: %PC139223223129278

Detection Type: 1.1.1593.02

Event Record #/Type52260 / Warning

Event Submitted/Written: 07/15/2008 11:10:28 PM / 07/15/2008 11:10:55 PM

Event ID/Source: 30 / e1express

Event Description:

Intel® PRO/1000 PL Network Connection

is set up for auto-negotiation but the link partner is not configured for auto-negotiation. A duplex mismatch may occur.

Event Record #/Type52258 / Error

Event Submitted/Written: 07/15/2008 11:10:25 PM / 07/15/2008 11:10:55 PM

Event ID/Source: 4307 / NetBT

Event Description:

Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type52216 / Error

Event Submitted/Written: 07/15/2008 01:53:20 PM

Event ID/Source: 29 / W32Time

Event Description:

The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time.

Event Record #/Type52212 / Error

Event Submitted/Written: 07/15/2008 01:24:59 PM

Event ID/Source: 1000 / Dhcp

Event Description:

Your computer has lost the lease to its IP address 192.168.1.11 on the

Network Card with network address 001636BDA324.

-- End of Deckard's System Scanner: finished at 2008-07-16 19:31:42 ------------

[Andro1d]

Hello again,

Sorry for the delay, real life got a hold of me.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[kathryn.r.h]

That's okay, as you can see life got a hold of me too.

Here's the log-

Malwarebytes' Anti-Malware 1.23

Database version: 985

Windows 5.1.2600 Service Pack 2

2:17:56 AM 7/24/2008

mbam-log-7-24-2008 (02-17-56).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 132285

Time elapsed: 1 hour(s), 14 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\blphc3r1j0e12r.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[Andro1d]

How is everything running now?

[kathryn.r.h]

Pretty good so far. Thank you!

[Andro1d]

Nice job your log looks clean!

Please use the following suggestions to help prevent reinfection.

Also, you may delete any tools I had you download during the cleaning process.

Reset System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. You will lose all previous Restore Points which are likely to be infected. Now we need to make a new Restore Point for your PC, please do the following:

• Click Start
  
• Right click My Computer and select Properties
  
• Click the System Restore tab
  
• Check "Turn off System Restore" and click "Apply".
  
• It will then ask you if you want to turn off System Restore, select Yes
  Please give a moment as it will delete the old Restore points
  
• Then uncheck "Turn off System Restore" which will create a new Restore point
  
• Click OK
  

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

**Tutorial on Firewalls can be found HERE**

It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.

Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

Finally, I strongly recommend How did I get infected in the first place? (by Tony Klein)

Good luck and safe surfing