Author Topic: url.cpvfeed.com (Read 2128 times)

tmirelle · « **on:** May 26, 2007, 12:17:00 PM »

My browser keeps opening by itself & trying to go to url.cpvfeed.com

Apprciate someone to help me fix this.

thx

My hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:17 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe
C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: IntelÂ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

guestolo · « **Reply #1 on:** May 26, 2007, 12:23:51 PM »

Hi again tmirelle
I do see problems in your log, should be no problem removing the bad guys
Can you do a couple steps for me first however

Navigate to Hijackthis.exe
My Documents\My Downloads\utilities\hijackthis.exe
Right Click on hijackthis.exe and rename it too tanya.exe

Do another fresh scan and save logfile with tanya.exe (hijackthis) and post a fresh log

ALSO
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

ALLOW this script to run if prompted by your AntiVirus

tmirelle · « **Reply #2 on:** May 26, 2007, 01:10:42 PM »

Thanks!

OK new hijack log
Logfile of HijackThis v1.99.1
Scan saved at 10:58:17 AM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe
C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\DOCUME~1\TANYAM~1\LOCALS~1\Temp\fsbwih.exe
C:\WINDOWS\TEMP\IHTEMP\program\inst\Setup.exe
C:\WINDOWS\TEMP\FsSetup0000001\FSSetup.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: IntelÂ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Other thing:
INSTALLED SOFTWARE (366) - TANYA-HOME - 26/05/2007 11:05:32 AM

1Click DVD Copy Pro 2.4.1.6      Installed: 25/05/2007
5 Card Slingo from HP Media Center (remove only)
7-Zip 4.42
Adobe Acrobat 7.0 Professional   Ver: 7.0.0   Installed: 24/05/2007
Adobe Acrobat 7.0 Professional   Ver: 7.0.0   Installed: 24/05/2007
Adobe Bridge 1.0   Ver: 001.000.004   Installed: 11/02/2007
Adobe Common File Installer   Ver: 1.00.0000   Installed: 11/02/2007
Adobe Creative Suite 2
Adobe Flash Player 9 ActiveX   Ver: 9
Adobe GoLive CS2   Ver: 8.0.1   Installed: 11/02/2007
Adobe Help Center 1.0   Ver: 001.000.000   Installed: 11/02/2007
Adobe Illustrator CS2   Ver: 12.000.000   Installed: 11/02/2007
Adobe InDesign CS2   Ver: 004.000.000   Installed: 11/02/2007
Adobe PageMaker Plug-in Pack   Ver: 3.00.000
Adobe Photoshop CS2   Ver: 9.0   Installed: 11/02/2007
Adobe Stock Photos 1.0   Ver: 1.0.8   Installed: 16/02/2007
Adobe SVG Viewer 3.0   Ver: 3.0
Adobe Type Manager 4.1
Adobe Version Cue CS2   Ver: 2.0.1   Installed: 11/02/2007
Advanced Text2Gif 1.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan_CDA   Ver: 50.0.214.000   Installed: 04/03/2006
AiOSoftwareNPI   Ver: 50.0.214.000   Installed: 04/03/2006
Apple Software Update   Ver: 1.1.0.3   Installed: 24/05/2007
AstroPop Deluxe from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
BitComet 0.70   Ver: 0.70
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm   Ver: 53.0.13.000   Installed: 04/03/2006
Chuzzle Deluxe from HP Media Center (remove only)
CleanUp!
CodeStuff Starter   Ver: 5.6.2.0
CorelDRAW Graphics Suite X3   Ver: 13.1   Installed: 11/02/2007
CP_AtenaShokunin1Config   Ver: 53.0.13.000   Installed: 04/03/2006
CP_CalendarTemplates1   Ver: 53.0.13.000   Installed: 04/03/2006
cp_LightScribeConfig   Ver: 53.0.24.000   Installed: 23/12/2005
cp_LightScribePlugin   Ver: 53.0.24.000   Installed: 23/12/2005
CP_Package_Basic1   Ver: 53.0.13.000   Installed: 04/03/2006
CP_Package_Variety1   Ver: 53.0.13.000   Installed: 23/12/2005
CP_Package_Variety2   Ver: 53.0.13.000   Installed: 23/12/2005
CP_Package_Variety3   Ver: 53.0.13.000   Installed: 23/12/2005
CP_Panorama1Config   Ver: 53.0.13.000   Installed: 04/03/2006
Crystal Maze from HP Media Center (remove only)
CueTour   Ver: 53.0.13.000   Installed: 04/03/2006
Customer Experience Enhancement   Ver: Customer Experience Enhancement -1.0.0.1680   Installed: 23/12/2005
Customer Experience Enhancement   Ver: Customer Experience Enhancement -1.0.0.1680   Installed: 23/12/2005
CustomerResearchQFolder   Ver: 1.00.0000   Installed: 04/03/2006
Destinations   Ver: 53.0.13.000   Installed: 04/03/2006
DeviceFunctionQFolder   Ver: 1.00.0000   Installed: 04/03/2006
DeviceManagementQFolder   Ver: 1.00.0000   Installed: 04/03/2006
DivX 5.0.2 Bundle
DocProc   Ver: 5.2.0.0   Installed: 04/03/2006
DocumentViewer   Ver: 53.0.13.000   Installed: 04/03/2006
DocumentViewerQFolder   Ver: 1.00.0000   Installed: 04/03/2006
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14   Ver: 1.1.1067.14   Installed: 07/01/2007
DVD Ripper Platinum 4   Ver: 4.0.75.0511
EN   Ver: 13.1   Installed: 11/02/2007
eSupportQFolder   Ver: 1.00.0000   Installed: 04/03/2006
FATE from HP Media Center (remove only)
Fax_CDA   Ver: 50.0.214.000   Installed: 04/03/2006
FontNav   Ver: 5.0   Installed: 11/02/2007
FullDPAppQFolder   Ver: 1.00.0000   Installed: 04/03/2006
GdiplusUpgrade   Ver: 1.00.01   Installed: 07/04/2006
GemMaster Mystic
High Definition Audio Driver Package - KB888111   Ver: 20040219.000000
HijackThis 1.99.1   Ver: 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)      Installed: 14/03/2007
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)   Ver: 3
Hotfix for Windows XP (KB891593)   Ver: 2
Hotfix for Windows XP (KB895961)   Ver: 1
Hotfix for Windows XP (KB896344)   Ver: 2
Hotfix for Windows XP (KB899337)   Ver: 5
Hotfix for Windows XP (KB899510)   Ver: 1
Hotfix for Windows XP (KB902841)   Ver: 1
Hotfix for Windows XP (KB912024)   Ver: 2   Installed: 01/03/2006
Hotfix for Windows XP (KB914440)   Ver: 12   Installed: 02/11/2006
Hotfix for Windows XP (KB915865)   Ver: 10   Installed: 02/11/2006
Hotfix for Windows XP (KB926239)   Ver: 2   Installed: 05/01/2007
Hotfix for Windows XP (KB928388)   Ver: 1   Installed: 14/01/2007
Hotfix for Windows XP (KB935448)   Ver: 1   Installed: 11/04/2007
HP Boot Optimizer   Ver: 2.0.5.1
HP DigitalMedia Archive   Ver: 1.2   Installed: 23/12/2005
HP Document Viewer 5.3   Ver: 5.3
HP Extended Capabilities 5.3   Ver: 5.3
HP Game Console and games
HP Image Zone 5.3   Ver: 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3   Ver: 5.3
HP Multimedia Keyboard Software
HP Photosmart Essential   Ver: 1.12.0.46   Installed: 31/03/2007
HP PSC & OfficeJet 5.3.A
HP Software Update   Ver: 3.0.5.001   Installed: 04/03/2006
HP Software Update   Ver: 3.0.6.002   Installed: 23/12/2005
HP Solution Center & Imaging Support Tools 5.3   Ver: 5.3
HPProductAssistant   Ver: 53.0.13.000   Installed: 04/03/2006
HpSdpAppCoreApp   Ver: 3.00.0000   Installed: 23/12/2005
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices   Ver: 53.0.13.000   Installed: 04/03/2006
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers   Ver: 1.0.0.1093   Installed: 18/03/2006
Intel® Quick Resume Technology Drivers   Ver: 1.0.0.1093   Installed: 18/03/2006
IntelÂ® Viivâ„¢ Software   Ver: 1.0.2.2015   Installed: 28/02/2006
InterVideo WinDVD Player
InterVideo WinDVD Player   Ver: 5.0-B11.896
iTunes   Ver: 7.1.1.5   Installed: 24/05/2007
J2SE Runtime Environment 5.0 Update 5   Ver: 1.5.0.50   Installed: 23/12/2005
J2SE Runtime Environment 5.0 Update 6   Ver: 1.5.0.60   Installed: 08/03/2006
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.56.1   Ver: 1.4.56.1   Installed: 23/12/2005
Logitech Desktop Messenger   Ver: 2.52.18
Logitech QuickCam Software   Ver: 9.50.0000
LogitechÂ® Camera Driver
Macromedia Dreamweaver 8   Ver: 8.0.0.2734   Installed: 11/02/2006
Macromedia Extension Manager   Ver: 1.7.240   Installed: 11/02/2006
Macromedia Fireworks 8   Ver: 8.0.0.777   Installed: 11/02/2006
Macromedia Flash 8   Ver: 8.00.0000   Installed: 11/02/2006
Macromedia Flash 8 Video Encoder   Ver: 1.00.0000   Installed: 11/02/2006
Macromedia Flash Player 8   Ver: 8.0.22.0   Installed: 11/02/2006
Macromedia Flash Player 8 Plugin   Ver: 8.0.22.0   Installed: 11/02/2006
Macromedia FreeHand 10   Ver: 10
Magic ISO Maker v5.2 (build 0191)
Mah Jong Quest from HP Media Center (remove only)
MarketResearch   Ver: 53.0.13.000   Installed: 04/03/2006
Media Center Karaoke Plug-in   Ver: 1.0.1231   Installed: 18/03/2007
Microsoft .NET Framework 1.0 Hotfix (KB887998)      Installed: 08/02/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 16/03/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0   Ver: 2.0.50727   Installed: 12/10/2006
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0   Ver: 3.0.04506.30   Installed: 17/02/2007
Microsoft Away Mode   Ver: 6.0.0160.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP   Ver: 1   Installed: 05/01/2007
Microsoft Internationalized Domain Names Mitigation APIs      Installed: 02/11/2006
Microsoft National Language Support Downlevel APIs      Installed: 02/11/2006
Microsoft Office Live Meeting 2005 Replay Wrapper   Ver: 7.4.SR.2121.17   Installed: 09/02/2006
Microsoft Office Professional Edition 2003   Ver: 11.0.7969.0   Installed: 09/05/2007
Microsoft Outlook Personal Folders Backup   Ver: 1.10.0.0   Installed: 09/02/2006
Microsoft Plus! for Windows XP   Ver: 1.00.00.0536   Installed: 12/02/2006
Microsoft User-Mode Driver Framework Feature Pack 1.0      Installed: 05/01/2007
Microsoft Works   Ver: 08.04.0623   Installed: 23/12/2005
MSXML 4.0 SP2 (KB925672)   Ver: 4.20.9839.0   Installed: 14/10/2006
MSXML 4.0 SP2 (KB927978)   Ver: 4.20.9841.0   Installed: 16/11/2006
MSXML 4.0 SP2 Parser and SDK   Ver: 4.20.9818.0   Installed: 07/01/2007
MSXML 6.0 Parser (KB927977)   Ver: 6.00.3890.0   Installed: 17/02/2007
muvee autoProducer 4.5   Ver: 4.50.050
muvee autoProducer unPlugged 1.2   Ver: 1.20.100
Nero 7 Ultra Edition   Ver: 7.00.0177   Installed: 12/06/2006
Netscape Browser (remove only)
NewCopy_CDA   Ver: 50.0.214.000   Installed: 04/03/2006
NVIDIA Drivers
oggcodecs 0.71.0946   Ver: 0.71.0946
Otto
Panda ActiveScan
PanoStandAlone   Ver: 53.0.13.000   Installed: 04/03/2006
PC-Doctor 5 for Windows   Ver: 5.00.3187.03
PDF Password Remover v2.5
PhotoGallery   Ver: 53.0.13.000   Installed: 04/03/2006
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PowerISO
ProductContextNPI   Ver: 50.0.214.000   Installed: 04/03/2006
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3   Ver: 2.2.3
QuarkXPress 6.0   Ver: 6.00.0000   Installed: 20/05/2006
Quicken 2006   Ver: 15.1.1.29   Installed: 23/12/2005
Quicken 2006   Ver: Quicken 2006   Installed: 13/08/2006
QuickTime   Ver: 7.1.6.200   Installed: 24/05/2007
RandMap   Ver: 53.0.13.000   Installed: 04/03/2006
Readme   Ver: 50.0.214.000   Installed: 04/03/2006
RealPlayer
Realtek High Definition Audio Driver   Ver: 2.05   Installed: 08/04/2007
Remove Hidden Data Tool   Ver: 11.0.6361.0   Installed: 09/02/2006
Remove IntelliMover Demo
Rhapsody Player Engine   Ver: 1.0.636   Installed: 04/07/2006
Scan   Ver: 5.2.0.0   Installed: 04/03/2006
ScannerCopy   Ver: 5.2.0.0   Installed: 04/03/2006
SCRABBLE from HP Media Center (remove only)
SecondLife (remove only)
Security Update for CAPICOM (KB931906)   Ver: 2.1.0.2
Security Update for CAPICOM (KB931906)   Ver: 2.1.0.2   Installed: 09/05/2007
Security Update for Microsoft .NET Framework 2.0 (KB917283)   Ver: 1
Security Update for Microsoft .NET Framework 2.0 (KB922770)   Ver: 1
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010   Installed: 08/02/2006
Security Update for Step By Step Interactive Training (KB923723)   Ver: 20050502.101010   Installed: 16/02/2007
Security Update for Windows Internet Explorer 7 (KB928090)   Ver: 20070117.120000   Installed: 16/02/2007
Security Update for Windows Internet Explorer 7 (KB929969)   Ver: 20061222.120000   Installed: 10/01/2007
Security Update for Windows Internet Explorer 7 (KB931768)   Ver: 1   Installed: 09/05/2007
Security Update for Windows Media Player 10 (KB911565)      Installed: 15/02/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 16/06/2006
Security Update for Windows Media Player 6.4 (KB925398)      Installed: 13/12/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 23/12/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 23/12/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB896688)   Ver: 1   Installed: 23/12/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB899589)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 23/12/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 23/12/2005
Security Update for Windows XP (KB904706)   Ver: 2   Installed: 09/02/2006
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 08/02/2006
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 09/02/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 09/02/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 12/04/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 16/06/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 12/04/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 12/04/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 15/02/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 12/04/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 09/02/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 15/02/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 10/05/2006
Security Update for Windows XP (KB914388)   Ver: 1   Installed: 12/07/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 16/06/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 16/06/2006
Security Update for Windows XP (KB917159)   Ver: 1   Installed: 12/07/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 16/06/2006
Security Update for Windows XP (KB917422)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 16/06/2006
Security Update for Windows XP (KB918118)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 16/06/2006
Security Update for Windows XP (KB918899)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB919007)   Ver: 1   Installed: 13/09/2006
Security Update for Windows XP (KB920213)   Ver: 1   Installed: 16/11/2006
Security Update for Windows XP (KB920214)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB920670)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB920683)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB920685)   Ver: 1   Installed: 13/09/2006
Security Update for Windows XP (KB921398)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB921883)   Ver: 1   Installed: 09/08/2006
Security Update for Windows XP (KB922616)   Ver: 1   Installed: 10/08/2006
Security Update for Windows XP (KB922819)   Ver: 1   Installed: 12/10/2006
Security Update for Windows XP (KB923191)   Ver: 1   Installed: 12/10/2006
Security Update for Windows XP (KB923414)   Ver: 1   Installed: 12/10/2006
Security Update for Windows XP (KB923689)      Installed: 13/12/2006
Security Update for Windows XP (KB923694)   Ver: 1   Installed: 13/12/2006
Security Update for Windows XP (KB923980)   Ver: 1   Installed: 16/11/2006
Security Update for Windows XP (KB924191)   Ver: 1   Installed: 12/10/2006
Security Update for Windows XP (KB924270)   Ver: 1   Installed: 16/11/2006
Security Update for Windows XP (KB924496)   Ver: 1   Installed: 12/10/2006
Security Update for Windows XP (KB924667)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB925486)   Ver: 1   Installed: 27/09/2006
Security Update for Windows XP (KB925902)   Ver: 1   Installed: 04/04/2007
Security Update for Windows XP (KB926255)   Ver: 1   Installed: 13/12/2006
Security Update for Windows XP (KB926436)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB927779)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB927802)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB928255)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB928843)   Ver: 1   Installed: 16/02/2007
Security Update for Windows XP (KB930178)   Ver: 1   Installed: 11/04/2007
Security Update for Windows XP (KB931261)   Ver: 1   Installed: 11/04/2007
Security Update for Windows XP (KB931784)   Ver: 1   Installed: 11/04/2007
Security Update for Windows XP (KB932168)   Ver: 1   Installed: 11/04/2007
Send to OneNote from IE Powertoy   Ver: 1.0.2   Installed: 09/02/2006
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)   Ver: 1.0.0   Installed: 24/05/2007
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)   Ver: 1.0.0   Installed: 24/05/2007
Shaw Secure
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1   Ver: 53.0.13.000   Installed: 04/03/2006
Slingo Deluxe from HP Media Center (remove only)
Smart Menus (Windows Live Toolbar)   Ver: 03.01.0072   Installed: 07/11/2006
SolutionCenter   Ver: 50.0.152.000   Installed: 04/03/2006
Sonic Express Labeler   Ver: 2.1.0   Installed: 23/12/2005
Sonic MyDVD Plus   Ver: 6.2.0   Installed: 23/12/2005
Sonic RecordNow Audio   Ver: 2.0.4   Installed: 23/12/2005
Sonic RecordNow Copy   Ver: 2.0.4   Installed: 23/12/2005
Sonic RecordNow Data   Ver: 2.0.4   Installed: 23/12/2005
Sonic Update Manager   Ver: 3.0.0   Installed: 23/12/2005
Sonic_PrimoSDK   Ver: 53.0.13.000   Installed: 04/03/2006
Spybot - Search & Destroy 1.4   Ver: 1.4
SpywareBlaster v3.5.1   Ver: 3.5.1
Status   Ver: 53.0.13.000   Installed: 04/03/2006
Suite Specific   Ver: 2.0.0   Installed: 11/02/2007
Super Granny from HP Media Center (remove only)
Tabbed Browsing (Windows Live Toolbar)   Ver: 03.01.0072   Installed: 07/11/2006
TopStyle Lite (Version 3.0)   Ver: 3.1.0
Tradewinds from HP Media Center (remove only)
TrayApp   Ver: 53.0.13.000   Installed: 04/03/2006
Unload   Ver: 5.0.0   Installed: 04/03/2006
Update for Windows Media Player 10 (KB910393)      Installed: 09/02/2006
Update for Windows Media Player 10 (KB913800)      Installed: 29/04/2006
Update for Windows Media Player 10 (KB926251)      Installed: 13/12/2006
Update for Windows XP (KB894391)   Ver: 1
Update for Windows XP (KB898461)   Ver: 1   Installed: 08/02/2006
Update for Windows XP (KB900485)   Ver: 2   Installed: 29/04/2006
Update for Windows XP (KB900930)   Ver: 1
Update for Windows XP (KB904942)   Ver: 2   Installed: 01/03/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 09/02/2006
Update for Windows XP (KB912945)   Ver: 1   Installed: 01/03/2006
Update for Windows XP (KB914882)   Ver: 1   Installed: 07/01/2007
Update for Windows XP (KB916595)   Ver: 1   Installed: 12/07/2006
Update for Windows XP (KB920342)   Ver: 1   Installed: 17/02/2007
Update for Windows XP (KB920872)   Ver: 1   Installed: 13/09/2006
Update for Windows XP (KB922582)   Ver: 1   Installed: 13/09/2006
Update for Windows XP (KB925720)   Ver: 1   Installed: 18/02/2007
Update for Windows XP (KB925876)   Ver: 1   Installed: 17/02/2007
Update for Windows XP (KB927891)   Ver: 3   Installed: 23/05/2007
Update for Windows XP (KB929338)   Ver: 1   Installed: 14/03/2007
Update for Windows XP (KB930916)   Ver: 1   Installed: 09/05/2007
Update for Windows XP (KB931836)   Ver: 1   Installed: 16/02/2007
Update Manager   Ver: 4.60   Installed: 12/07/2006
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VBA   Ver: 6.2   Installed: 11/02/2007
WebFldrs XP   Ver: 9.50.7523   Installed: 30/08/2005
WebReg   Ver: 53.0.13.000   Installed: 04/03/2006
Windows Communication Foundation   Ver: 3.0.04506.30   Installed: 17/02/2007
Windows Defender   Ver: 1.1.1593.0   Installed: 04/01/2007
Windows Genuine Advantage Notifications (KB905474)   Ver: 1.7.0017.0   Installed: 30/06/2006
Windows Genuine Advantage Validation Tool (KB892130)   Ver: 1.5.0530.0   Installed: 01/03/2006
Windows Imaging Component   Ver: 3.0.0.0   Installed: 17/02/2007
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Internet Explorer 7   Ver: 20061027.150806   Installed: 02/11/2006
Windows Live Messenger   Ver: 8.1.0178.00   Installed: 27/04/2007
Windows Live Sign-in Assistant   Ver: 4.000.246.1   Installed: 10/06/2006
Windows Live Toolbar   Ver: 03.01.0072
Windows Live Toolbar   Ver: 03.01.0072   Installed: 07/11/2006
Windows Live Toolbar Extension (Windows Live Toolbar)   Ver: 03.01.0072   Installed: 07/11/2006
Windows Media Format 11 runtime
Windows Media Format 11 runtime      Installed: 05/01/2007
Windows Media Player 11
Windows Media Player 11      Installed: 05/01/2007
Windows Presentation Foundation   Ver: 3.0.6920.0   Installed: 17/02/2007
Windows Workflow Foundation   Ver: 3.0.4203.2   Installed: 17/02/2007
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB883667   Ver: 20040812.104354
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB885884   Ver: 20040924.025457
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB887797   Ver: 20041018.133824
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 08/02/2006
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB892050   Ver: 3   Installed: 23/12/2005
Windows XP Hotfix - KB893066   Ver: 1   Installed: 23/12/2005
Windows XP Media Center Edition 2005 KB925766      Installed: 05/01/2007
WinRAR archiver
WMPTagSupportExtender   Ver: 1.4   Installed: 06/04/2007
XML Paper Specification Shared Components Pack 1.0      Installed: 17/02/2007
Zuma Deluxe from HP Media Center (remove only)

guestolo · « **Reply #3 on:** May 26, 2007, 01:37:11 PM »

Appears that you may of just installed F-Secure bundled with Shaw Secure suite
Let's not run a scan yet

Can you do the following instead
If Shaw-Secure is bundled with a Spyware realtime protections, can you disable them for now

Also
Can you disable Windows Defender's protections also, It may interfere with any fixes we try
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Keep these protections disabled till we have you clean please

Afterwards
Download and save [color=\"red\"]Brute Force Uninstaller[/color][/b] to the desktop

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to, click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

[color=\"red\"]RIGHT-CLICK HERE[/color][/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (C:\BFU).

Go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Next to the scriptline to execute field click the folder icon
and select alcanshorty.bfu
Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the following
1. Post the log from Combofix
2. Post a fresh hijackthis log

tmirelle · « **Reply #4 on:** May 26, 2007, 08:42:24 PM »

Done

"Tanya Main" - 2007-05-26 18:30:48 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Tanya Main\Desktop\"

   /wow section - STAGE #1

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\outerinfo\outerinfo.ico"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\Program Files\outerinfo"
"C:\WINDOWS\system32\drivers\core.sys"

Purity Folders:

C:\DOCUME~1\TANYAM~1\APPLIC~1\ASEMBL~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\core

((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))

2007-05-26 18:23   <DIR>   d--------   C:\bintheredunthat
2007-05-26 18:18   <DIR>   d--------   C:\bfu
2007-05-26 12:07   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\F-Secure
2007-05-26 11:04   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\ispnews
2007-05-26 10:58   70,896   --a------   C:\WINDOWS\system32\drivers\fsdfw.sys
2007-05-26 10:58   33,584   --a------   C:\WINDOWS\system32\drivers\fsndis5.sys
2007-05-26 10:58   1,716,224   --a------   C:\WINDOWS\system32\winsflte.dll
2007-05-26 10:58   1,236,992   --a------   C:\WINDOWS\system32\cfgmig32.dll
2007-05-26 10:58   1,187,840   --a------   C:\WINDOWS\system32\winsflt.dll
2007-05-26 10:58   <DIR>   d--------   C:\WINDOWS\rnapxs
2007-05-26 10:58   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-05-26 10:52   118,842   -r-------   C:\WINDOWS\bwUnin-6.3.2.123-3875767L.exe
2007-05-26 10:52   <DIR>   d--------   C:\Program Files\Shaw Secure
2007-05-25 22:37   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\SecondLife
2007-05-25 22:36   <DIR>   d--------   C:\Program Files\SecondLife
2007-05-25 05:56   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\1clickPro
2007-05-25 05:50   87,608   --a------   C:\DOCUME~1\TANYAM~1\APPLIC~1\ezpinst.exe
2007-05-25 05:50   47,360   --a------   C:\DOCUME~1\TANYAM~1\APPLIC~1\pcouffin.sys
2007-05-25 05:50   <DIR>   d--------   C:\Program Files\LG Software Innovations
2007-05-25 05:50   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\Vso
2007-05-25 05:50   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy Pro
2007-05-24 23:29   <DIR>   d--------   C:\Program Files\Incomplete
2007-05-24 21:50   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-24 21:34   <DIR>   d--------   C:\Program Files\Xilisoft
2007-05-24 20:13   60,928   --a------   C:\WINDOWS\system32\mjlpijb.dll
2007-05-24 20:13   2   --a------   C:\WINDOWS\system32\wapiisv.exe
2007-05-24 19:58   <DIR>   d--------   C:\WINDOWS\system32\T6QaSQ
2007-05-24 19:58   <DIR>   d--------   C:\WINDOWS\system32\T6
2007-05-24 19:58   <DIR>   d--------   C:\WINDOWS\system32\T5
2007-05-24 19:58   <DIR>   d--------   C:\WINDOWS\system32\T4
2007-05-24 19:58   <DIR>   d--------   C:\WINDOWS\system32\T3
2007-05-24 19:58   <DIR>   d--------   C:\WINDOWS\system32\pog
2007-05-24 18:23   <DIR>   d--------   C:\Program Files\iTunes
2007-05-24 18:23   <DIR>   d--------   C:\Program Files\iPod
2007-05-24 18:14   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-05-23 23:11   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\dvdcss
2007-05-23 23:10   45,056   --a------   C:\WINDOWS\system32\WNASPI32.DLL
2007-05-23 23:10   16,512   --a------   C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-05-23 19:19   <DIR>   d--------   C:\maxdvd2mpeg
2007-05-09 03:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-28 11:20   <DIR>   d--------   C:\DOCUME~1\TANYAM~1\APPLIC~1\GTek
2007-04-28 11:20   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 12:50:12   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-25 06:27:06   --------   d-----w   C:\DOCUME~1\TANYAM~1\APPLIC~1\LimeWire
2007-05-25 03:32:15   --------   d-----w   C:\DOCUME~1\TANYAM~1\APPLIC~1\Download Manager
2007-05-25 03:03:10   --------   d-----w   C:\Program Files\QuickTime
2007-05-25 02:58:10   --------   d--h--w   C:\Program Files\WindowsUpdate
2007-05-25 02:39:58   956   ----a-w   C:\DOCUME~1\TANYAM~1\APPLIC~1\wklnhst.dat
2007-05-25 01:56:40   --------   d-----w   C:\Program Files\Quicken
2007-05-25 01:17:34   --------   d-----w   C:\DOCUME~1\TANYAM~1\APPLIC~1\Apple Computer
2007-05-23 23:57:28   --------   d-----w   C:\DOCUME~1\TANYAM~1\APPLIC~1\Ahead
2007-04-28 21:35:07   664   ----a-w   C:\WINDOWS\system32\d3d9caps.dat
2007-04-28 18:16:25   1,693   ----a-w   C:\WINDOWS\checkip.dat
2007-04-28 02:20:50   --------   d-----w   C:\Program Files\MSN Messenger
2007-04-19 17:38:51   --------   d-----w   C:\Program Files\7-Zip
2007-04-18 16:12:23   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-14 18:25:53   --------   d-----w   C:\DOCUME~1\TANYAM~1\APPLIC~1\Image Zone Express
2007-04-08 14:53:46   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-04-08 14:53:46   --------   d-----w   C:\Program Files\Realtek
2007-04-06 15:51:56   --------   d-----w   C:\Program Files\piPOol
2007-04-06 15:51:04   --------   d-----w   C:\Program Files\illiminable
2007-04-01 00:45:07   --------   d-----w   C:\DOCUME~1\TANYAM~1\APPLIC~1\Printer Info Cache
2007-04-01 00:37:12   --------   d-----w   C:\Program Files\Common Files\SWF Studio
2007-04-01 00:36:53   --------   d-----w   C:\Program Files\HP
2007-03-23 13:07:56   1,683,280   ------w   C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54   583,504   ------w   C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02   124,928   ------w   C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01   292,864   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28   577,536   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48   1,843,584   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-03-07 06:37:07   3,350   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-15 03:32:29   56   --sh--r   C:\WINDOWS\system32\D1485FA66F.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 02:13]
{B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5}=C:\WINDOWS\system32\mjlpijb.dll [2007-05-21 06:59]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
"NWEReboot"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-17 19:24]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"@"="" []
"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2005-10-25 18:51]
"F-Secure TNB"="C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" [2005-07-18 07:51]
"F-Secure Startup Wizard"="C:\Program Files\Shaw Secure\FSGUI\FSSW.exe" [2005-10-18 01:29]
"News Service"="C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" [2005-05-31 05:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-23 16:28]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]
"Store 'n' Go"="C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe" [2006-02-17 19:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00]
"Rqwqqe"="C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe" []
"Scbu"="C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 10.5.0.1091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abfc1d5a-9a0c-11da-a553-0015f2a396f9}]
AutoRun\command- K:\ReportNet.exe


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060504-215323-767
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

backup-20060504-215323-673
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

backup-20060504-215323-589
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

backup-20060504-215323-856
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

backup-20060504-215323-581
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

backup-20060504-215323-498
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

backup-20060504-215323-278
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
Contents of the 'Scheduled Tasks' folder
2007-05-25 01:14:43 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-27 00:47:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-04-08 23:51:04 C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
2007-05-26 18:04:34 C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 18:36:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-26 18:38:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 18:38

   --- E O F ---

hijack:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:46 PM, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: IntelÂ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

guestolo · « **Reply #5 on:** May 26, 2007, 09:29:31 PM »

Can you do the following
A couple files I don't recognize
I'm sure one is bad
But let's make sure

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Can you go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive
C:\WINDOWS\system32\mjlpijb.dll <-this file

Right click on the file, and choose Select>>or double click on it
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Do the same thing with the next ones too
C:\WINDOWS\system32\D1485FA66F.sys <-this file

This file appears to be on a USB flashdrive possibly
Is that your K: drive?
Can you connect and scan it too please
K:\ReportNet.exe <-this file

Post back the results of all three if found, then we'll try to finish the cleaning steps
Keep me informed how things are running please

NOTE: We still have some entries to remove in Hijackthis, but can I see those scans first please

tmirelle · « **Reply #6 on:** May 27, 2007, 01:21:37 PM »

mjlpijb.dll:
Scan taken on 27 May 2007 18:11:40 (GMT)
A-Squared Found nothing
AntiVir Found ADSPY/PurityScan.AK.174
ArcaVir Found Adware.Purityscan.Ak
Avast Found Win32:Agent-RY
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak (4, 1, 400)
Fortinet Found Adware/Purityscan
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32 Found probably a variant of Win32/Adware.PurityScan application (probable variant)
Norman Virus Control Found W32/PurityScan.dam
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.PurityScan.ak

D1485FA66F.sys:
Scan taken on 27 May 2007 18:14:41 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

My data stick usually connects on M:

My Computer doesn't list a drive K, & my data stick is not attached right now.

guestolo · « **Reply #7 on:** May 27, 2007, 03:15:17 PM »

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java(tm) SE Runtime Environment 6 Update 1.
Select the Offline Download
Click on the [color=\"#4169E1\"]Windows XP/Vista/2000/2003 Offline[/color] * filesize: 13.16 MB and save it too desktop
Close any programs you may have running - especially any web browsers.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

This includes:
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6

Don't install the new version yet

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B5001D46-D9AE-DA7B-DD7F-88ADD3BF74E5} - C:\WINDOWS\system32\mjlpijb.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Rqwqqe] "C:\Documents and Settings\Tanya Main\Application Data\a?sembly\winlogon.exe"
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\TANYAM~1\MYDOCU~1\DOBE~1\winlogon.exe" -vt ndrv

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Back in Windows
Can you ensure this file is gone, if not delete it
C:\WINDOWS\system32\mjlpijb.dll <-file

Install the latest version of Java from the installer on desktop

Post a fresh hijackthis log afterwards and let me know how things are running

===================================================
Also, Could you also,
go here:
http://www.billsway.com/vbspage/
Scroll down the page
and download the "Registry Search Tool"
Unzip RegSrch.zip to the desktop
Double click on RegSrch.vbs

**If you get a warning from your Anti Virus please ignore it and allow this to run.**
When it starts, you will be prompted to enter a search phrase.
Enter this:

ReportNet.exe

Click OK, it will disappear and won't look as if it's doing anything. When it's done searching, a prompt will come up saying how many instances it found. Click OK, and a notepad will open up. Please copy the contents of that notepad and paste it here.

tmirelle · « **Reply #8 on:** May 27, 2007, 11:21:57 PM »

Got to this step:

Back in Windows
Can you ensure this file is gone, if not delete it
C:\WINDOWS\system32\mjlpijb.dll <-file

Get an error saying access denied.. file protected or in use

guestolo · « **Reply #9 on:** May 27, 2007, 11:27:12 PM »

Download [color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================

C:\WINDOWS\system32\mjlpijb.dll

======================================================
Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt.

[color=\"red\"]Note[/color]: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt will create a log here

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
Can you post that log please
as well as the results from Regsrch.vbs
Keep me informed how things are running

tmirelle · « **Reply #10 on:** May 28, 2007, 09:49:17 AM »

move it:

C:\WINDOWS\system32\mjlpijb.dll unregistered successfully.
C:\WINDOWS\system32\mjlpijb.dll moved successfully.

Created on 05/28/2007 07:41:54

hijack:

Logfile of HijackThis v1.99.1
Scan saved at 7:44:48 AM, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: IntelÂ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Reg search:

REGEDIT4
; RegSrch.vbs Â© Bill James

; Registry search results for string "ReportNet.exe" 28/05/2007 7:46:22 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_USERS\S-1-5-21-3533601506-3101236516-4215187451-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abfc1d5a-9a0c-11da-a553-0015f2a396f9}\Shell\AutoRun\command]
@="K:\\ReportNet.exe"

[HKEY_USERS\S-1-5-21-3533601506-3101236516-4215187451-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abfc1d5a-9a0c-11da-a553-0015f2a396f9}\_Autorun\DefaultIcon]
@="K:\\ReportNet.exe"

Thx

guestolo · « **Reply #11 on:** May 30, 2007, 10:57:10 PM »

Sorry for the delay
That looks ok
Can I have you do the following, let's add a few more folders to removal

double-click OTMoveIt.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================

C:\WINDOWS\system32\T6QaSQ
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\pog

======================================================
Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt.

[color=\"red\"]Note[/color]: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt will create a log here

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
Can you post that log please

Also, one last hijackthis log

Tanya, keep me informed how things are running please

tmirelle · « **Reply #12 on:** May 30, 2007, 11:05:31 PM »

Move it

File/Folder :\WINDOWS\system32\T6QaSQ not found.
C:\WINDOWS\system32\T6 moved successfully.
C:\WINDOWS\system32\T5 moved successfully.
C:\WINDOWS\system32\T4 moved successfully.
C:\WINDOWS\system32\T3 moved successfully.
C:\WINDOWS\system32\pog moved successfully.

Created on 05/30/2007 21:02:20

Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 9:04:08 PM, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Tanya Main\Desktop\Techguide\OTMoveIt.exe
C:\Documents and Settings\Tanya Main\My Documents\My Downloads\utilities\tanya.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Store 'n' Go] C:\Documents and Settings\Tanya Main\Application Data\Verbatim Software\V-Key.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?8cfca51a4ed045639d7b6bc063b7d9c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?8cfca51a4ed045639d7b6bc063b7d9c1
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145485701574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: IntelÂ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

Thnx, I'll owe you one at the coyote sometime.........

Seems to be running OK, haven't noticed that popup (my original complaint)

How can I stop this crap from getting on my PC in the first place?

T

guestolo · « **Reply #13 on:** May 30, 2007, 11:24:01 PM »

Good work,

Quote

How can I stop this crap from getting on my PC in the first place?

This is where I get to preach to you

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />
keep SpywareBlaster updated
Also, utilize Immunize function in Spybot
After every update, click the Immunize button>>OK>>Immunize at the top green cross

Careful with what you download with any filesharing program you have
After you download a file(s)
Before you open them Right click on them and Scan them with your Antivirus software
And ensure your AV is always up to date

I think when you first posted your log, you didn't have no AV installed
That's not a good idea having no AV these days

I had Shaw secure installed at one time, but haven't reinstalled since I formatted
Do you like it?
Any slowdowns in the system from it?
I just noticed a bit of a delay on startup when I had it, but after it fully loaded, everything was fine

guestolo · « **Reply #14 on:** May 30, 2007, 11:31:47 PM »

Oh, and I forgot, if you haven't done so already
Reset Windows to Hide hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click OK.

TheTechGuide Forum

News:

Author Topic: url.cpvfeed.com (Read 2128 times)

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

tmirelle

url.cpvfeed.com

guestolo

url.cpvfeed.com

guestolo

url.cpvfeed.com