Hello all, when I start my computer up my explorer.exe is driving me insane! It shows me the start bar and the icons for a second, then disappears, and re-appears again! Here is my HijackThis Log. Logfile of HijackThis v1.99.1 Scan saved at 8:56:19 PM, on 5/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\WINDOWS\arservice.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexopia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://pccreg.trendmicro.com/15/PCC/150/PCCREG/wcoBuy.asp?SN=PGEF%2D0017%2D3122%2D4449%2D0783&GUID=CECCCCCBCCC8CCCACCCAC9C4CCCAFC&PID=CIF0&VID=&Flag=RN O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {541CF30F-1EC6-4541-B51A-8098A7CEA668} - C:\WINDOWS\system32\ddccc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft Display Driver] wcsntfy.exe O4 - HKLM\..\RunServices: [Microsoft Display Driver] wcsntfy.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175922139984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: rqrpqnn - C:\WINDOWS\SYSTEM32\rqrpqnn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe If you find anything wrong with it, or if you know how I can fix this, please reply. Cheers.
Hi epilogue! Please download VundoFix.exeto your desktop. [*] Double-click *VundoFix.exe* to run it. [*]Click the *Scan for Vundo* button. [*] Once it's done scanning, click the *Remove Vundo* button. [*] You will receive a prompt asking if you want to remove the files, click *YES* [*] Once you click yes, your desktop will go blank as it starts removing Vundo. [*] When completed, it will prompt that it will reboot your computer, click *OK*. [*] Please post the contents of C:\*vundofix.txt* and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) [*] Open the extracted SDFix folder and double click RunThis.bat to start the script. [*] Type Y to begin the cleanup process. [*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. [*] Press any Key and it will restart the PC. [*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. [*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). [*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log Please, send a fresh HiJackThis log, C:\*vundofix.txt* and SDfix report.
Hello! Thank you very much for helping me out. Here are the logs you had asked for... Logfile of HijackThis v1.99.1 Scan saved at 5:19:46 PM, on 5/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\arservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wcsntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexopia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://pccreg.trendmicro.com/15/PCC/150/PCCREG/wcoBuy.asp?SN=PGEF%2D0017%2D3122%2D4449%2D0783&GUID=CECCCCCBCCC8CCCACCCAC9C4CCCAFC&PID=CIF0&VID=&Flag=RN O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18EDE249-4B96-4501-840D-09D28DF8998A} - C:\WINDOWS\system32\ddccc.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft Display Driver] wcsntfy.exe O4 - HKLM\..\RunServices: [Microsoft Display Driver] wcsntfy.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175922139984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: rqrpqnn - C:\WINDOWS\SYSTEM32\rqrpqnn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe SDFix: Version 1.81 Run by HP_Administrator - Wed 05/02/2007 - 17:27:41.07 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\HP_ADM~1\Desktop\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\odbc.INI - Deleted C:\WINDOWS\system32\wcsntfy.exe - Deleted Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\HP_ADM~1\Desktop\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\l_o_u_i_e_8@hotmail.com\Sharing Folders\tess_macintyre@shaw.ca\Tess's Birthday - Jan 2007\Thumbs.db C:\WINDOWS\system32\utjibwz.exe C:\WINDOWS\SMINST\HPCD.SYS C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp Finished VundoFix V6.3.21 Checking Java version... Scan started at 5:11:37 PM 5/2/2007 Listing files found while scanning.... C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\ddccc.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\cccdd.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\ddccc.dll Has been deleted! Performing Repairs to the registry. Done! My explorer.exe is now stable. Thanks for helping me out!
Hi! Please visit Virustotal * Click the Browse... button * Navigate to the file C:\WINDOWS\system32\rqrpqnn.dll * Click the Open button * Click the Send button * Copy and paste the results back here Do that same to this file C:\WINDOWS\system32\utjibwz.exe Copy and paste the results back here.
rqrpqnn.dll..... AhnLab-V3 2007.5.4.0 05.03.2007 no virus found AntiVir 7.4.0.15 05.03.2007 no virus found Authentium 4.93.8 05.03.2007 no virus found Avast 4.7.997.0 05.03.2007 no virus found AVG 7.5.0.467 05.03.2007 no virus found BitDefender 7.2 05.04.2007 MemScan:Trojan.Vundo.DLQ CAT-QuickHeal 9.00 05.03.2007 no virus found ClamAV devel-20070416 05.03.2007 Trojan.Packed-7 DrWeb 4.33 05.03.2007 no virus found eSafe 7.0.15.0 05.03.2007 no virus found eTrust-Vet 30.7.3612 05.03.2007 Win32/Chisyne!generic Ewido 4.0 05.03.2007 no virus found FileAdvisor 1 05.04.2007 no virus found Fortinet 2.85.0.0 05.03.2007 suspicious F-Prot 4.3.2.48 05.03.2007 no virus found F-Secure 6.70.13030.0 05.04.2007 no virus found Ikarus T3.1.1.7 05.03.2007 not-a-virus:AdWare.Win32.Virtumonde.bq Kaspersky 4.0.2.24 05.04.2007 no virus found McAfee 5023 05.03.2007 no virus found Microsoft 1.2503 05.03.2007 no virus found NOD32v2 2238 05.03.2007 no virus found Norman 5.80.02 05.03.2007 no virus found Panda 9.0.0.4 05.04.2007 Suspicious file Prevx1 V2 05.04.2007 SpywareQuake Sophos 4.17.0 05.03.2007 no virus found Sunbelt 2.2.907.0 05.03.2007 VIPRE.Suspicious Symantec 10 05.04.2007 no virus found TheHacker 6.1.6.104 04.15.2007 no virus found VBA32 3.11.4 05.03.2007 no virus found VirusBuster 4.3.7:9 05.03.2007 no virus found Webwasher-Gateway 6.0.1 05.03.2007 Trojan.Downloader.Win32.Malware.gen (suspicious) i don't seem to have utjibwz.exe
Hi Epilogue! Please, make a new folder to C:, like this C:\HjT. Move the HijackThis.exe there. Please run now C:\HjT\HijackThis.exe and klick Do system scan only. Check these lines and klick then Fix checked. O2 - BHO: (no name) - {18EDE249-4B96-4501-840D-09D28DF8998A} - C:\WINDOWS\system32\ddccc.dll (file missing) O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft Display Driver] wcsntfy.exe O4 - HKLM\..\RunServices: [Microsoft Display Driver] wcsntfy.exe O20 - Winlogon Notify: rqrpqnn - C:\WINDOWS\SYSTEM32\rqrpqnn.dll After that close HjT. Please, Run VundoFix.exe [*] Right click the list box (white box) in the main VundoFix window. [*]Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window. [*]In the Window: copy and paste next in the first field: C:\WINDOWS\system32\rqrpqnn.dll [*]Copy and paste next in the second field: C:\WINDOWS\system32\nnqprqr.* [*]Click the “Add Files” button. [*]Click the "Close Window" button. [*]Click the Remove Vundo button. [*]You will receive a prompt asking if you want to remove the files, click YES [*]Once you click yes, your desktop will go blank as it starts removing Vundo. [*]When completed, it will prompt that it will shutdown your computer, click OK. [*]Turn your computer back on. [*]Please post the contents of C:\vundofix.txt and a new HiJackThis log. Please do the following... 1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. This program is for XP and Windows 2000 only! Double-click ATF Cleaner.exe to open it. Under Main select the following: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. Click Exit on the Main menu to close the program. Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. Under How to scan? All checkboxes should be ticked. Under Possibly unwanted software: All checkboxes should be ticked. Under Reports: Select Automatically generate report after every scan and uncheck Only if threats were found. Under What to scan? Select Scan every file. Click on the Scan tab. Click on Complete System Scan to start the scan process. Let the program scan the machine. When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log. please, Send a fresh HijackThis log, AVG Anti-Spyware log and Vundofix log.
Hello =) Here is my vundofix.txt after running HjT and VundoFix VundoFix V6.3.21 Checking Java version... Scan started at 5:11:37 PM 5/2/2007 Listing files found while scanning.... C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\ddccc.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\cccdd.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\ddccc.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 5:55:37 PM 5/2/2007 Listing files found while scanning.... C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\geeda.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\geeda.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\geeda.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 6:00:34 PM 5/3/2007 Listing files found while scanning.... VundoFix V6.3.21 Checking Java version... Scan started at 6:06:49 PM 5/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\kmllm.bak2 C:\WINDOWS\system32\kmllm.ini C:\WINDOWS\system32\mllmk.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\kmllm.bak2 C:\WINDOWS\system32\kmllm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\kmllm.ini C:\WINDOWS\system32\kmllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mllmk.dll C:\WINDOWS\system32\mllmk.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 6:39:19 PM 5/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\ssqpm.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\mpqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpm.dll C:\WINDOWS\system32\ssqpm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 9:34:34 PM 5/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\accdd.bak1 C:\WINDOWS\system32\accdd.ini C:\WINDOWS\system32\ddcca.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\accdd.bak1 C:\WINDOWS\system32\accdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\accdd.ini C:\WINDOWS\system32\accdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\ddcca.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\ddcca.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 7:22:53 AM 5/4/2007 Listing files found while scanning.... C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\gebcb.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 9:28:28 PM 5/4/2007 Listing files found while scanning.... C:\WINDOWS\system32\orutv.bak1 C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\vturo.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\orutv.bak1 C:\WINDOWS\system32\orutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\orutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:\windows\system32\rqrpqnn.dll c:\windows\system32\rqrpqnn.dll Has been deleted! Performing Repairs to the registry. Done! Here is my HijackThis log... Logfile of HijackThis v1.99.1 Scan saved at 9:53:19 PM, on 5/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HjT\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexopia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://pccreg.trendmicro.com/15/PCC/150/PCCREG/wcoBuy.asp?SN=PGEF%2D0017%2D3122%2D4449%2D0783&GUID=CECCCCCBCCC8CCCACCCAC9C4CCCAFC&PID=CIF0&VID=&Flag=RN O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {671FC01A-258F-4980-B6A8-9BBB4BC517E3} - C:\WINDOWS\system32\vturo.dll (file missing) O2 - BHO: (no name) - {89EF30C1-8051-4C05-AF2D-ED24E7064D00} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B712FD0E-D3C3-464C-A6AC-1D928339D567} - C:\WINDOWS\system32\ssqpm.dll (file missing) O2 - BHO: (no name) - {B838AC44-F8B2-47E7-AF6C-3EB8AB9A0950} - C:\WINDOWS\system32\mllmk.dll (file missing) O2 - BHO: (no name) - {B91B3086-E8C4-4481-9AF9-62632F829DEC} - C:\WINDOWS\system32\gebcb.dll (file missing) O2 - BHO: (no name) - {D2399033-3283-40CE-8753-510463E33941} - C:\WINDOWS\system32\ddcca.dll (file missing) O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175922139984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Ok I have scanned with AVG Anti-Spyware... Here are the logs you asked for... Logfile of HijackThis v1.99.1 Scan saved at 10:33:56 PM, on 5/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HjT\HijackThis_v1.99.1.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Windows Media Player\setup_wm.exe C:\Documents and Settings\HP_Administrator\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexopia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://pccreg.trendmicro.com/15/PCC/150/PCCREG/wcoBuy.asp?SN=PGEF%2D0017%2D3122%2D4449%2D0783&GUID=CECCCCCBCCC8CCCACCCAC9C4CCCAFC&PID=CIF0&VID=&Flag=RN O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {671FC01A-258F-4980-B6A8-9BBB4BC517E3} - C:\WINDOWS\system32\vturo.dll (file missing) O2 - BHO: (no name) - {89EF30C1-8051-4C05-AF2D-ED24E7064D00} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B712FD0E-D3C3-464C-A6AC-1D928339D567} - C:\WINDOWS\system32\ssqpm.dll (file missing) O2 - BHO: (no name) - {B838AC44-F8B2-47E7-AF6C-3EB8AB9A0950} - C:\WINDOWS\system32\mllmk.dll (file missing) O2 - BHO: (no name) - {B91B3086-E8C4-4481-9AF9-62632F829DEC} - C:\WINDOWS\system32\gebcb.dll (file missing) O2 - BHO: (no name) - {D2399033-3283-40CE-8753-510463E33941} - C:\WINDOWS\system32\ddcca.dll (file missing) O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175922139984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe VundoFix V6.3.21 Checking Java version... Scan started at 5:11:37 PM 5/2/2007 Listing files found while scanning.... C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\ddccc.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\cccdd.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\ddccc.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 5:55:37 PM 5/2/2007 Listing files found while scanning.... C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\geeda.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\geeda.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\geeda.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 6:00:34 PM 5/3/2007 Listing files found while scanning.... VundoFix V6.3.21 Checking Java version... Scan started at 6:06:49 PM 5/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\kmllm.bak2 C:\WINDOWS\system32\kmllm.ini C:\WINDOWS\system32\mllmk.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\kmllm.bak2 C:\WINDOWS\system32\kmllm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\kmllm.ini C:\WINDOWS\system32\kmllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mllmk.dll C:\WINDOWS\system32\mllmk.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 6:39:19 PM 5/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\ssqpm.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\mpqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpm.dll C:\WINDOWS\system32\ssqpm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 9:34:34 PM 5/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\accdd.bak1 C:\WINDOWS\system32\accdd.ini C:\WINDOWS\system32\ddcca.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\accdd.bak1 C:\WINDOWS\system32\accdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\accdd.ini C:\WINDOWS\system32\accdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\ddcca.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\ddcca.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 7:22:53 AM 5/4/2007 Listing files found while scanning.... C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\gebcb.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\bcbeg.bak1 C:\WINDOWS\system32\bcbeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\bcbeg.ini C:\WINDOWS\system32\bcbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.21 Checking Java version... Scan started at 9:28:28 PM 5/4/2007 Listing files found while scanning.... C:\WINDOWS\system32\orutv.bak1 C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\vturo.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\orutv.bak1 C:\WINDOWS\system32\orutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\orutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:\windows\system32\rqrpqnn.dll c:\windows\system32\rqrpqnn.dll Has been deleted! Performing Repairs to the registry. Done! --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 10:31:57 PM 5/4/2007 + Scan result: C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP37\A0015926.exe -> Backdoor.Rbot : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP27\A0006735.exe/mar01.exe -> Backdoor.Sdbot : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP35\A0014792.exe -> Backdoor.Sdbot : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP35\A0014797.exe -> Backdoor.Sdbot : Cleaned with backup (quarantined). :mozilla.31:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tz184x3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. ::Report end
Hi! Please download Deckard's System Scanner to your Desktop * Close all applications and windows. * Double-click on Dss.exe to run it, and follow the prompts. * The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt Please post Main.txt and Extra.txt
Hello! This is main.txt... Deckard's System Scanner v20070426.43 Run by HP_Administrator on 2007-05-05 at 11:17:12 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 41: 2007-05-05 18:17:18 UTC - RP41 - Deckard's System Scanner Restore Point 40: 2007-05-05 06:19:40 UTC - RP40 - Shockwave Player 39: 2007-05-05 06:19:21 UTC - RP39 - 38: 2007-05-04 07:37:57 UTC - RP38 - System Checkpoint 37: 2007-05-03 01:37:41 UTC - RP37 - Software Distribution Service 2.0 -- First Restore Point -- 1: 2007-04-06 06:24:09 UTC - RP1 - Installed AirPlus G Backed up registry hives. Performed disk cleanup. -- HijackThis (run as HP_Administrator.exe) ------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 11:18:42 AM, on 5/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ARPWRMSG.EXE c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\dllhost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\HP_Administrator\Desktop\dss.exe C:\DOCUME~1\HP_ADM~1\Desktop\HP_Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nexopia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://pccreg.trendmicro.com/15/PCC/150/PCCREG/wcoBuy.asp?SN=PGEF%2D0017%2D3122%2D4449%2D0783&GUID=CECCCCCBCCC8CCCACCCAC9C4CCCAFC&PID=CIF0&VID=&Flag=RN O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {671FC01A-258F-4980-B6A8-9BBB4BC517E3} - C:\WINDOWS\system32\vturo.dll (file missing) O2 - BHO: (no name) - {89EF30C1-8051-4C05-AF2D-ED24E7064D00} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B712FD0E-D3C3-464C-A6AC-1D928339D567} - C:\WINDOWS\system32\ssqpm.dll (file missing) O2 - BHO: (no name) - {B838AC44-F8B2-47E7-AF6C-3EB8AB9A0950} - C:\WINDOWS\system32\mllmk.dll (file missing) O2 - BHO: (no name) - {B91B3086-E8C4-4481-9AF9-62632F829DEC} - C:\WINDOWS\system32\gebcb.dll (file missing) O2 - BHO: (no name) - {D2399033-3283-40CE-8753-510463E33941} - C:\WINDOWS\system32\ddcca.dll (file missing) O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175922139984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver> S3 libusb0 (LibUsb-Win32 - Kernel Driver, Version 0.1.10.1) - c:\windows\system32\drivers\libusb0.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing) S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)> -- Scheduled Tasks ------------------------------------------------------------- 2007-04-25 11:42:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-04-05 23:17:41 338 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job 2005-09-14 21:06:09 380 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2007-04-05 and 2007-05-05 ----------------------------- 2007-05-04 23:36:00 1156 --a------ C:\WINDOWS\mozver.dat 2007-05-04 21:45:59 0 d-------- C:\HjT 2007-05-04 00:36:35 59563 --a------ C:\WINDOWS\system32\ddayw.dll 2007-05-03 18:43:40 0 dr-h----- C:\$VAULT$.AVG 2007-05-03 18:22:01 0 d-------- C:\Program Files\directx 2007-05-03 18:17:14 0 d-------- C:\Program Files\PIXELA 2007-05-03 17:58:22 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll 2007-05-03 17:58:21 0 d-------- C:\Drivers 2007-05-03 17:56:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2007-05-02 20:52:42 0 d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Free 2007-05-02 18:06:43 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7 2007-05-02 18:06:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-05-02 18:06:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-05-02 18:06:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-05-02 17:11:37 0 d-------- C:\VundoFix Backups 2007-05-01 22:41:06 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent 2007-05-01 20:39:43 0 d-------- C:\WINDOWS\CSC 2007-04-29 09:24:35 0 d-------- C:\Program Files\Kaspersky Lab 2007-04-29 09:21:27 0 d-------- C:\KAV 2007-04-29 08:41:08 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-04-28 10:30:24 0 d-------- C:\WINDOWS\system32\appmgmt 2007-04-25 19:54:00 0 d--hs---- C:\WINDOWS\ftpcache 2007-04-25 19:37:00 0 d-------- C:\Program Files\Activision 2007-04-25 18:59:08 0 d-------- C:\Program Files\PowerISO 2007-04-24 19:52:16 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-04-24 19:49:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2007-04-24 19:46:08 0 d-------- C:\WINDOWS\pss 2007-04-20 23:10:11 0 d-------- C:\Start Menu 2007-04-20 23:10:10 0 d-------- C:\Program Files\MTV Networks 2007-04-16 20:29:56 0 d-------- C:\Program Files\Simple DNS Plus 2007-04-16 19:44:12 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic 2007-04-16 19:43:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech 2007-04-15 22:35:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP 2007-04-15 21:27:02 18944 --a------ C:\WINDOWS\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32> 2007-04-15 21:27:02 19456 --a------ C:\WINDOWS\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32> 2007-04-15 21:27:02 46592 --a------ C:\WINDOWS\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32> 2007-04-15 21:27:02 33792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2007-04-15 21:27:02 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1 2007-04-15 18:33:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template 2007-04-15 18:33:25 170 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2007-04-14 11:02:52 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2007-04-09 05:27:07 31548 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> 2007-04-08 09:32:47 0 d-------- C:\Program Files\DVD Decrypter 2007-04-08 09:24:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe 2007-04-07 20:16:17 0 d-------- C:\Program Files\xp-AntiSpy 2007-04-07 18:51:09 0 d-------- C:\Program Files\iPod 2007-04-07 18:49:25 0 d-------- C:\Program Files\QuickTime 2007-04-07 18:48:39 0 d-------- C:\Program Files\Apple Software Update 2007-04-07 15:21:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc 2007-04-07 11:30:02 0 d-------- C:\WINDOWS\.file_store_32 2007-04-06 23:23:09 0 d-------- C:\WINDOWS\.jagex_cache_32 2007-04-06 23:15:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SwiftSwitch 2007-04-06 23:15:06 0 d-------- C:\Program Files\SwiftSwitch 2007-04-06 22:07:23 0 d-------- C:\WINDOWS\system32\PreInstall 2007-04-06 11:26:03 0 dr------- C:\Documents and Settings\LocalService\Favorites 2007-04-06 11:01:27 0 d-------- C:\Documents and Settings\HP_Administrator\Shared 2007-04-06 11:01:27 0 d-------- C:\Documents and Settings\HP_Administrator\Incomplete 2007-04-06 11:01:05 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2007-04-06 11:00:55 0 d-------- C:\Program Files\LimeWire 2007-04-06 10:41:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Screenshot Sender 2007-04-06 10:25:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-04-06 10:21:59 0 d-------- C:\Program Files\Windows Media Connect 2 2007-04-06 10:20:06 0 d-------- C:\WINDOWS\system32\LogFiles 2007-04-06 10:20:06 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-06 10:13:04 0 d-------- C:\Program Files\Messenger Plus! Live 2007-04-06 10:03:47 0 d-------- C:\Program Files\SpywareBlaster 2007-04-06 10:02:37 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-04-06 10:00:36 0 d-------- C:\Program Files\CCleaner 2007-04-06 09:51:46 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-06 09:51:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla 2007-04-06 09:49:17 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft 2007-04-06 09:34:54 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent 2007-04-06 09:34:32 0 d-------- C:\Program Files\uTorrent 2007-04-06 09:32:57 0 d-------- C:\WINDOWS\Sun 2007-04-06 09:32:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sun 2007-04-06 00:29:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo 2007-04-06 00:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-04-06 00:28:02 0 d-------- C:\Program Files\Comodo 2007-04-06 00:13:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-04-06 00:09:52 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia 2007-04-06 00:09:10 0 d-------- C:\Documents and Settings\HP_Administrator\Contacts 2007-04-06 00:08:12 0 d------c- C:\WINDOWS\system32\DRVSTORE 2007-04-06 00:07:57 0 d-------- C:\Program Files\MSN Messenger 2007-04-06 00:06:49 0 d-------- C:\Program Files\VideoLAN 2007-04-05 23:57:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2007-04-05 23:24:37 163840 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; Alpha Networks Inc.; WlanApp Dynamic Link Library> 2007-04-05 23:24:37 237568 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library> 2007-04-05 23:24:37 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit> 2007-04-05 23:24:37 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library> 2007-04-05 23:24:37 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator> 2007-04-05 23:24:37 630784 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Alpha Networks Inc.; ANIWZCS Dynamic Link Library> 2007-04-05 23:24:37 57407 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library> 2007-04-05 23:24:37 204800 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library> 2007-04-05 23:24:27 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library> 2007-04-05 23:24:27 50176 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver> 2007-04-05 23:24:27 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver> 2007-04-05 23:24:27 24288 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver> 2007-04-05 23:24:26 0 d-------- C:\Program Files\ANI 2007-04-05 23:24:21 0 d-------- C:\Program Files\D-Link 2007-04-05 23:18:55 0 dr-hs---- C:\cmdcons 2007-04-05 23:18:53 0 d-------- C:\WINDOWS\setup.pss 2007-04-05 23:18:23 0 d-------- C:\Program Files\Microsoft 2007-04-05 23:16:20 0 dr-h----- C:\Documents and Settings\HP_Administrator\SendTo 2007-04-05 23:16:20 0 d--h----- C:\Documents and Settings\HP_Administrator\PrintHood 2007-04-05 23:16:20 0 d--h----- C:\Documents and Settings\HP_Administrator\NetHood 2007-04-05 23:16:20 0 dr------- C:\Documents and Settings\HP_Administrator\My Documents 2007-04-05 23:16:20 0 d--h----- C:\Documents and Settings\HP_Administrator\Local Settings 2007-04-05 23:16:20 0 dr------- C:\Documents and Settings\HP_Administrator\Favorites 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Desktop 2007-04-05 23:16:20 0 d--hs---- C:\Documents and Settings\HP_Administrator\Cookies 2007-04-05 23:16:20 0 dr-h----- C:\Documents and Settings\HP_Administrator\Application Data 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ATI 2007-04-05 23:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2007-04-05 23:16:19 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS 2007-04-05 23:16:19 0 d--h----- C:\Documents and Settings\HP_Administrator\Templates 2007-04-05 23:16:19 0 dr------- C:\Documents and Settings\HP_Administrator\Start Menu 2007-04-05 23:16:19 3407872 --ah----- C:\Documents and Settings\HP_Administrator\NTUSER.DAT 2007-04-05 23:15:05 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\WINDOWS 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Real 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Intuit 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\Application Data\ATI 2007-04-05 23:14:33 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer 2007-04-05 23:13:40 0 d-------- C:\WINDOWS\Prefetch 2007-04-05 23:13:24 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT 2007-04-05 23:08:57 0 d--hs---- C:\System Volume Information 2007-04-05 22:57:42 0 d-------- C:\WINDOWS\I386 2007-04-05 22:49:33 0 dr-h----- C:\MSOCache 2007-04-05 22:49:33 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-04-05 22:49:33 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-04-05 22:49:33 0 d--h----- C:\Documents and Settings\Default User\Local Settings 2007-04-05 22:49:33 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-04-05 22:49:31 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-04-05 22:49:05 0 dr------- C:\Documents and Settings\All Users\Documents 2007-04-05 22:48:59 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-04-05 22:48:58 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-04-05 22:48:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-04-05 22:48:58 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-04-05 22:48:57 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-04-05 22:48:56 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-04-05 22:48:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-04-05 22:47:47 0 dr------- C:\WINDOWS\Offline Web Pages 2007-04-05 22:46:29 0 dr-hs---- C:\WINDOWS\system32\dllcache -- Find3M Report --------------------------------------------------------------- 2007-05-04 22:51:38 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-24 19:58:05 0 d-------- C:\Program Files\Google 2007-04-15 22:34:35 112942 --a------ C:\WINDOWS\hpoins07.dat 2007-04-07 18:51:25 0 d-------- C:\Program Files\iTunes 2007-04-05 23:54:57 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-04-05 23:53:22 0 d-------- C:\Program Files\Symantec 2007-04-05 23:17:42 0 d-------- C:\Program Files\Easy Internet signup -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {671FC01A-258F-4980-B6A8-9BBB4BC517E3} C:\WINDOWS\system32\vturo.dll [x] {89EF30C1-8051-4C05-AF2D-ED24E7064D00} C:\WINDOWS\system32\geeda.dll [x] {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll {B712FD0E-D3C3-464C-A6AC-1D928339D567} C:\WINDOWS\system32\ssqpm.dll [x] {B838AC44-F8B2-47E7-AF6C-3EB8AB9A0950} C:\WINDOWS\system32\mllmk.dll [x] {B91B3086-E8C4-4481-9AF9-62632F829DEC} C:\WINDOWS\system32\gebcb.dll [x] {D2399033-3283-40CE-8753-510463E33941} C:\WINDOWS\system32\ddcca.dll [x] {F38D448A-F274-4C34-B13B-A3E505E95209} C:\WINDOWS\system32\rqrpqnn.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "AlwaysReady Power Message APP"="ARPWRMSG.EXE" "RTHDCPL"="RTHDCPL.EXE" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe" "ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{F38D448A-F274-4C34-B13B-A3E505E95209}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN -- End of Deckard's System Scanner: finished at 2007-05-05 at 11:19:12 --------- This is extra.txt...
Sorry about that, here is extra.txt =) Deckard's System Scanner v20070426.43 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 1022.41 MiB / 473.32 MiB Pagefile Memory (total/avail): 2459.53 MiB / 1986.32 MiB Virtual Memory (total/avail): 2047.88 MiB / 1961.57 MiB C: is Fixed (NTFS) - 225.62 GiB total, 191.34 GiB free. D: is Fixed (FAT32) - 7.24 GiB total, 0.41 GiB free. E: is CDROM (UDF) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) K: is Removable (No Media) -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: COMODO Firewall Pro v2.3.035 (COMODO) AV: AVG 7.5.467 v7.5.467 (GRISOFT) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-55E5F9E3D2 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Administrator LOGONSERVER=\\YOUR-55E5F9E3D2 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0404 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp USERDOMAIN=YOUR-55E5F9E3D2 USERNAME=HP_Administrator USERPROFILE=C:\Documents and Settings\HP_Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- HP_Administrator (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uninstall.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Agere Systems PCI Soft Modem --> agrsmdel AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033 ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe" ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe" Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} ATI Catalyst Control Center --> MsiExec.exe /I{9A945BB0-FB9C-4DAA-9C72-789E4B97C595} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Barnyard Invasion from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe" Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe" Big Kahuna Reef from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D77E8A46-BEB4-49ED-B2D3-B77180169FA3\Uninstall.exe" Blackhawk Striker 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe" Blasterball 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe" Blasterball 2 Holidays from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1B497FAA-E53E-420D-8408-FFDD3278CD50\Uninstall.exe" Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe" Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe" Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe" Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033 CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln Crystal Maze from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe" Digby's Donuts from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A51671BD-9BE5-4944-AC62-A2A0B6FF5E54\Uninstall.exe" DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033 FATE Demo from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B68BB501-10CD-46E2-BB45-075A2ABFD242\Uninstall.exe" Flip Words from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1280194E-E9D5-4253-95E7-40169E2A4848\Uninstall.exe" GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 1.99.1 --> C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe /uninstall HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC} HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920} HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Tunes --> MsiExec.exe /X{D54193B7-D2DF-4977-B546-86CA48DB214E} HPTunesAddIn --> MsiExec.exe /I{69CF01AD-9E35-4BD7-9036-7B8478BEB839} Insaniquarium Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe" Intel(R) PRO Network Connections Drivers --> Prounstl.exe IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98} J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Jewel Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A73FAC36-8925-465D-8FA2-4DA98BD9B441\Uninstall.exe" LibUSB-Win32-0.1.10.1 --> "C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe" LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe" Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Away Mode --> Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9 muvee autoProducer unPlugged 1.1 - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}\setup.exe" -l0x9 Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309} Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C} Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe" PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033 Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe" Polar Golfer from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe" PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe" Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Ricochet Lost Worlds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe" SCRABBLE Blast from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2BA80327-9385-4EC8-9796-47C49BD73352\Uninstall.exe" SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe" SCRABBLE Rack Attack from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EC03679F-C9F0-46E8-864D-FCCF83F4EB86\Uninstall.exe" Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe" Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe" Slyder from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\600C800C-5985-4E74-AFE7-571001AC3FA4\Uninstall.exe" Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe" Swarm from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\133F647D-B454-42BC-ADBE-387482A29B88\Uninstall.exe" Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe" Update Rollup 2 for Windows XP Media Center Edition 2005 --> Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF} VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Wisdom-soft ScreenHunter 5.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG xp-AntiSpy 3.96-4 --> C:\Program Files\xp-AntiSpy\Uninstall.exe -- End of Deckard's System Scanner: finished at 2007-05-05 at 11:19:12 ---------
Hi! Make a new folder to C: like this C:\HjT and move HijackThis.exe there and run it. Run C:\HjT\HijackThis.exe and klick Do system scan only. Check these lines. O2 - BHO: (no name) - {671FC01A-258F-4980-B6A8-9BBB4BC517E3} - C:\WINDOWS\system32\vturo.dll (file missing) O2 - BHO: (no name) - {89EF30C1-8051-4C05-AF2D-ED24E7064D00} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: (no name) - {B712FD0E-D3C3-464C-A6AC-1D928339D567} - C:\WINDOWS\system32\ssqpm.dll (file missing) O2 - BHO: (no name) - {B838AC44-F8B2-47E7-AF6C-3EB8AB9A0950} - C:\WINDOWS\system32\mllmk.dll (file missing) O2 - BHO: (no name) - {B91B3086-E8C4-4481-9AF9-62632F829DEC} - C:\WINDOWS\system32\gebcb.dll (file missing) O2 - BHO: (no name) - {D2399033-3283-40CE-8753-510463E33941} - C:\WINDOWS\system32\ddcca.dll (file missing) O2 - BHO: (no name) - {F38D448A-F274-4C34-B13B-A3E505E95209} - C:\WINDOWS\system32\rqrpqnn.dll (file missing) And klick Fix chcked. 1) Please download the Killbox. Save it to the desktop and run it. 2) Select "Delete on Reboot", and then select "All files". 3) Copy the file names below to the clipboard by highlighting them and pressing Control-C: C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\wyadd.* 4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". 5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1. Click the "Download" button to the right. Check the box that says: "Accept License Agreement." The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove the following... J2SE Runtime Environment 5.0 Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version. Boot your computer now. After that, Do you have any problems?
Hello When I try to download KillBox, the webpage tells me it's not found, and it has a 404 error. Is there another link you have?
