Author Topic: madhatter needs help again....=/ (Read 3756 times)

MadHatter · « **on:** September 29, 2007, 06:52:54 PM »

let my cousin on my computer....and i come back in 2 hours and he downloads tons of worms....help pleasee pop ups are coming up to get me to download AV software....currently scanning with kaspersky and then ill scan with spy sweeper...please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:13 PM, on 9/29/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8380 bytes

guestolo · « **Reply #1 on:** September 30, 2007, 01:11:06 AM »

Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

MadHatter · « **Reply #2 on:** September 30, 2007, 08:57:02 AM »

C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cscript.exe

I also got rid of these two using Hijack this....
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll

kaspersky scanned and detected a trojan - zlob or something like that and it got rid of it but i still get pop ups from the worm in my system tray that tells me to download "certified antivirus software to remove the worm" obviously i jsut ignore it....

and thanks for your help Guestolo

guestolo · « **Reply #3 on:** September 30, 2007, 09:25:34 AM »

MadHatter, you didn't post the whole log from Smitfraudfix
Locate this file
C:\Rapport.txt
Open that file and copy>>paste back here the WHOLE contents

You can use EDIT>>SELECT ALL
EDIT>>COPY to ensure that you copy the whole log

guestolo · « **Reply #4 on:** September 30, 2007, 11:23:49 AM »

I just realized you are running Windows Vista, don't worry about the report from Smitfraudfix

Quote

I also got rid of these two using Hijack this....
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll

Can I see a fresh hijackthis log please

MadHatter · « **Reply #5 on:** September 30, 2007, 11:38:56 AM »

Guestolo, a text file didnt appear....i made a video of me doing the steps...Smitfraud says there is a error...i dont know what to do...

heres the video:

http://www.youtube.com/watch?v=GEatuIuckww

fresh hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:55 PM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7961 bytes

guestolo · « **Reply #6 on:** September 30, 2007, 11:43:12 AM »

Nice video MadHatter, sorry about the log, I forgot that you were using Vista
Smitfraudfix is not compatible

Can you do 2 things for me please
Without clicking the Security alert icon by the clock, do you know what Program it wants you to install?

Also, can you post a fresh hijackthis log, let's see what's leftover

Edit, thanks for the log above, I was posting the same time as you
Can you still let me know the following please

Quote

Without clicking the Security alert icon by the clock, do you know what Program it wants you to install?

MadHatter · « **Reply #7 on:** September 30, 2007, 11:56:33 AM »

No i dont, but im pretty sure that its the same programs as these: IE randomly pops up and wants me to download these programs...i obviously refuse and it is also trying to install a BHO as well as change my homepage but spyware guard blocked that everytime my computer starts up

all the programs are different everyitme a new IE window pops up but the website is the same (www.sec/urea/ddons/.com....added random "/'s" so you dont click on that

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />)

heres a screenshot

guestolo · « **Reply #8 on:** September 30, 2007, 11:59:02 AM »

Not a lot of fixes are compatible with Vista, but let's do the following
Both the next tools should be of some help

first:
Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download [color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================

C:\Program Files\Online Video Add-on

======================================================
Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt.

[color=\"red\"]Note[/color]: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt will create a log here
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run., I'll need to see this log in a bit

Come back here and post the following

1. Post the log from OTMoveIt

2. Can you also do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt and extra.txt

NOTE: If you are prompted by SpySweeper, SpywareGuard, or Windows Defender about changes to your registry
You have to ensure to properly allow the fixes we did with Hijackthis

MadHatter · « **Reply #9 on:** September 30, 2007, 01:14:51 PM »

I rebooted after i copied and pasted and used the move it program but a new log was never generated...

Folder move failed. C:\Program Files\Online Video Add-on scheduled to be moved on reboot.

Created on 09/30/2007 13:02:18

Main.txt log

Deckard's System Scanner v20070905.67
Run by rpatel on 2007-09-30 13:27:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2007-09-30 06:28:16 UTC - RP59 - Windows Defender Checkpoint
14: 2007-09-29 20:20:49 UTC - RP57 - Installed DirectX
13: 2007-09-29 16:14:52 UTC - RP55 - Scheduled Checkpoint
12: 2007-09-27 22:33:15 UTC - RP54 - Windows Update
11: 2007-09-27 03:16:04 UTC - RP53 - Windows Update

-- First Restore Point --
1: 2007-09-23 01:28:02 UTC - RP42 - Installed Windows Live installer

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as rpatel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:09 PM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\cmd.exe
C:\Users\rpatel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rpatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7598 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070929-131231-147 O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (file missing)
backup-20070930-093859-194 O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
backup-20070930-094147-396 O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
backup-20070930-130104-276 O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe
backup-20070930-130104-421 O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&1&53
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&1&53
Service:

-- Scheduled Tasks -------------------------------------------------------------

2007-09-30 13:30:00 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{1D3112D1-AAD2-46D2-A8C0-5616C50DA2A6}.job
2007-09-30 12:39:00 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2007-08-30 and 2007-09-30 -----------------------------

2007-09-30 11:28:01 0 d-------- C:\Program Files\HyCam2
2007-09-29 17:25:45 0 d-------- C:\Program Files\Online Video Add-on
2007-09-29 16:18:58 0 d-------- C:\Users\All Users\Microsoft Games
2007-09-29 09:08:31 0 d-------- C:\Program Files\Trend Micro
2007-09-25 20:10:42 0 d-------- C:\Windows\system32\appmgmt
2007-09-25 20:04:17 0 d-------- C:\Program Files\HP Help and Support Vista
2007-09-23 11:26:20 0 d-------- C:\Program Files\MSXML 4.0
2007-09-23 09:34:54 0 d-------- C:\Program Files\Veoh Networks
2007-09-23 09:31:05 0 d-------- C:\Windows\Downloaded Installations
2007-09-22 21:57:29 0 d-------- C:\Users\All Users\Messenger Plus!
2007-09-22 21:57:18 0 d-------- C:\Program Files\MSN Messenger
2007-09-22 21:56:30 0 d-------- C:\Program Files\MessengerDiscovery
2007-09-22 21:53:17 0 d-------- C:\Program Files\Messenger Plus! Live
2007-09-22 21:49:02 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-22 21:29:35 0 d-------- C:\Program Files\Windows Live
2007-09-22 21:27:54 0 d-------- C:\Users\All Users\WLInstaller
2007-09-22 18:56:39 0 d-------- C:\Program Files\3wPlayer
2007-09-22 17:14:08 0 d-------- C:\Users\All Users\HP
2007-09-22 16:59:42 0 d-------- C:\Users\All Users\CyberLink
2007-09-22 16:51:51 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-09-22 16:51:51 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-09-22 16:47:56 0 d-------- C:\Program Files\Bioscrypt
2007-09-22 16:38:43 0 d-------- C:\Windows\Sminst
2007-09-22 16:36:18 0 d-------- C:\Program Files\HP DVB-T TV Tuner
2007-09-22 16:36:03 0 d-------- C:\Program Files\HP
2007-09-22 16:32:44 0 d-------- C:\Program Files\HPQ
2007-09-22 16:31:46 0 d-------- C:\Program Files\Common Files\LightScribe
2007-09-22 16:16:47 1560576 --a------ C:\Windows\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 16:16:47 1560576 --a------ C:\Windows\system32\BttnCmns.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 16:16:46 987136 --a------ C:\Windows\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 15:40:34 81549 --a------ C:\Windows\system32\drivers\klin.dat
2007-09-22 15:40:34 82061 --a------ C:\Windows\system32\drivers\klick.dat
2007-09-22 15:38:04 0 d-------- C:\Program Files\Kaspersky Lab
2007-09-22 15:38:03 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-09-22 15:37:40 9060384 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2007-09-22 15:34:38 0 d-------- C:\KAV
2007-09-21 20:46:31 0 d-------- C:\Users\All Users\Webroot
2007-09-21 20:46:31 0 d-------- C:\Program Files\Webroot
2007-09-21 20:43:07 401162 --a------ C:\Windows\system32\perfh011.dat
2007-09-21 20:43:07 104024 --a------ C:\Windows\system32\perfc011.dat
2007-09-21 20:36:59 0 d-------- C:\Windows\ja-JP
2007-09-21 20:36:51 0 d-------- C:\Windows\system32\ja
2007-09-21 20:36:51 0 d-------- C:\Windows\system32411
2007-09-21 20:36:50 0 d-------- C:\Windows\system32\drivers\ja-JP
2007-09-21 20:34:46 0 d-------- C:\Program Files\SpywareGuard
2007-09-21 20:33:12 0 d-------- C:\Program Files\SpywareBlaster
2007-09-21 20:32:30 0 d-------- C:\Program Files\CCleaner
2007-09-21 20:31:35 0 d-------- C:\Program Files\Recuva
2007-09-21 20:15:44 472380 --a------ C:\Windows\system32\perfh01D.dat
2007-09-21 20:15:44 81494 --a------ C:\Windows\system32\perfc01D.dat
2007-09-21 20:12:42 0 d-------- C:\Windows\system32\sv
2007-09-21 20:12:42 0 d-------- C:\Windows\system3241D
2007-09-21 20:12:41 0 d-------- C:\Windows\system32\drivers\sv-SE
2007-09-21 20:12:26 0 d-------- C:\Windows\sv-SE
2007-09-21 19:50:00 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 19:49:43 0 d-------- C:\Program Files\DivX
2007-09-19 20:43:52 163840 --a------ C:\Windows\system32\unrar.dll
2007-09-19 20:43:50 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-19 20:43:50 282624 --a------ C:\Windows\system32\xvidvfw.dll
2007-09-19 20:43:50 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-09-19 20:43:48 7680 --a------ C:\Windows\system32\ff_vfw.dll
2007-09-19 20:43:47 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-18 20:45:52 0 d-------- C:\Program Files\Ventrilo
2007-09-18 20:45:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-18 03:12:32 0 d-------- C:\Users\All Users\Adobe
2007-09-18 03:12:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-18 02:40:25 0 d-------- C:\Users\rpatel\Program Files
2007-09-18 02:40:25 0 d-------- C:\Program Files\uTorrent
2007-09-18 02:13:48 0 d-------- C:\Program Files\Microsoft Experience Pack for Windows Vista
2007-09-18 01:20:16 0 d-------- C:\Users\All Users\AOL OCP
2007-09-18 01:20:14 0 d-------- C:\Users\All Users\AOL
2007-09-18 01:20:04 0 d-------- C:\Users\All Users\Viewpoint
2007-09-18 01:20:02 0 d-------- C:\Program Files\Viewpoint
2007-09-18 01:19:28 0 d-------- C:\Program Files\Common Files\AOL
2007-09-18 01:18:58 0 d-------- C:\Program Files\AIM6
2007-09-18 01:18:55 335 --a------ C:\Windows\nsreg.dat
2007-09-18 01:18:12 0 d-------- C:\Users\All Users\AOL Downloads
2007-09-17 14:23:00 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-17 14:23:00 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-17 14:22:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 14:22:58 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-15 16:14:57 0 d-------- C:\Windows\system32\Macromed
2007-09-15 16:06:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 15:57:37 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-14 09:53:00 0 d-------- C:\Program Files\Broadcom
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Templates
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Start Menu
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\SendTo
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Recent
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\PrintHood
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\NetHood
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\My Documents
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Local Settings
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Cookies
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Application Data
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Videos
2007-09-14 09:40:41 0 d-------- C:\Users\admin\Saved Games
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Pictures
2007-09-14 09:40:41 262144 --ahs---- C:\Users\admin\NTUSER.DAT
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Music
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Links
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Favorites
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Downloads
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Documents
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Desktop
2007-09-14 09:40:41 0 d--h----- C:\Users\admin\AppData
2007-09-14 09:38:54 0 dr------- C:\Users\rpatel\Searches
2007-09-14 09:38:35 0 dr------- C:\Users\rpatel\Contacts
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Templates
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Start Menu
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\SendTo
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Recent
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\PrintHood
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\NetHood
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\My Documents
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Local Settings
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Cookies
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Application Data
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Videos
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Saved Games
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Pictures
2007-09-14 09:38:14 2097152 --ahs---- C:\Users\rpatel\NTUSER.DAT
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Music
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Links
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Favorites
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Downloads
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Documents
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Desktop
2007-09-14 09:38:14 0 d--h----- C:\Users\rpatel\AppData
2007-09-14 01:47:05 0 d-------- C:\Windows\Panther
2007-09-14 01:21:51 0 d-------- C:\Windows.old
2007-09-14 00:54:52 12 --a------ C:\Windows\bthservsdp.dat
2007-09-14 00:54:06 0 d-------- C:\Windows\SoftwareDistribution
2007-09-14 00:52:56 0 d-------- C:\Windows\Debug
2007-09-14 00:52:55 0 d-------- C:\Windows\CSC
2007-09-14 00:48:54 0 d-------- C:\Windows\Prefetch
2007-09-13 23:52:25 685610 --a------ C:\Windows\system32\perfh00A.dat
2007-09-13 23:52:25 121582 --a------ C:\Windows\system32\perfc00A.dat
2007-09-13 23:50:48 0 d-------- C:\Windows\system32\es
2007-09-13 23:50:48 0 d-------- C:\Windows\system32C0A
2007-09-13 23:50:46 0 d-------- C:\Windows\system32\drivers\es-ES
2007-09-13 23:50:34 0 d-------- C:\Windows\es-ES
2007-09-13 23:30:05 0 d-------- C:\Users\All Users\NVIDIA
2007-09-13 23:26:51 0 d-------- C:\Program Files\Fingerprint Sensor
2007-09-13 23:24:00 0 d-------- C:\Program Files\Hewlett-Packard
2007-09-13 23:15:13 0 d-------- C:\Program Files\BitLocker
2007-09-13 23:14:54 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2007-09-13 23:14:08 0 d-------- C:\Program Files\Synaptics
2007-09-13 22:53:59 0 d-------- C:\Program Files\Microsoft Works
2007-09-13 22:53:13 0 d-------- C:\Windows\PCHEALTH
2007-09-13 22:53:13 0 d-------- C:\Program Files\Microsoft.NET
2007-09-13 22:50:25 0 d-------- C:\Users\All Users\Microsoft Help
2007-09-13 22:50:20 0 d--hs---- C:\Windows\Installer
2007-09-13 22:06:41 0 dr------- C:\Users\Dad\Searches
2007-09-13 22:06:19 0 dr------- C:\Users\Dad\Contacts
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Templates
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Start Menu
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\SendTo
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Recent
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\PrintHood
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\NetHood
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\My Documents
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Local Settings
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Cookies
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Application Data
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Favorites
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Downloads
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Documents
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Desktop
2007-09-13 22:06:01 0 d--h----- C:\Users\Dad\AppData
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Videos
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Saved Games
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Pictures
2007-09-13 22:06:00 786432 --ahs---- C:\Users\Dad\NTUSER.DAT
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Music
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Links
2007-09-13 22:02:02 0 d-------- C:\Users\All Users\AppData
2007-09-04 22:11:06 2 -rahs---- C:\$drvmig$

-- Find3M Report ---------------------------------------------------------------

2007-09-30 13:18:02 35416 --a------ C:\Users\rpatel\AppData\Roaming\nvModes.001
2007-09-30 13:07:55 35416 --a------ C:\Users\rpatel\AppData\Roaming\nvModes.dat
2007-09-30 11:28:09 0 d-------- C:\Users\rpatel\AppData\Roaming\DivX
2007-09-30 11:09:06 0 d-------- C:\Users\rpatel\AppData\Roaming\uTorrent
2007-09-29 16:21:45 0 d-------- C:\Program Files\Microsoft Games
2007-09-29 16:16:33 0 d-------- C:\Users\rpatel\AppData\Roaming\Microsoft Game Studios
2007-09-22 17:27:08 0 d-------- C:\Users\rpatel\AppData\Roaming\Hewlett-Packard
2007-09-22 17:15:06 0 d-------- C:\Users\rpatel\AppData\Roaming\CyberLink
2007-09-22 17:14:08 0 d-------- C:\Users\rpatel\AppData\Roaming\HP
2007-09-22 16:31:46 0 d-------- C:\Program Files\Common Files
2007-09-21 20:45:11 0 d-------- C:\Users\rpatel\AppData\Roaming\Webroot
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Sidebar
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Mail
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Journal
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Collaboration
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Calendar
2007-09-21 20:37:01 0 d-------- C:\Program Files\Movie Maker
2007-09-21 20:37:00 0 d-------- C:\Program Files\Windows Photo Gallery
2007-09-21 20:37:00 0 d-------- C:\Program Files\Windows Defender
2007-09-19 20:21:34 0 d-------- C:\Users\rpatel\AppData\Roaming\WinRAR
2007-09-18 20:47:29 0 d-------- C:\Users\rpatel\AppData\Roaming\Ventrilo
2007-09-18 03:13:50 0 d-------- C:\Users\rpatel\AppData\Roaming\Adobe
2007-09-18 01:20:37 0 d-------- C:\Users\rpatel\AppData\Roaming\acccore
2007-09-18 01:18:55 0 d-------- C:\Users\rpatel\AppData\Roaming\Mozilla
2007-09-15 16:16:22 0 d-------- C:\Users\rpatel\AppData\Roaming\Macromedia
2007-09-14 10:31:51 0 d-------- C:\Users\rpatel\AppData\Roaming\Talkback
2007-09-14 09:52:59 0 d-------- C:\Users\rpatel\AppData\Roaming\InstallShield
2007-09-14 09:38:41 0 d-------- C:\Users\rpatel\AppData\Roaming\Identities
2007-09-13 22:44:09 174 --ahs---- C:\Program Files\desktop.ini
2007-09-13 19:45:23 514 --a------ C:\sccfg.sys
2007-08-20 20:26:52 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 20:26:52 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-15 18:33:14 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-08-15 18:30:26 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"= C:\Program Files\Online Video Add-on\ictmdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/13/2007 10:34 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2007 01:14 AM]
"NvSvc"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 09:56 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 09:32 AM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 10:58 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/23/2007 06:11 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/01/2007 07:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:34 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [09/12/2007 07:33 PM]
"@"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]

C:\Users\rpatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ
Cognizance   ASBroker
GPSvcGroup   GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a68d5f8d-627d-11dc-a55f-806e6f6e6963}]
AutoRun\command- E:\Startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-09-30 14:05:34 ------------

Extra.txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

MicrosoftÂ® Windows Vistaâ„¢ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1982 MiB / 780.3 MiB
Pagefile Memory (total/avail): 4180.09 MiB / 3282.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.63 MiB

C: is Fixed (NTFS) - 140.81 GiB total, 87.35 GiB free.
D: is Fixed (NTFS) - 8.24 GiB total, 0.26 GiB free.
E: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2160BH PL SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.81 GiB - C:
\PARTITION1 - Installable File System - 8.24 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AS: Spy Sweeper v5.3.2.2361 (Webroot Software Inc)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\rpatel\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAD-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\rpatel
LOCALAPPDATA=C:\Users\rpatel\AppData\Local
LOGONSERVER=\\EARTH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\rpatel\AppData\Local\Temp
TMP=C:\Users\rpatel\AppData\Local\Temp
USERDOMAIN=WHSCHOOL
USERNAME=rpatel
USERPROFILE=C:\Users\rpatel
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

admin (admin)
rpatel
Dad

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ÂµTorrent --> "C:\Users\rpatel\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{55CABB2F-4513-4FF1-B912-B45F93FC5B01}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESU for Microsoft Vista --> MsiExec.exe /X{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}
Halo 2 for Windows Vista --> C:\Program Files\Microsoft Games\Halo 2\StartUp.exe /tnp:/remove
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{E59A46D4-699C-4DC8-969F-DAC3395B4543}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Quick Launch Buttons 6.10 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Wireless Assistant --> MsiExec.exe /I{355FADAF-55C4-4E08-88D4-A86C4CA6930C}
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
IE Custom Tools --> "C:\Program Files\Online Video Add-on\ictun.exe"
Information Center --> "C:\Program Files\Online Video Add-on\icun.exe"
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MessengerDiscovery Live 1.3.0322 --> "C:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft Experience Pack for Windows Vista --> MsiExec.exe /I{DC78E7F6-F045-48B1-92C3-37F5BDBBD5BA}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Online Video Add-on --> C:\Program Files\Online Video Add-on\uninst.exe
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{57423786-45C6-4BD9-B4DF-6E681D089648}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type2874 / Error
Event Submitted/Written: 09/30/2007 01:25:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.4.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 94c
Start Time: 01c80386609e33f2
Termination Time: 16

Event Record #/Type2873 / Error
Event Submitted/Written: 09/30/2007 01:18:27 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.4.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17dc
Start Time: 01c80384dec98742
Termination Time: 0

Event Record #/Type2861 / Error
Event Submitted/Written: 09/30/2007 01:06:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program aim6.exe version 1.4.9.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f58
Start Time: 01c80384235454e2
Termination Time: 0

Event Record #/Type2855 / Success
Event Submitted/Written: 09/30/2007 01:05:34 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type2854 / Success
Event Submitted/Written: 09/30/2007 01:05:33 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type25289 / Warning
Event Submitted/Written: 09/30/2007 01:30:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WHSCHOOL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WHSCHOOL27 can't undo changes that you allow.

For more information please see the following:
%WHSCHOOL275

   Scan ID: {84162812-3C70-48F7-A699-F990137ECDDB}

   User: WHSCHOOL\rpatel

   Name: %WHSCHOOL271

   ID: %WHSCHOOL272

   Severity ID: %WHSCHOOL273

   Category ID: %WHSCHOOL274

   Path Found: %WHSCHOOL276

   Alert Type: %WHSCHOOL278

   Detection Type: 1.1.1505.02

Event Record #/Type25288 / Warning
Event Submitted/Written: 09/30/2007 01:30:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WHSCHOOL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WHSCHOOL27 can't undo changes that you allow.

For more information please see the following:
%WHSCHOOL275

   Scan ID: {94020491-172C-4EFD-B6A2-0E76C92C1ABA}

   User: WHSCHOOL\rpatel

   Name: %WHSCHOOL271

   ID: %WHSCHOOL272

   Severity ID: %WHSCHOOL273

   Category ID: %WHSCHOOL274

   Path Found: %WHSCHOOL276

   Alert Type: %WHSCHOOL278

   Detection Type: 1.1.1505.02

Event Record #/Type25287 / Warning
Event Submitted/Written: 09/30/2007 01:30:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WHSCHOOL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WHSCHOOL27 can't undo changes that you allow.

For more information please see the following:
%WHSCHOOL275

   Scan ID: {BFB0FCC4-7332-495B-A395-7CC0C7E3D18A}

   User: WHSCHOOL\rpatel

   Name: %WHSCHOOL271

   ID: %WHSCHOOL272

   Severity ID: %WHSCHOOL273

   Category ID: %WHSCHOOL274

   Path Found: %WHSCHOOL276

   Alert Type: %WHSCHOOL278

   Detection Type: 1.1.1505.02

Event Record #/Type25286 / Warning
Event Submitted/Written: 09/30/2007 01:30:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WHSCHOOL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WHSCHOOL27 can't undo changes that you allow.

For more information please see the following:
%WHSCHOOL275

   Scan ID: {ED8ED3D7-84E1-45BA-9287-02057EF754EE}

   User: WHSCHOOL\rpatel

   Name: %WHSCHOOL271

   ID: %WHSCHOOL272

   Severity ID: %WHSCHOOL273

   Category ID: %WHSCHOOL274

   Path Found: %WHSCHOOL276

   Alert Type: %WHSCHOOL278

   Detection Type: 1.1.1505.02

Event Record #/Type25285 / Warning
Event Submitted/Written: 09/30/2007 01:30:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%WHSCHOOL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WHSCHOOL27 can't undo changes that you allow.

For more information please see the following:
%WHSCHOOL275

   Scan ID: {9C6086EE-E33A-4F5F-A0F0-C6AE178CF227}

   User: WHSCHOOL\rpatel

   Name: %WHSCHOOL271

   ID: %WHSCHOOL272

   Severity ID: %WHSCHOOL273

   Category ID: %WHSCHOOL274

   Path Found: %WHSCHOOL276

   Alert Type: %WHSCHOOL278

   Detection Type: 1.1.1505.02

-- End of Deckard's System Scanner: finished at 2007-09-30 14:05:34 ------------

guestolo · « **Reply #10 on:** September 30, 2007, 01:33:09 PM »

Can you double check and see if OTMoveIt made a log here

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <--date of log

Also, access add/remove programs and see if the following are listed and uninstall them if found
IE Custom Tools
Information Center
Online Video Add-on

Reboot the computer

Delete this folder if still around
C:\Program Files\Online Video Add-on <-this folder

It's great that you have spyware protections, but I think your letting them interfere with any fixes we try
DO NOT let them interfere please, or we'll have to disable them till you are clean

MadHatter · « **Reply #11 on:** September 30, 2007, 01:38:29 PM »

I couldnt find the log, and i removed the 3 programs, and i deleted the folder...

guestolo · « **Reply #12 on:** September 30, 2007, 01:47:00 PM »

Let's see what we're left with

Can you once again
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete
Post the contents of just main.txt

MadHatter · « **Reply #13 on:** September 30, 2007, 06:16:21 PM »

Sorr....went out to get new glasses

here's the log

Deckard's System Scanner v20070905.67
Run by rpatel on 2007-09-30 14:47:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as rpatel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:02 PM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\rpatel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rpatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7616 bytes

-- Files created between 2007-08-30 and 2007-09-30 -----------------------------

2007-09-30 11:28:01 0 d-------- C:\Program Files\HyCam2
2007-09-29 16:18:58 0 d-------- C:\Users\All Users\Microsoft Games
2007-09-29 09:08:31 0 d-------- C:\Program Files\Trend Micro
2007-09-25 20:10:42 0 d-------- C:\Windows\system32\appmgmt
2007-09-25 20:04:17 0 d-------- C:\Program Files\HP Help and Support Vista
2007-09-23 11:26:20 0 d-------- C:\Program Files\MSXML 4.0
2007-09-23 09:34:54 0 d-------- C:\Program Files\Veoh Networks
2007-09-23 09:31:05 0 d-------- C:\Windows\Downloaded Installations
2007-09-22 21:57:29 0 d-------- C:\Users\All Users\Messenger Plus!
2007-09-22 21:57:18 0 d-------- C:\Program Files\MSN Messenger
2007-09-22 21:56:30 0 d-------- C:\Program Files\MessengerDiscovery
2007-09-22 21:53:17 0 d-------- C:\Program Files\Messenger Plus! Live
2007-09-22 21:49:02 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-22 21:29:35 0 d-------- C:\Program Files\Windows Live
2007-09-22 21:27:54 0 d-------- C:\Users\All Users\WLInstaller
2007-09-22 18:56:39 0 d-------- C:\Program Files\3wPlayer
2007-09-22 17:14:08 0 d-------- C:\Users\All Users\HP
2007-09-22 16:59:42 0 d-------- C:\Users\All Users\CyberLink
2007-09-22 16:51:51 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-09-22 16:51:51 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-09-22 16:47:56 0 d-------- C:\Program Files\Bioscrypt
2007-09-22 16:38:43 0 d-------- C:\Windows\Sminst
2007-09-22 16:36:18 0 d-------- C:\Program Files\HP DVB-T TV Tuner
2007-09-22 16:36:03 0 d-------- C:\Program Files\HP
2007-09-22 16:32:44 0 d-------- C:\Program Files\HPQ
2007-09-22 16:31:46 0 d-------- C:\Program Files\Common Files\LightScribe
2007-09-22 16:16:47 1560576 --a------ C:\Windows\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 16:16:47 1560576 --a------ C:\Windows\system32\BttnCmns.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 16:16:46 987136 --a------ C:\Windows\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 15:40:34 81549 --a------ C:\Windows\system32\drivers\klin.dat
2007-09-22 15:40:34 82061 --a------ C:\Windows\system32\drivers\klick.dat
2007-09-22 15:38:04 0 d-------- C:\Program Files\Kaspersky Lab
2007-09-22 15:38:03 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-09-22 15:37:40 9060384 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2007-09-22 15:34:38 0 d-------- C:\KAV
2007-09-21 20:46:31 0 d-------- C:\Users\All Users\Webroot
2007-09-21 20:46:31 0 d-------- C:\Program Files\Webroot
2007-09-21 20:43:07 401162 --a------ C:\Windows\system32\perfh011.dat
2007-09-21 20:43:07 104024 --a------ C:\Windows\system32\perfc011.dat
2007-09-21 20:36:59 0 d-------- C:\Windows\ja-JP
2007-09-21 20:36:51 0 d-------- C:\Windows\system32\ja
2007-09-21 20:36:51 0 d-------- C:\Windows\system32411
2007-09-21 20:36:50 0 d-------- C:\Windows\system32\drivers\ja-JP
2007-09-21 20:34:46 0 d-------- C:\Program Files\SpywareGuard
2007-09-21 20:33:12 0 d-------- C:\Program Files\SpywareBlaster
2007-09-21 20:32:30 0 d-------- C:\Program Files\CCleaner
2007-09-21 20:31:35 0 d-------- C:\Program Files\Recuva
2007-09-21 20:15:44 472380 --a------ C:\Windows\system32\perfh01D.dat
2007-09-21 20:15:44 81494 --a------ C:\Windows\system32\perfc01D.dat
2007-09-21 20:12:42 0 d-------- C:\Windows\system32\sv
2007-09-21 20:12:42 0 d-------- C:\Windows\system3241D
2007-09-21 20:12:41 0 d-------- C:\Windows\system32\drivers\sv-SE
2007-09-21 20:12:26 0 d-------- C:\Windows\sv-SE
2007-09-21 19:50:00 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 19:49:43 0 d-------- C:\Program Files\DivX
2007-09-19 20:43:52 163840 --a------ C:\Windows\system32\unrar.dll
2007-09-19 20:43:50 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-19 20:43:50 282624 --a------ C:\Windows\system32\xvidvfw.dll
2007-09-19 20:43:50 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-09-19 20:43:48 7680 --a------ C:\Windows\system32\ff_vfw.dll
2007-09-19 20:43:47 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-18 20:45:52 0 d-------- C:\Program Files\Ventrilo
2007-09-18 20:45:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-18 03:12:32 0 d-------- C:\Users\All Users\Adobe
2007-09-18 03:12:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-18 02:40:25 0 d-------- C:\Users\rpatel\Program Files
2007-09-18 02:40:25 0 d-------- C:\Program Files\uTorrent
2007-09-18 02:13:48 0 d-------- C:\Program Files\Microsoft Experience Pack for Windows Vista
2007-09-18 01:20:16 0 d-------- C:\Users\All Users\AOL OCP
2007-09-18 01:20:14 0 d-------- C:\Users\All Users\AOL
2007-09-18 01:20:04 0 d-------- C:\Users\All Users\Viewpoint
2007-09-18 01:20:02 0 d-------- C:\Program Files\Viewpoint
2007-09-18 01:19:28 0 d-------- C:\Program Files\Common Files\AOL
2007-09-18 01:18:58 0 d-------- C:\Program Files\AIM6
2007-09-18 01:18:55 335 --a------ C:\Windows\nsreg.dat
2007-09-18 01:18:12 0 d-------- C:\Users\All Users\AOL Downloads
2007-09-17 14:23:00 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-17 14:23:00 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-17 14:22:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 14:22:58 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-15 16:14:57 0 d-------- C:\Windows\system32\Macromed
2007-09-15 16:06:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 15:57:37 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-14 09:53:00 0 d-------- C:\Program Files\Broadcom
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Templates
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Start Menu
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\SendTo
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Recent
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\PrintHood
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\NetHood
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\My Documents
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Local Settings
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Cookies
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Application Data
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Videos
2007-09-14 09:40:41 0 d-------- C:\Users\admin\Saved Games
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Pictures
2007-09-14 09:40:41 262144 --ahs---- C:\Users\admin\NTUSER.DAT
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Music
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Links
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Favorites
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Downloads
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Documents
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Desktop
2007-09-14 09:40:41 0 d--h----- C:\Users\admin\AppData
2007-09-14 09:38:54 0 dr------- C:\Users\rpatel\Searches
2007-09-14 09:38:35 0 dr------- C:\Users\rpatel\Contacts
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Templates
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Start Menu
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\SendTo
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Recent
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\PrintHood
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\NetHood
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\My Documents
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Local Settings
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Cookies
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Application Data
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Videos
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Saved Games
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Pictures
2007-09-14 09:38:14 2097152 --ahs---- C:\Users\rpatel\NTUSER.DAT
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Music
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Links
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Favorites
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Downloads
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Documents
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Desktop
2007-09-14 09:38:14 0 d--h----- C:\Users\rpatel\AppData
2007-09-14 01:47:05 0 d-------- C:\Windows\Panther
2007-09-14 01:21:51 0 d-------- C:\Windows.old
2007-09-14 00:54:52 12 --a------ C:\Windows\bthservsdp.dat
2007-09-14 00:54:06 0 d-------- C:\Windows\SoftwareDistribution
2007-09-14 00:52:56 0 d-------- C:\Windows\Debug
2007-09-14 00:52:55 0 d-------- C:\Windows\CSC
2007-09-14 00:48:54 0 d-------- C:\Windows\Prefetch
2007-09-13 23:52:25 685610 --a------ C:\Windows\system32\perfh00A.dat
2007-09-13 23:52:25 121582 --a------ C:\Windows\system32\perfc00A.dat
2007-09-13 23:50:48 0 d-------- C:\Windows\system32\es
2007-09-13 23:50:48 0 d-------- C:\Windows\system32C0A
2007-09-13 23:50:46 0 d-------- C:\Windows\system32\drivers\es-ES
2007-09-13 23:50:34 0 d-------- C:\Windows\es-ES
2007-09-13 23:30:05 0 d-------- C:\Users\All Users\NVIDIA
2007-09-13 23:26:51 0 d-------- C:\Program Files\Fingerprint Sensor
2007-09-13 23:24:00 0 d-------- C:\Program Files\Hewlett-Packard
2007-09-13 23:15:13 0 d-------- C:\Program Files\BitLocker
2007-09-13 23:14:54 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2007-09-13 23:14:08 0 d-------- C:\Program Files\Synaptics
2007-09-13 22:53:59 0 d-------- C:\Program Files\Microsoft Works
2007-09-13 22:53:13 0 d-------- C:\Windows\PCHEALTH
2007-09-13 22:53:13 0 d-------- C:\Program Files\Microsoft.NET
2007-09-13 22:50:25 0 d-------- C:\Users\All Users\Microsoft Help
2007-09-13 22:50:20 0 d--hs---- C:\Windows\Installer
2007-09-13 22:06:41 0 dr------- C:\Users\Dad\Searches
2007-09-13 22:06:19 0 dr------- C:\Users\Dad\Contacts
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Templates
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Start Menu
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\SendTo
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Recent
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\PrintHood
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\NetHood
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\My Documents
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Local Settings
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Cookies
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Application Data
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Favorites
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Downloads
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Documents
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Desktop
2007-09-13 22:06:01 0 d--h----- C:\Users\Dad\AppData
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Videos
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Saved Games
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Pictures
2007-09-13 22:06:00 786432 --ahs---- C:\Users\Dad\NTUSER.DAT
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Music
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Links
2007-09-13 22:02:02 0 d-------- C:\Users\All Users\AppData
2007-09-04 22:11:06 2 -rahs---- C:\$drvmig$

-- Find3M Report ---------------------------------------------------------------

2007-09-30 13:18:02 35416 --a------ C:\Users\rpatel\AppData\Roaming\nvModes.001
2007-09-30 13:07:55 35416 --a------ C:\Users\rpatel\AppData\Roaming\nvModes.dat
2007-09-30 11:28:09 0 d-------- C:\Users\rpatel\AppData\Roaming\DivX
2007-09-30 11:09:06 0 d-------- C:\Users\rpatel\AppData\Roaming\uTorrent
2007-09-29 16:21:45 0 d-------- C:\Program Files\Microsoft Games
2007-09-29 16:16:33 0 d-------- C:\Users\rpatel\AppData\Roaming\Microsoft Game Studios
2007-09-22 17:27:08 0 d-------- C:\Users\rpatel\AppData\Roaming\Hewlett-Packard
2007-09-22 17:15:06 0 d-------- C:\Users\rpatel\AppData\Roaming\CyberLink
2007-09-22 17:14:08 0 d-------- C:\Users\rpatel\AppData\Roaming\HP
2007-09-22 16:31:46 0 d-------- C:\Program Files\Common Files
2007-09-21 20:45:11 0 d-------- C:\Users\rpatel\AppData\Roaming\Webroot
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Sidebar
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Mail
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Journal
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Collaboration
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Calendar
2007-09-21 20:37:01 0 d-------- C:\Program Files\Movie Maker
2007-09-21 20:37:00 0 d-------- C:\Program Files\Windows Photo Gallery
2007-09-21 20:37:00 0 d-------- C:\Program Files\Windows Defender
2007-09-19 20:21:34 0 d-------- C:\Users\rpatel\AppData\Roaming\WinRAR
2007-09-18 20:47:29 0 d-------- C:\Users\rpatel\AppData\Roaming\Ventrilo
2007-09-18 03:13:50 0 d-------- C:\Users\rpatel\AppData\Roaming\Adobe
2007-09-18 01:20:37 0 d-------- C:\Users\rpatel\AppData\Roaming\acccore
2007-09-18 01:18:55 0 d-------- C:\Users\rpatel\AppData\Roaming\Mozilla
2007-09-15 16:16:22 0 d-------- C:\Users\rpatel\AppData\Roaming\Macromedia
2007-09-14 10:31:51 0 d-------- C:\Users\rpatel\AppData\Roaming\Talkback
2007-09-14 09:52:59 0 d-------- C:\Users\rpatel\AppData\Roaming\InstallShield
2007-09-14 09:38:41 0 d-------- C:\Users\rpatel\AppData\Roaming\Identities
2007-09-13 22:44:09 174 --ahs---- C:\Program Files\desktop.ini
2007-09-13 19:45:23 514 --a------ C:\sccfg.sys
2007-08-20 20:26:52 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 20:26:52 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-15 18:33:14 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-08-15 18:30:26 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"= C:\Program Files\Online Video Add-on\ictmdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/13/2007 10:34 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2007 01:14 AM]
"NvSvc"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 09:56 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 09:32 AM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 10:58 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/23/2007 06:11 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/01/2007 07:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:34 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [09/12/2007 07:33 PM]
"@"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]

C:\Users\rpatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ
Cognizance   ASBroker
GPSvcGroup   GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a68d5f8d-627d-11dc-a55f-806e6f6e6963}]
AutoRun\command- E:\Startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-09-30 15:06:21 ------------

guestolo · « **Reply #14 on:** September 30, 2007, 07:31:38 PM »

I still see entries related to the problem

Can you try the following
Open a blank notepad file
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from Windows Registry Editor Version 5.00 and down in the code box

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"=-

[-HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]

Right click on fix.reg and select MERGE

allow to merge at the prompt
Reboot the computer

Again, DO NOT let Any spyware protections interfere with this fix

Come back here, since it doesn't take that long, can you again run dss.exe and post main.txt
Also let me know how things are now

MadHatter · « **Reply #15 on:** October 01, 2007, 10:25:54 AM »

Deckard's System Scanner v20070905.67
Run by rpatel on 2007-10-01 10:41:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as rpatel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:26 AM, on 10/1/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\cmd.exe
C:\Users\rpatel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rpatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7631 bytes

-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-09-30 21:05:38 0 d-------- C:\Program Files\Project64 1.6
2007-09-30 11:28:01 0 d-------- C:\Program Files\HyCam2
2007-09-29 16:18:58 0 d-------- C:\Users\All Users\Microsoft Games
2007-09-29 09:08:31 0 d-------- C:\Program Files\Trend Micro
2007-09-25 20:10:42 0 d-------- C:\Windows\system32\appmgmt
2007-09-25 20:04:17 0 d-------- C:\Program Files\HP Help and Support Vista
2007-09-23 11:26:20 0 d-------- C:\Program Files\MSXML 4.0
2007-09-23 09:34:54 0 d-------- C:\Program Files\Veoh Networks
2007-09-23 09:31:05 0 d-------- C:\Windows\Downloaded Installations
2007-09-22 21:57:29 0 d-------- C:\Users\All Users\Messenger Plus!
2007-09-22 21:57:18 0 d-------- C:\Program Files\MSN Messenger
2007-09-22 21:56:30 0 d-------- C:\Program Files\MessengerDiscovery
2007-09-22 21:53:17 0 d-------- C:\Program Files\Messenger Plus! Live
2007-09-22 21:49:02 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-22 21:29:35 0 d-------- C:\Program Files\Windows Live
2007-09-22 21:27:54 0 d-------- C:\Users\All Users\WLInstaller
2007-09-22 18:56:39 0 d-------- C:\Program Files\3wPlayer
2007-09-22 17:14:08 0 d-------- C:\Users\All Users\HP
2007-09-22 16:59:42 0 d-------- C:\Users\All Users\CyberLink
2007-09-22 16:51:51 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-09-22 16:51:51 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2007-09-22 16:47:56 0 d-------- C:\Program Files\Bioscrypt
2007-09-22 16:38:43 0 d-------- C:\Windows\Sminst
2007-09-22 16:36:18 0 d-------- C:\Program Files\HP DVB-T TV Tuner
2007-09-22 16:36:03 0 d-------- C:\Program Files\HP
2007-09-22 16:32:44 0 d-------- C:\Program Files\HPQ
2007-09-22 16:31:46 0 d-------- C:\Program Files\Common Files\LightScribe
2007-09-22 16:16:47 1560576 --a------ C:\Windows\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 16:16:47 1560576 --a------ C:\Windows\system32\BttnCmns.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 16:16:46 987136 --a------ C:\Windows\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2007-09-22 15:40:34 81549 --a------ C:\Windows\system32\drivers\klin.dat
2007-09-22 15:40:34 82061 --a------ C:\Windows\system32\drivers\klick.dat
2007-09-22 15:38:04 0 d-------- C:\Program Files\Kaspersky Lab
2007-09-22 15:38:03 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-09-22 15:37:40 9716256 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2007-09-22 15:34:38 0 d-------- C:\KAV
2007-09-21 20:46:31 0 d-------- C:\Users\All Users\Webroot
2007-09-21 20:46:31 0 d-------- C:\Program Files\Webroot
2007-09-21 20:43:07 401162 --a------ C:\Windows\system32\perfh011.dat
2007-09-21 20:43:07 104024 --a------ C:\Windows\system32\perfc011.dat
2007-09-21 20:36:59 0 d-------- C:\Windows\ja-JP
2007-09-21 20:36:51 0 d-------- C:\Windows\system32\ja
2007-09-21 20:36:51 0 d-------- C:\Windows\system32411
2007-09-21 20:36:50 0 d-------- C:\Windows\system32\drivers\ja-JP
2007-09-21 20:34:46 0 d-------- C:\Program Files\SpywareGuard
2007-09-21 20:33:12 0 d-------- C:\Program Files\SpywareBlaster
2007-09-21 20:32:30 0 d-------- C:\Program Files\CCleaner
2007-09-21 20:31:35 0 d-------- C:\Program Files\Recuva
2007-09-21 20:15:44 472380 --a------ C:\Windows\system32\perfh01D.dat
2007-09-21 20:15:44 81494 --a------ C:\Windows\system32\perfc01D.dat
2007-09-21 20:12:42 0 d-------- C:\Windows\system32\sv
2007-09-21 20:12:42 0 d-------- C:\Windows\system3241D
2007-09-21 20:12:41 0 d-------- C:\Windows\system32\drivers\sv-SE
2007-09-21 20:12:26 0 d-------- C:\Windows\sv-SE
2007-09-21 19:50:00 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 19:49:43 0 d-------- C:\Program Files\DivX
2007-09-19 20:43:52 163840 --a------ C:\Windows\system32\unrar.dll
2007-09-19 20:43:50 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-19 20:43:50 282624 --a------ C:\Windows\system32\xvidvfw.dll
2007-09-19 20:43:50 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-09-19 20:43:48 7680 --a------ C:\Windows\system32\ff_vfw.dll
2007-09-19 20:43:47 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-18 20:45:52 0 d-------- C:\Program Files\Ventrilo
2007-09-18 20:45:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-18 03:12:32 0 d-------- C:\Users\All Users\Adobe
2007-09-18 03:12:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-18 02:40:25 0 d-------- C:\Users\rpatel\Program Files
2007-09-18 02:40:25 0 d-------- C:\Program Files\uTorrent
2007-09-18 02:13:48 0 d-------- C:\Program Files\Microsoft Experience Pack for Windows Vista
2007-09-18 01:20:16 0 d-------- C:\Users\All Users\AOL OCP
2007-09-18 01:20:14 0 d-------- C:\Users\All Users\AOL
2007-09-18 01:20:04 0 d-------- C:\Users\All Users\Viewpoint
2007-09-18 01:20:02 0 d-------- C:\Program Files\Viewpoint
2007-09-18 01:19:28 0 d-------- C:\Program Files\Common Files\AOL
2007-09-18 01:18:58 0 d-------- C:\Program Files\AIM6
2007-09-18 01:18:55 335 --a------ C:\Windows\nsreg.dat
2007-09-18 01:18:12 0 d-------- C:\Users\All Users\AOL Downloads
2007-09-17 14:23:00 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-17 14:23:00 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-17 14:22:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 14:22:58 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-09-15 16:14:57 0 d-------- C:\Windows\system32\Macromed
2007-09-15 16:06:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 15:57:37 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-14 09:53:00 0 d-------- C:\Program Files\Broadcom
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Templates
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Start Menu
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\SendTo
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Recent
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\PrintHood
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\NetHood
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\My Documents
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Local Settings
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Cookies
2007-09-14 09:40:42 0 d--hs---- C:\Users\admin\Application Data
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Videos
2007-09-14 09:40:41 0 d-------- C:\Users\admin\Saved Games
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Pictures
2007-09-14 09:40:41 262144 --ahs---- C:\Users\admin\NTUSER.DAT
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Music
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Links
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Favorites
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Downloads
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Documents
2007-09-14 09:40:41 0 dr------- C:\Users\admin\Desktop
2007-09-14 09:40:41 0 d--h----- C:\Users\admin\AppData
2007-09-14 09:38:54 0 dr------- C:\Users\rpatel\Searches
2007-09-14 09:38:35 0 dr------- C:\Users\rpatel\Contacts
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Templates
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Start Menu
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\SendTo
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Recent
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\PrintHood
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\NetHood
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\My Documents
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Local Settings
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Cookies
2007-09-14 09:38:15 0 d--hs---- C:\Users\rpatel\Application Data
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Videos
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Saved Games
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Pictures
2007-09-14 09:38:14 2097152 --ahs---- C:\Users\rpatel\NTUSER.DAT
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Music
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Links
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Favorites
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Downloads
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Documents
2007-09-14 09:38:14 0 dr------- C:\Users\rpatel\Desktop
2007-09-14 09:38:14 0 d--h----- C:\Users\rpatel\AppData
2007-09-14 01:47:05 0 d-------- C:\Windows\Panther
2007-09-14 01:21:51 0 d-------- C:\Windows.old
2007-09-14 00:54:52 12 --a------ C:\Windows\bthservsdp.dat
2007-09-14 00:54:06 0 d-------- C:\Windows\SoftwareDistribution
2007-09-14 00:52:56 0 d-------- C:\Windows\Debug
2007-09-14 00:52:55 0 d-------- C:\Windows\CSC
2007-09-14 00:48:54 0 d-------- C:\Windows\Prefetch
2007-09-13 23:52:25 685610 --a------ C:\Windows\system32\perfh00A.dat
2007-09-13 23:52:25 121582 --a------ C:\Windows\system32\perfc00A.dat
2007-09-13 23:50:48 0 d-------- C:\Windows\system32\es
2007-09-13 23:50:48 0 d-------- C:\Windows\system32C0A
2007-09-13 23:50:46 0 d-------- C:\Windows\system32\drivers\es-ES
2007-09-13 23:50:34 0 d-------- C:\Windows\es-ES
2007-09-13 23:30:05 0 d-------- C:\Users\All Users\NVIDIA
2007-09-13 23:26:51 0 d-------- C:\Program Files\Fingerprint Sensor
2007-09-13 23:24:00 0 d-------- C:\Program Files\Hewlett-Packard
2007-09-13 23:15:13 0 d-------- C:\Program Files\BitLocker
2007-09-13 23:14:54 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2007-09-13 23:14:08 0 d-------- C:\Program Files\Synaptics
2007-09-13 22:53:59 0 d-------- C:\Program Files\Microsoft Works
2007-09-13 22:53:13 0 d-------- C:\Windows\PCHEALTH
2007-09-13 22:53:13 0 d-------- C:\Program Files\Microsoft.NET
2007-09-13 22:50:25 0 d-------- C:\Users\All Users\Microsoft Help
2007-09-13 22:50:20 0 d--hs---- C:\Windows\Installer
2007-09-13 22:06:41 0 dr------- C:\Users\Dad\Searches
2007-09-13 22:06:19 0 dr------- C:\Users\Dad\Contacts
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Templates
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Start Menu
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\SendTo
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Recent
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\PrintHood
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\NetHood
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\My Documents
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Local Settings
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Cookies
2007-09-13 22:06:03 0 d--hs---- C:\Users\Dad\Application Data
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Favorites
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Downloads
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Documents
2007-09-13 22:06:01 0 dr------- C:\Users\Dad\Desktop
2007-09-13 22:06:01 0 d--h----- C:\Users\Dad\AppData
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Videos
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Saved Games
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Pictures
2007-09-13 22:06:00 786432 --ahs---- C:\Users\Dad\NTUSER.DAT
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Music
2007-09-13 22:06:00 0 dr------- C:\Users\Dad\Links
2007-09-13 22:02:02 0 d-------- C:\Users\All Users\AppData
2007-09-04 22:11:06 2 -rahs---- C:\$drvmig$

-- Find3M Report ---------------------------------------------------------------

2007-10-01 10:32:06 35416 --a------ C:\Users\rpatel\AppData\Roaming\nvModes.dat
2007-10-01 10:32:06 35416 --a------ C:\Users\rpatel\AppData\Roaming\nvModes.001
2007-09-30 11:28:09 0 d-------- C:\Users\rpatel\AppData\Roaming\DivX
2007-09-30 11:09:06 0 d-------- C:\Users\rpatel\AppData\Roaming\uTorrent
2007-09-29 16:21:45 0 d-------- C:\Program Files\Microsoft Games
2007-09-29 16:16:33 0 d-------- C:\Users\rpatel\AppData\Roaming\Microsoft Game Studios
2007-09-22 17:27:08 0 d-------- C:\Users\rpatel\AppData\Roaming\Hewlett-Packard
2007-09-22 17:15:06 0 d-------- C:\Users\rpatel\AppData\Roaming\CyberLink
2007-09-22 17:14:08 0 d-------- C:\Users\rpatel\AppData\Roaming\HP
2007-09-22 16:31:46 0 d-------- C:\Program Files\Common Files
2007-09-21 20:45:11 0 d-------- C:\Users\rpatel\AppData\Roaming\Webroot
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Sidebar
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Mail
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Journal
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Collaboration
2007-09-21 20:37:01 0 d-------- C:\Program Files\Windows Calendar
2007-09-21 20:37:01 0 d-------- C:\Program Files\Movie Maker
2007-09-21 20:37:00 0 d-------- C:\Program Files\Windows Photo Gallery
2007-09-21 20:37:00 0 d-------- C:\Program Files\Windows Defender
2007-09-19 20:21:34 0 d-------- C:\Users\rpatel\AppData\Roaming\WinRAR
2007-09-18 20:47:29 0 d-------- C:\Users\rpatel\AppData\Roaming\Ventrilo
2007-09-18 03:13:50 0 d-------- C:\Users\rpatel\AppData\Roaming\Adobe
2007-09-18 01:20:37 0 d-------- C:\Users\rpatel\AppData\Roaming\acccore
2007-09-18 01:18:55 0 d-------- C:\Users\rpatel\AppData\Roaming\Mozilla
2007-09-15 16:16:22 0 d-------- C:\Users\rpatel\AppData\Roaming\Macromedia
2007-09-14 10:31:51 0 d-------- C:\Users\rpatel\AppData\Roaming\Talkback
2007-09-14 09:52:59 0 d-------- C:\Users\rpatel\AppData\Roaming\InstallShield
2007-09-14 09:38:41 0 d-------- C:\Users\rpatel\AppData\Roaming\Identities
2007-09-13 22:44:09 174 --ahs---- C:\Program Files\desktop.ini
2007-09-13 19:45:23 514 --a------ C:\sccfg.sys
2007-08-20 20:26:52 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 20:26:52 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-15 18:33:14 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-08-15 18:30:26 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/13/2007 10:34 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2007 01:14 AM]
"NvSvc"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 09:56 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 09:32 AM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 10:58 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/23/2007 06:11 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/01/2007 07:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:34 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [09/12/2007 07:33 PM]
"@"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]

C:\Users\rpatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ
Cognizance   ASBroker
GPSvcGroup   GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-10-01 11:11:11 ------------

things are running faster, no more random pop ups either

guestolo · « **Reply #16 on:** October 01, 2007, 10:06:46 PM »

Good work, you can delete the tools we used

Eg.. Smitfraudfix, OTMoveit.exe, Dss.exe
and the folder it created >>C:\Deckard

I'll lock this topic as your problems appear resolved, take care MadHatter

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: madhatter needs help again....=/ (Read 3756 times)

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/

MadHatter

madhatter needs help again....=/

guestolo

madhatter needs help again....=/