Author Topic: no sound in XP (Read 679 times)

Juggernaut · « **on:** June 01, 2008, 12:13:14 PM »

hey guestolo its been awhile but im on my friend's computer and trying to help her clean it out, also they don't seem to have any sound on Windows XP. i have looked at both the codecs and the drivers and they seem fine but still no sound. Wondering what you can do to help, heres the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:00 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1162745142\ee\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\MCROSO~1\mmc.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\??crosoft\?ttrib.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Srv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\system32\nse2686.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Skyblueads browser optmizer - {7DB476DD-EA1E-4c91-880F-DCD1888740A1} - C:\WINDOWS\system32\cpmrotate.dll
O2 - BHO: (no name) - {8A64CC6F-71DE-5806-FB48-0EA296E948E6} - C:\WINDOWS\system32\tiair.dll
O2 - BHO: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {EE8A45DE-A036-82B1-42E6-D48F745528B0} - C:\WINDOWS\system32\fffh.dll (file missing)
O2 - BHO: (no name) - {F1D92F89-BCD3-496E-8C60-1C10E703578B} - C:\WINDOWS\system32\card.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiVerminsPro] "C:\Program Files\AntiVerminsPro\AntiVerminsPro.exe" /h
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9
B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmrotate.dll" DllVerify
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
O4 - HKLM\..\Run: [SpamBlockerUtilityOE] C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
O4 - HKLM\..\Run: [SBUSA] "C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Sbig] "C:\Documents and Settings\HP_Administrator\My Documents\M?crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [Tljj] C:\WINDOWS\system32\F?nts\?canregw.exe
O4 - HKCU\..\Run: [Jqxc] "C:\Program Files\Common Files\s?curity\w?nword.exe"
O4 - HKCU\..\Run: [Zmlxb] "C:\Program Files\??crosoft\?hkdsk.exe"
O4 - HKCU\..\Run: [Cjtskvhp] "C:\Documents and Settings\HP_Administrator\Application Data\s?stem\m?hta.exe"
O4 - HKCU\..\Run: [Prkorcs] "C:\Documents and Settings\HP_Administrator\My Documents\?ystem\j?vaw.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Otvddlde] C:\WINDOWS\??mantec\s?chost.exe
O4 - HKCU\..\Run: [Nfk] "C:\Program Files\Common Files\?dobe\?hkntfs.exe"
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\MCROSO~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Dcoxu] "C:\Program Files\?asks\??rss.exe"
O4 - HKCU\..\Run: [Zhmoficy] C:\WINDOWS\system32\?dobe\r?ndll.exe
O4 - HKCU\..\Run: [Lesfdiwg] C:\WINDOWS\??mantec\?ti2evxx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Lqsyclud] "C:\Program Files\Common Files\s?mbols\??plorer.exe"
O4 - HKCU\..\Run: [Hglt] "C:\Documents and Settings\HP_Administrator\Application Data\S?mantec\?ttrib.exe"
O4 - HKCU\..\Run: [Wpdnoz] "C:\Program Files\?icrosoft\??xplore.exe"
O4 - HKCU\..\Run: [Dyzssa] "C:\Documents and Settings\HP_Administrator\My Documents\??sembly\?ervices.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Ncicran] "C:\Program Files\Common Files\??crosoft\?ttrib.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16427 bytes

guestolo · « **Reply #1 on:** June 01, 2008, 12:19:50 PM »

I see some bad entries, but for now
Can I see the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Juggernaut · « **Reply #2 on:** June 01, 2008, 02:38:30 PM »

heres the Main text file

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-06-01 15:16:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
55: 2008-06-01 19:16:47 UTC - RP572 - Deckard's System Scanner Restore Point
54: 2008-06-01 17:07:21 UTC - RP571 - Installed Realtek High Definition Audio Driver
53: 2008-06-01 15:25:55 UTC - RP570 - System Checkpoint
52: 2008-05-31 15:00:06 UTC - RP569 - System Checkpoint
51: 2008-05-28 07:00:34 UTC - RP568 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-03-04 01:02:21 UTC - RP518 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Percentage of Memory in Use: 84% (more than 75%).[/color]

-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:23 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1162745142\ee\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\MCROSO~1\mmc.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\??crosoft\?ttrib.exe
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Srv.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\system32\nse2686.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Skyblueads browser optmizer - {7DB476DD-EA1E-4c91-880F-DCD1888740A1} - C:\WINDOWS\system32\cpmrotate.dll
O2 - BHO: (no name) - {8A64CC6F-71DE-5806-FB48-0EA296E948E6} - C:\WINDOWS\system32\tiair.dll
O2 - BHO: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {EE8A45DE-A036-82B1-42E6-D48F745528B0} - C:\WINDOWS\system32\fffh.dll (file missing)
O2 - BHO: (no name) - {F1D92F89-BCD3-496E-8C60-1C10E703578B} - C:\WINDOWS\system32\card.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiVerminsPro] "C:\Program Files\AntiVerminsPro\AntiVerminsPro.exe" /h
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9
B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmrotate.dll" DllVerify
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
O4 - HKLM\..\Run: [SpamBlockerUtilityOE] C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
O4 - HKLM\..\Run: [SBUSA] "C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Sbig] "C:\Documents and Settings\HP_Administrator\My Documents\M?crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [Tljj] C:\WINDOWS\system32\F?nts\?canregw.exe
O4 - HKCU\..\Run: [Jqxc] "C:\Program Files\Common Files\s?curity\w?nword.exe"
O4 - HKCU\..\Run: [Zmlxb] "C:\Program Files\??crosoft\?hkdsk.exe"
O4 - HKCU\..\Run: [Cjtskvhp] "C:\Documents and Settings\HP_Administrator\Application Data\s?stem\m?hta.exe"
O4 - HKCU\..\Run: [Prkorcs] "C:\Documents and Settings\HP_Administrator\My Documents\?ystem\j?vaw.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Otvddlde] C:\WINDOWS\??mantec\s?chost.exe
O4 - HKCU\..\Run: [Nfk] "C:\Program Files\Common Files\?dobe\?hkntfs.exe"
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\MCROSO~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Dcoxu] "C:\Program Files\?asks\??rss.exe"
O4 - HKCU\..\Run: [Zhmoficy] C:\WINDOWS\system32\?dobe\r?ndll.exe
O4 - HKCU\..\Run: [Lesfdiwg] C:\WINDOWS\??mantec\?ti2evxx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Lqsyclud] "C:\Program Files\Common Files\s?mbols\??plorer.exe"
O4 - HKCU\..\Run: [Hglt] "C:\Documents and Settings\HP_Administrator\Application Data\S?mantec\?ttrib.exe"
O4 - HKCU\..\Run: [Wpdnoz] "C:\Program Files\?icrosoft\??xplore.exe"
O4 - HKCU\..\Run: [Dyzssa] "C:\Documents and Settings\HP_Administrator\My Documents\??sembly\?ervices.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Ncicran] "C:\Program Files\Common Files\??crosoft\?ttrib.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16411 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 bxdbhgeo - c:\windows\system32\drivers\qzphmqbc.dat
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerÂ® (32-bit)>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-02 12:52:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 13:08:32 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-01 13:07:22 0 d-------- C:\Program Files\Realtek
2008-06-01 13:07:06 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-01 13:07:06 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-01 12:46:51 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-01 11:25:40 0 d-------- C:\Program Files\Common Files\??crosoft
2008-06-01 11:25:36 60928 --a------ C:\WINDOWS\system32\tiair.dll
2008-05-27 16:34:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-05-27 16:32:46 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-27 16:31:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-05-27 16:18:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility_Icons
2008-05-27 16:07:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SBUSA
2008-05-27 16:07:37 0 d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-05-27 16:07:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SpamBlocker
2008-05-27 16:07:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WeatherDPA
2008-05-27 16:07:25 0 d-------- C:\Program Files\SpamBlockerUtility
2008-05-27 16:07:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility
2008-05-27 15:27:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-27 15:27:43 0 d-------- C:\Program Files\Logitech
2008-05-27 15:27:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-27 15:25:27 0 d-------- C:\Program Files\Common Files\logishrd
2008-05-27 14:26:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 14:25:23 0 d-------- C:\Program Files\Common Files\Skype
2008-05-01 20:12:30 0 d-------- C:\Program Files\Common Files\??stem32

-- Find3M Report ---------------------------------------------------------------

2008-06-01 15:13:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-06-01 13:17:46 0 d-------- C:\Program Files\Trend Micro
2008-06-01 13:07:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 11:25:40 0 d-------- C:\Program Files\Common Files
2008-06-01 11:25:40 0 d-------- C:\Program Files\Common Files\??crosoft
2008-06-01 08:05:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-05-27 16:32:37 0 d-------- C:\Program Files\Common Files\Real
2008-05-27 16:03:30 4 --a------ C:\WINDOWS\system32\2DFEEA
2008-05-23 14:12:53 0 d-------- C:\Program Files\AIM6
2008-05-22 00:56:54 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WeatherBug
2008-05-05 19:31:24 0 d-------- C:\Program Files\Common Files\??mbols
2008-05-02 12:06:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\??crosoft
2008-05-01 20:12:30 0 d-------- C:\Program Files\Common Files\??stem32
2008-04-30 17:53:33 0 d-------- C:\Program Files\Common Files\??curity
2008-04-26 14:59:43 0 d-------- C:\Program Files\XoftSpy
2008-04-26 12:56:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-03-05 18:32:03 98048 --a------ C:\WINDOWS\system32\card.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245463AB-6F21-456A-9EB4-FAB802DB8062}]
09/05/2007 10:27 AM   66048   --a------   C:\WINDOWS\system32\nse2686.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266A3562-AB67-480E-9F09-D54604FD817B}]
         C:\WINDOWS\system32\ninjaext.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}]
         C:\WINDOWS\system32\UpMedia\ContentTool.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB476DD-EA1E-4c91-880F-DCD1888740A1}]
02/13/2008 10:14 AM   59904   --a------   C:\WINDOWS\system32\cpmrotate.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A64CC6F-71DE-5806-FB48-0EA296E948E6}]
05/29/2008 02:34 PM   60928   --a------   C:\WINDOWS\system32\tiair.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
05/23/2008 04:57 AM   554248   --a------   C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE8A45DE-A036-82B1-42E6-D48F745528B0}]
         C:\WINDOWS\system32\fffh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1D92F89-BCD3-496E-8C60-1C10E703578B}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}"= C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll [05/23/2008 04:57 AM 554248]

[-HKEY_CLASSES_ROOT\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}]
[HKEY_CLASSES_ROOT\HostIE.Bho]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/30/2005 12:01 AM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="RUNDLL32.exe" [08/10/2004 12:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [01/24/2006 10:15 PM C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 02:35 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 12:05 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/16/2006 01:34 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 06:51 PM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 06:51 PM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 06:50 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/27/2008 04:32 PM]
"AntiVerminsPro"="C:\Program Files\AntiVerminsPro\AntiVerminsPro.exe" []
"runner1"="C:\WINDOWS\retadpu72.exe" []
"DISCover"="C:\Program Files\DISC\DISCover.exe" [10/30/2007 10:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"adstart"="C:\WINDOWS\system32\cpmrotate.dll" [02/13/2008 10:14 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/13/2008 01:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [02/13/2008 01:06 PM]
"Spam Blocker for Outlook Express"="C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe" [05/23/2008 04:35 AM]
"SpamBlockerUtilityOE"="C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe" [05/23/2008 04:57 AM]
"SBUSA"="C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe" [05/23/2008 05:11 AM]
"RTHDCPL"="RTHDCPL.EXE" [05/16/2008 02:39 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 03:02 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 04:21 PM]
"Sbig"="C:\Documents and Settings\HP_Administrator\My Documents\M?crosoft.NET\n?pdb.exe" []
"Tljj"="C:\WINDOWS\system32\F?nts\?canregw.exe" [05/21/2007 10:00 AM]
"Jqxc"="C:\Program Files\Common Files\s?curity\w?nword.exe" []
"Zmlxb"="C:\Program Files\??crosoft\?hkdsk.exe" []
"Cjtskvhp"="C:\Documents and Settings\HP_Administrator\Application Data\s?stem\m?hta.exe" []
"Prkorcs"="C:\Documents and Settings\HP_Administrator\My Documents\?ystem\j?vaw.exe" []
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [06/20/2006 10:36 PM]
"Otvddlde"="C:\WINDOWS\??mantec\s?chost.exe" []
"Nfk"="C:\Program Files\Common Files\?dobe\?hkntfs.exe" []
"Scbu"="C:\WINDOWS\system32\MCROSO~1\mmc.exe" [09/26/2007 05:37 PM]
"Dcoxu"="C:\Program Files\?asks\??rss.exe" []
"Zhmoficy"="C:\WINDOWS\system32\?dobe\r?ndll.exe" []
"Lesfdiwg"="C:\WINDOWS\??mantec\?ti2evxx.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [04/23/2008 05:45 PM]
"Lqsyclud"="C:\Program Files\Common Files\s?mbols\??plorer.exe" []
"Hglt"="C:\Documents and Settings\HP_Administrator\Application Data\S?mantec\?ttrib.exe" []
"Wpdnoz"="C:\Program Files\?icrosoft\??xplore.exe" []
"Dyzssa"="C:\Documents and Settings\HP_Administrator\My Documents\??sembly\?ervices.exe" []
"WeatherDPA"="C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe" [05/23/2008 05:18 AM]
"Ncicran"="C:\Program Files\Common Files\??crosoft\?ttrib.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 9:40:44 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [5/27/2008 3:30:25 PM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [6/16/2006 1:04:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8e64-9a74-11db-b989-001731dfc6d0}]
AutoRun\command- K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66ac30-ec99-11dc-ba34-001731dfc6d0}]
AutoRun\command- F:\copetttt.com
explore\Command- F:\copetttt.com
open\Command- F:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c824e6-35f3-11db-b93c-001731dfc6d0}]
AutoRun\command- J:\mri.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda89918-e983-11dc-ba32-001731dfc6d0}]
AutoRun\command- F:\copetttt.com
explore\Command- F:\copetttt.com
open\Command- F:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc122a8b-e43c-11db-b9c6-001731dfc6d0}]
AutoRun\command- K:\LaunchU3.exe

-- End of Deckard's System Scanner: finished at 2008-06-01 15:21:13 ------------

and heres the Extra text file

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3800+
Percentage of Memory in Use: 86%
Physical Memory (total/avail): 958.48 MiB / 132.98 MiB
Pagefile Memory (total/avail): 2312.21 MiB / 1610.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.18 MiB

C: is Fixed (NTFS) - 177.5 GiB total, 100.54 GiB free.
D: is Fixed (FAT32) - 8.79 GiB total, 0.37 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT32)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2004C - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 177.5 GiB - C:
\PARTITION1 - Unknown - 8.8 GiB - D:

\\.\PHYSICALDRIVE6 - Apple iPod USB Device - 7.54 GiB - 1 partition
\PARTITION0 - Unknown - 7.45 GiB - F:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - HP Photosmart 8000 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1157141295\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1157141295\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1157141295\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1157141295\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
jules
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AntiVerminsPro 2.1 --> C:\Program Files\AntiVerminsPro\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}\setup.exe" -l0x9
Clickclickclick Browser Optimizer --> C:\WINDOWS\system32\vr-remove.exe
Combined Community Codec Pack 2008-01-24 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /remove
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Games 3.43.97 --> "C:\Program Files\DISC\uninstall.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Internet Explorer Security Plugin 2006 --> "C:\Program Files\Video ActiveX Object\iesuninst.exe"
Internet Security Add-On --> "C:\Program Files\Video ActiveX Object\isauninst.exe"
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{6444D9D9-CD6C-4464-B970-55C606C944DC}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Search Enhancer++ --> C:\WINDOWS\system32\UpMedia\uninstallSE.exe
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skyblueads.com Browser Optimizer --> C:\WINDOWS\system32\cpmrot-uninst.exe
Skyblueads.com Browser Optimizer --> C:\WINDOWS\system32\cpmrot-uninst.exe
Skypeâ„¢ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spam Blocker Utility --> "C:\Program Files\SpamBlockerUtility&#

guestolo · « **Reply #3 on:** June 01, 2008, 02:55:23 PM »

Can you do the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\system32\nse2686.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll (file missing)

O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll (file missing)

O2 - BHO: Skyblueads browser optmizer - {7DB476DD-EA1E-4c91-880F-DCD1888740A1} - C:\WINDOWS\system32\cpmrotate.dll
O2 - BHO: (no name) - {8A64CC6F-71DE-5806-FB48-0EA296E948E6} - C:\WINDOWS\system32\tiair.dll
O2 - BHO: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll

O2 - BHO: (no name) - {EE8A45DE-A036-82B1-42E6-D48F745528B0} - C:\WINDOWS\system32\fffh.dll (file missing)
O2 - BHO: (no name) - {F1D92F89-BCD3-496E-8C60-1C10E703578B} - C:\WINDOWS\system32\card.dll

O3 - Toolbar: SpamBlockerUtility - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiVerminsPro] "C:\Program Files\AntiVerminsPro\AntiVerminsPro.exe" /h
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9
B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmrotate.dll" DllVerify

O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
O4 - HKLM\..\Run: [SpamBlockerUtilityOE] C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
O4 - HKLM\..\Run: [SBUSA] "C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe"

O4 - HKCU\..\Run: [Sbig] "C:\Documents and Settings\HP_Administrator\My Documents\M?crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [Tljj] C:\WINDOWS\system32\F?nts\?canregw.exe
O4 - HKCU\..\Run: [Jqxc] "C:\Program Files\Common Files\s?curity\w?nword.exe"
O4 - HKCU\..\Run: [Zmlxb] "C:\Program Files\??crosoft\?hkdsk.exe"
O4 - HKCU\..\Run: [Cjtskvhp] "C:\Documents and Settings\HP_Administrator\Application Data\s?stem\m?hta.exe"
O4 - HKCU\..\Run: [Prkorcs] "C:\Documents and Settings\HP_Administrator\My Documents\?ystem\j?vaw.exe"

O4 - HKCU\..\Run: [Otvddlde] C:\WINDOWS\??mantec\s?chost.exe
O4 - HKCU\..\Run: [Nfk] "C:\Program Files\Common Files\?dobe\?hkntfs.exe"
O4 - HKCU\..\Run: [Scbu] "C:\WINDOWS\system32\MCROSO~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Dcoxu] "C:\Program Files\?asks\??rss.exe"
O4 - HKCU\..\Run: [Zhmoficy] C:\WINDOWS\system32\?dobe\r?ndll.exe
O4 - HKCU\..\Run: [Lesfdiwg] C:\WINDOWS\??mantec\?ti2evxx.exe

O4 - HKCU\..\Run: [Lqsyclud] "C:\Program Files\Common Files\s?mbols\??plorer.exe"
O4 - HKCU\..\Run: [Hglt] "C:\Documents and Settings\HP_Administrator\Application Data\S?mantec\?ttrib.exe"
O4 - HKCU\..\Run: [Wpdnoz] "C:\Program Files\?icrosoft\??xplore.exe"
O4 - HKCU\..\Run: [Dyzssa] "C:\Documents and Settings\HP_Administrator\My Documents\??sembly\?ervices.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Ncicran] "C:\Program Files\Common Files\??crosoft\?ttrib.exe"

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Access your Add and Remove programs and try and remove any of the following
Don't worry if something won't uninstall, just carry on till you have tried removing the last item

This includes:
Clickclickclick Browser Optimizer
Internet Explorer Security Plugin 2006
Internet Security Add-On
Search Enhancer++
Skyblueads.com Browser Optimizer
Spam Blocker Utility
Trafficninja.biz Extension
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Important: After you have removed any of the above
Reboot the computer

EDIT>>I missed the following in Add and Remove programs
Can you try and uninstall them also then reboot the computer

AntiVerminsPro 2.1
Outerinfo

Back in Windows
Download this file - Combofix.exe and save it ONLY to your desktop

Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable your AntiVirus software and any Spyware realtime protections you may have running so it won't interfere with this fix

Double click on ComboFix.exe to run the program

Allow to run when prompted, normally this fix takes anywhere from 10 to 30 minutes

If the computer was rebooted by the fix
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

After ComboFix runs, and after it log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt

Post back the log from ComboFix along with a fresh hijackthis log

Juggernaut · « **Reply #4 on:** June 12, 2008, 11:40:55 AM »

heres the combofix log

ComboFix 08-06-10.5 - HP_Administrator 2008-06-12 12:37:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\HP_Administrator\Application Data\ASEMBL~1
C:\Documents and Settings\HP_Administrator\Application Data\CROSOF~1
C:\Documents and Settings\HP_Administrator\Application Data\CROSOF~1.NET
C:\Documents and Settings\HP_Administrator\Application Data\ICROSO~1
C:\Documents and Settings\HP_Administrator\Application Data\ICROSO~1.NET
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\AQGVUPN5\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\HP_Administrator\Application Data\RACLE~1
C:\Documents and Settings\HP_Administrator\Application Data\SMANTE~1
C:\Documents and Settings\HP_Administrator\Application Data\SMBOLS~1
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlocker
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte10_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte11_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte12_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte13_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte14_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030104_emte9_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\030203lib_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102angel_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102bigluf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102bigsmile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102birthday_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102cheers_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102flo_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102good_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102jump_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102king_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102lough_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102luf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102smile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102smiled_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102sor_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102thanx_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\033102uhu_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\040103ahh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\040103wow_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\040104_emi2_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\042102_1134_112_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\050103big_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\050103gig_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\050103hm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\050103nomail_emoti_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\050103norm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema15_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema16_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema17_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema18_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema24_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema25_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema26_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema30_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema33_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\060104_ema34_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\062802hippi_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\062802jumpie_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\080402argh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\080402oops_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\080402ouch_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\082502no_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\082502yes_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_boring1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_confused_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_heehee_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_ign_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_lol_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_peace_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_smashing_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\block_sm.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\block_sm2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\block_smli.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\block_smli2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\blocked.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\blocked2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_add-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_back-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\business_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\css_cattree.css
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\css_flashpreview.css
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\css2_main.css
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\css2_pagingmodule.css
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\css2_topbuttons.css
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\delete.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\edit_clear_sound.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\edit_fs.htm
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\edit_select.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-511724-549108.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-funny.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-help.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-images.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-info.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-more.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-my.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-new2.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-options.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-photo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-SpamBlocked.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-tell.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-temp.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-text.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def-email-voice.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-def.cdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\email-t7-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\estatationery.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\flashpatch.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\flashpreview.htm
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\fs3.htm
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\hotbar_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_checked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_close_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_edit_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_edit_send.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_flash_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_recently_used.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_remove_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_sand-clock2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_tell_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_tree_null.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_unchecked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\img_barlayout.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\img_barlayout2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\img_barlayout4.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\img_corner_left.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\img_local_logo.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_basetemplate.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_hbgroups.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_hbobject3.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_hbobjectset3.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_hotbarwrapper.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_pagingmoduleobj3.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_texts3.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\js2_xmltree3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\linkpathlegal.txt
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\n.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\nav_b_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\nav_bb_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\nav_f_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\nav_ff_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\progress.res
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\s_icons_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\searchbtn.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\submit.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\t6_bg.res
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_bg.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_bga.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_bgia.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_l.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_la.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_lia.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_r.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_ra.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tab_ria.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tree_dots.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tree_minus.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\tree_plus.gif
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\treedata_animations.xml
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\treedata_backgrounds.xml
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\treedata_ecards.xml
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\treedata_emoticons.xml
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\treedata_notifiers.xml
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\1\treedata_text.xml
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\business_promo.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\buttondir.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\code.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\email-def.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\email-t7-bg.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\images.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\layout.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\localcontent.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\progress.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\t6_bg.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\HostWD\static\DownLoad\treexml.xip
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1018199.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1055540.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1058131.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1058634.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1383704.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1390424.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1391576.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1404082.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2884321.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\336683.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3428586.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3756141.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3852345.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\387816.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3893642.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\417199.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\483647.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\704166.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\704193.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\952211.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\975207.sdf
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1000067669
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\10756
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1120
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\11891
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\121235
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1258
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13546
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\15473
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1587
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16072
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16087
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16173
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17026
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17040
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18391
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18906
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\198406
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\19943
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\21060
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\233034
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\23923
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25424
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25509
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25708
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25818
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26106
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26125
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27505
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\281075
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28383
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28812
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\290893
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29115
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29425
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29642
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32114
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32290
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32293
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32377
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32541
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34747
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35047
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\367116
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\37827
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\38345
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39850
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39897
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39972
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\40012
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\40256
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\404057
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\40726
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\40999
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41533
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41548
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41572
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41588
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\422734
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\423530
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\427075
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43438
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43906
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43907
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43979
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44075
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44274
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44293
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44300
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44878
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\477253
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\478987
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\51880
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\519215
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\532492
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\53274
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\53310
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54189
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54469
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\552212
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\566240
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\569859
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\58965
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\5898
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59844
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59913
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61367
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\614613
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6292
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\63264
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64404
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64434
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6552
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6556
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6558
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\65933
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6604
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67220
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67464
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67831
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68021
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68040
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68829
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69263
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69556
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70375
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70773
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\71059
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\71383
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\72864
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73119
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73484
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73670
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\737665
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73804
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73876
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744370
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744775
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744977
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745170
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745434
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\74798
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\748176
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\750039
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\750281
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\751209
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7518
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7521
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753197
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753300
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753335
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753366
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\76119
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79246
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79264
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79674
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79676
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80815
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\81980
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82292
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83463
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83560
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83817
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\86140
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87584
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\890
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\92930
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93899
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\94392
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95200
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95803
C:\Documents and Settings\HP_Administrato

guestolo · « **Reply #5 on:** June 12, 2008, 12:18:36 PM »

==Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need it in a bit

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
KillAll::

File::
C:\WINDOWS\system32\drivers\qzphmqbc.dat
C:\WINDOWS\system32\card.dll

Driver::
bxdbhgeo

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sbig"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1D92F89-BCD3-496E-8C60-1C10E703578B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[/color]
Save this as txtfile on your desktop
CFScript

Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
We'll need it in a bit

I suggest that you PRINT the remainder of these instructions, or save them to a textfile on desktop
Physically disconnect your Internet cable from the back of the computer
Disable your AntiVirus software temporarily so as it won't interfere with the next fix
Close down all browser windows that are open

Access your Add and Remove Programs and uninstall
J2SE Runtime Environment 5.0 Update 5
Don't reboot
We'll update this in a bit

ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================

Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log again

Reconnect cable to internet
NOTE: If you don't get Internet connection within a minute
Reboot the computer

Once connection is established

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
Click the "Download" button to the right.
In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from Malwarebytes AntiMalware

Post back the following

1. Post the log from ComboFix
2. Post a fresh hijackthis log

Juggernaut · « **Reply #6 on:** June 13, 2008, 06:04:35 PM »

MBAM Log...

Malwarebytes' Anti-Malware 1.17
Database version: 850

7:11:25 PM 6/13/2008
mbam-log-6-13-2008 (19-11-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 151587
Time elapsed: 43 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SpamBlockerUtility 10.2.215.0 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Deckard\System Scanner\backup\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\!update.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080612-115646-144.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\ASAPCom.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\Redemption.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBClientSinkPS.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBInst.exe.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBOLExp.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBOLExt.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBSrvPS.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBTrayAppPS.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUIRes.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUISkin.dll.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\SpamBlockerUtility\bin\10.2.215.0\SpamBlocker.exe.vir (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\UpMedia\SearchTool.dll.vir (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP525\A0036807.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP526\A0036836.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP527\A0036862.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP529\A0036897.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP531\A0036932.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP531\A0036956.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP535\A0036995.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP538\A0037035.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0037430.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP544\A0037493.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP546\A0037568.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP547\A0037578.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP548\A0037590.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP549\A0037603.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0037666.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP553\A0037710.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0037731.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP563\A0037830.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP564\A0037857.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0037976.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP567\A0038213.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP569\A0038706.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP580\A0038972.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP580\A0038973.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP580\A0038975.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP580\A0039043.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP580\A0039046.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP580\A0039060.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039155.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039164.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039165.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039166.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039167.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039168.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039169.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039170.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039171.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039173.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039179.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039188.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP581\A0039189.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khdnxam.dll (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Click to Find and Fix Errors.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Find And Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

ComboFix log...

ComboFix 08-06-10.5 - HP_Administrator 2008-06-12 13:59:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.558 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\card.dll
C:\WINDOWS\system32\drivers\qzphmqbc.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\card.dll
C:\WINDOWS\system32\drivers\qzphmqbc.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BXDBHGEO
-------\Service_bxdbhgeo

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 06:26 . 2008-04-14 07:01   272,128   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:26 . 2008-04-14 07:01   272,128   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 15:15 . 2008-06-01 15:15   <DIR>   d--------   C:\Deckard
2008-06-01 13:09 . 2007-11-14 15:18   553   --a------   C:\WINDOWS\USetup.iss
2008-06-01 13:08 . 2007-11-20 18:15   1,826,816   --a------   C:\WINDOWS\SkyTel.exe
2008-06-01 13:08 . 2006-08-01 15:02   49,152   --a------   C:\WINDOWS\system32\ChCfg.exe
2008-06-01 13:07 . 2008-06-01 13:07   <DIR>   d--------   C:\Program Files\Realtek
2008-06-01 13:07 . 2008-03-05 18:07   520,192   --a------   C:\WINDOWS\RtlExUpd.dll
2008-06-01 13:07 . 2008-06-01 13:07   315,392   --a------   C:\WINDOWS\HideWin.exe
2008-06-01 12:46 . 2008-06-01 12:46   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2008-05-27 16:34 . 2008-05-27 16:34   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-05-27 16:32 . 2008-05-27 16:32   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-05-27 16:07 . 2008-06-12 11:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SBUSA
2008-05-27 16:03 . 2008-05-27 16:40   412   --a------   C:\WINDOWS\cdplayer.ini
2008-05-27 15:31 . 2008-02-05 21:40   25,056   -ra------   C:\WINDOWS\system32\Repository.reg
2008-05-27 15:31 . 2008-02-05 22:17   13,848   -ra------   C:\WINDOWS\system32\drivers\lv302af.sys
2008-05-27 15:30 . 2008-05-27 15:30   127,034   -r-------   C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-27 15:27 . 2008-05-27 15:30   <DIR>   d--------   C:\Program Files\Logitech
2008-05-27 15:27 . 2008-05-27 15:27   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-27 15:27 . 2008-05-27 17:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-27 15:25 . 2008-05-27 15:28   <DIR>   d--------   C:\Program Files\Common Files\logishrd
2008-05-27 15:25 . 2008-02-05 22:17   2,570,520   -ra------   C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-05-27 15:19 . 2004-08-03 23:07   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-27 15:19 . 2004-08-03 23:07   59,264   --a------   C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-27 14:26 . 2008-05-27 14:26   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 14:25 . 2008-05-27 14:25   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-05-23 14:17 . 2008-05-23 14:17   13,502   --a------   C:\WINDOWS\system32\TuneclubIconDE.ico
2008-05-23 14:17 . 2008-05-23 14:17   13,502   --a------   C:\WINDOWS\system32\CelldoradoIconUK.ico
2008-05-23 14:17 . 2008-05-23 14:17   13,502   --a------   C:\WINDOWS\system32\BlinkoIconES.ico
2008-05-23 14:16 . 2008-05-23 14:16   4,286   --a------   C:\WINDOWS\system32\Jamster.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 16:34   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-06-12 16:10   ---------   d-----w   C:\Program Files\AntiVerminsPro
2008-06-12 16:09   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-12 16:09   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-06-12 15:38   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-06-01 17:17   ---------   d-----w   C:\Program Files\Trend Micro
2008-06-01 17:07   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-27 20:32   ---------   d-----w   C:\Program Files\Common Files\Real
2008-05-23 18:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-23 18:12   ---------   d-----w   C:\Program Files\AIM6
2008-05-23 18:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-23 18:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-05-22 04:56   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\WeatherBug
2008-05-20 21:53   4,800,000   ----a-w   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-16 18:39   16,862,720   ----a-w   C:\WINDOWS\RTHDCPL.exe
2008-05-08 12:28   202,752   ------w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 16:06   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\??crosoft
2008-04-28 06:06   36,368   ----a-w   C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-04-28 06:06   204,816   ----a-w   C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-04-28 06:06   1,169,240   ----a-w   C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-04-26 18:59   ---------   d-----w   C:\Program Files\XoftSpy
2008-04-02 13:27   1,196,032   ----a-w   C:\WINDOWS\RtlUpd.exe
2007-12-13 22:27   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-09 00:45   382   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\internaldb6334.dat
2007-05-08 23:03   194   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\internaldb8467.dat
2007-05-08 23:03   18,432   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\internaldb41.dat
2007-04-10 11:24   1,190   ----a-w   C:\Documents and Settings\jules\Application Data\wklnhst.dat
2007-01-05 12:33   1,514   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-08-27 19:08   22   --sha-w   C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_12.43.38.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 16:14:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-12 18:03:29   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28   163,328   ----a-w   C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-06-12 18:08:23   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_9bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 15:02 1343488]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-20 22:36 1207080]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-01-24 22:15 1519616 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 12:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 18:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 18:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 18:50 290816]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 22:57 1095256]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 14:39 16862720 C:\WINDOWS\RTHDCPL.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 16:32 185896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-27 15:30:25 66864]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-16 01:04:34 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 21:18 49152 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 05:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8e64-9a74-11db-b989-001731dfc6d0}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66ac30-ec99-11dc-ba34-001731dfc6d0}]
\Shell\AutoRun\command - F:\copetttt.com
\Shell\explore\Command - F:\copetttt.com
\Shell\open\Command - F:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c824e6-35f3-11db-b93c-001731dfc6d0}]
\Shell\AutoRun\command - J:\mri.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda89918-e983-11dc-ba32-001731dfc6d0}]
\Shell\AutoRun\command - F:\copetttt.com
\Shell\explore\Command - F:\copetttt.com
\Shell\open\Command - F:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc122a8b-e43c-11db-b9c6-001731dfc6d0}]
\Shell\AutoRun\command - K:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 16:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 14:04:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1162745142\ee\aolsoftware.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-12 14:11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 18:11:26
ComboFix2.txt 2008-06-12 16:44:08

Pre-Run: 107,913,117,696 bytes free
Post-Run: 107,827,019,776 bytes free

237   --- E O F ---   2008-06-12 07:04:32

HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:04 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1162745142\ee\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 11380 bytes

guestolo · « **Reply #7 on:** June 13, 2008, 10:29:28 PM »

I edited the post when you were'nt watching

Can you do the following, if you didn't do it earlier please

Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe

un Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted

Afterwards, double click on Combofix one more time
Let it run uninteruppted
Post it's new log please>>C:\Combofix.txt

Juggernaut · « **Reply #8 on:** June 14, 2008, 10:05:06 PM »

ComboFix log...

ComboFix 08-06-10.5 - HP_Administrator 2008-06-14 13:27:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.460 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 19:30 . 2008-06-14 13:01   <DIR>   d--------   C:\Program Files\Steam
2008-06-13 19:17 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-13 19:17 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-12 14:16 . 2008-06-13 20:23   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 14:16 . 2008-06-12 14:16   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-06-12 14:16 . 2008-06-12 14:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 14:16 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-06-12 14:16 . 2008-06-10 19:02   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-12 14:16 . 2008-06-10 19:02   15,864   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 14:15 . 2008-06-13 20:23   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-06-11 06:26 . 2008-04-14 07:01   272,128   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:26 . 2008-04-14 07:01   272,128   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 15:15 . 2008-06-01 15:15   <DIR>   d--------   C:\Deckard
2008-06-01 13:09 . 2007-11-14 15:18   553   --a------   C:\WINDOWS\USetup.iss
2008-06-01 13:08 . 2007-11-20 18:15   1,826,816   --a------   C:\WINDOWS\SkyTel.exe
2008-06-01 13:08 . 2006-08-01 15:02   49,152   --a------   C:\WINDOWS\system32\ChCfg.exe
2008-06-01 13:07 . 2008-06-01 13:07   <DIR>   d--------   C:\Program Files\Realtek
2008-06-01 13:07 . 2008-03-05 18:07   520,192   --a------   C:\WINDOWS\RtlExUpd.dll
2008-06-01 13:07 . 2008-06-01 13:07   315,392   --a------   C:\WINDOWS\HideWin.exe
2008-06-01 12:46 . 2008-06-01 12:46   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2008-05-27 16:34 . 2008-05-27 16:34   <DIR>   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-05-27 16:32 . 2008-05-27 16:32   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-05-27 16:07 . 2008-06-12 11:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SBUSA
2008-05-27 16:03 . 2008-05-27 16:40   412   --a------   C:\WINDOWS\cdplayer.ini
2008-05-27 15:31 . 2008-02-05 21:40   25,056   -ra------   C:\WINDOWS\system32\Repository.reg
2008-05-27 15:31 . 2008-02-05 22:17   13,848   -ra------   C:\WINDOWS\system32\drivers\lv302af.sys
2008-05-27 15:30 . 2008-05-27 15:30   127,034   -r-------   C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-27 15:27 . 2008-05-27 15:30   <DIR>   d--------   C:\Program Files\Logitech
2008-05-27 15:27 . 2008-05-27 15:27   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-27 15:27 . 2008-05-27 17:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-27 15:25 . 2008-05-27 15:28   <DIR>   d--------   C:\Program Files\Common Files\logishrd
2008-05-27 15:25 . 2008-02-05 22:17   2,570,520   -ra------   C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-05-27 15:19 . 2004-08-03 23:07   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-27 15:19 . 2004-08-03 23:07   59,264   --a------   C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-27 14:26 . 2008-05-27 14:26   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 14:25 . 2008-05-27 14:25   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-05-23 14:17 . 2008-05-23 14:17   13,502   --a------   C:\WINDOWS\system32\TuneclubIconDE.ico
2008-05-23 14:17 . 2008-05-23 14:17   13,502   --a------   C:\WINDOWS\system32\CelldoradoIconUK.ico
2008-05-23 14:17 . 2008-05-23 14:17   13,502   --a------   C:\WINDOWS\system32\BlinkoIconES.ico
2008-05-23 14:16 . 2008-05-23 14:16   4,286   --a------   C:\WINDOWS\system32\Jamster.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 00:06   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-06-14 00:04   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-06-12 18:16   ---------   d-----w   C:\Program Files\Java
2008-06-12 16:10   ---------   d-----w   C:\Program Files\AntiVerminsPro
2008-06-12 16:09   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-12 16:09   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-06-01 17:17   ---------   d-----w   C:\Program Files\Trend Micro
2008-06-01 17:07   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-27 20:32   ---------   d-----w   C:\Program Files\Common Files\Real
2008-05-23 18:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-23 18:12   ---------   d-----w   C:\Program Files\AIM6
2008-05-23 18:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-23 18:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-05-22 04:56   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\WeatherBug
2008-05-08 12:28   202,752   ------w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28   202,752   ------w   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55   1,288,192   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55   1,288,192   ------w   C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 16:06   ---------   d-----w   C:\Documents and Settings\HP_Administrator\Application Data\??crosoft
2008-04-28 06:06   36,368   ----a-w   C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-04-28 06:06   204,816   ----a-w   C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-04-28 06:06   1,169,240   ----a-w   C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-04-26 18:59   ---------   d-----w   C:\Program Files\XoftSpy
2008-04-24 02:16   3,591,680   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40   625,664   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39   70,656   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12   151,583   ------w   C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12   151,583   ------w   C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47   1,845,248   ------w   C:\WINDOWS\system32\dllcache\win32k.sys
2007-12-13 22:27   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-09 00:45   382   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\internaldb6334.dat
2007-05-08 23:03   194   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\internaldb8467.dat
2007-05-08 23:03   18,432   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\internaldb41.dat
2007-04-10 11:24   1,190   ----a-w   C:\Documents and Settings\jules\Application Data\wklnhst.dat
2007-01-05 12:33   1,514   ----a-w   C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-08-27 19:08   22   --sha-w   C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_12.43.38.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-03 22:43:00   69,632   ----a-w   C:\WINDOWS\Alcmtr.exe
+ 2005-05-04 01:43:28   69,632   ----a-w   C:\WINDOWS\ALCMTR.EXE
- 2006-05-04 20:26:00   2,808,832   ----a-w   C:\WINDOWS\alcwzrd.exe
+ 2006-02-21 00:01:58   2,809,856   ----a-w   C:\WINDOWS\ALCWZRD.EXE
- 2008-06-12 16:14:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-14 03:39:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28   163,328   ----a-w   C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-06-13 23:30:20   27,648   ----a-r   C:\WINDOWS\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2007-06-28 20:44:00   2,165,760   ----a-w   C:\WINDOWS\MicCal.exe
+ 2006-01-09 21:32:34   2,158,592   ----a-w   C:\WINDOWS\MicCal.exe
- 2008-05-16 18:39:00   16,862,720   ----a-w   C:\WINDOWS\RTHDCPL.exe
+ 2006-03-08 11:54:04   16,010,240   ----a-w   C:\WINDOWS\RTHDCPL.EXE
- 2007-03-23 23:19:00   9,715,200   ----a-w   C:\WINDOWS\RTLCPL.exe
+ 2006-02-21 00:05:50   9,712,640   ----a-w   C:\WINDOWS\RTLCPL.EXE
- 2008-04-02 13:27:00   1,196,032   ----a-w   C:\WINDOWS\RtlUpd.exe
+ 2006-03-03 03:13:10   360,448   ----a-w   C:\WINDOWS\RtlUpd.exe
- 2006-07-21 20:14:00   86,016   ----a-w   C:\WINDOWS\SoundMan.exe
+ 2006-02-21 00:00:18   86,016   ----a-w   C:\WINDOWS\SOUNDMAN.EXE
- 2004-08-04 03:08:00   60,288   ----a-w   C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 13:08:00   60,288   ----a-w   C:\WINDOWS\system32\dllcache\drmk.sys
- 2006-01-25 02:15:00   3,535,520   ----a-w   C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2006-05-10 02:50:00   3,535,680   ----a-w   C:\WINDOWS\system32\dllcache\nv4_mini.sys
- 2004-08-04 03:08:04   48,640   ----a-w   C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 13:08:04   48,640   ----a-w   C:\WINDOWS\system32\dllcache\stream.sys
- 2004-08-04 03:08:00   60,288   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 13:08:00   60,288   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
- 2006-01-25 02:15:00   3,535,520   ----a-w   C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2006-05-10 02:50:00   3,535,680   ----a-w   C:\WINDOWS\system32\drivers\nv4_mini.sys
- 2008-05-20 21:53:00   4,800,000   ----a-w   C:\WINDOWS\system32\drivers\RtkHDAud.sys
+ 2006-03-08 20:27:12   4,246,016   ----a-w   C:\WINDOWS\system32\drivers\RtkHDAud.sys
- 2004-08-04 03:08:04   48,640   ----a-w   C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 13:08:04   48,640   ----a-w   C:\WINDOWS\system32\drivers\stream.sys
- 2005-08-27 05:55:46   49,248   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:39   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2005-08-27 05:55:58   49,250   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 05:28:43   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2005-08-27 08:14:46   127,078   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 06:37:01   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2006-01-25 02:15:00   425,984   ----a-w   C:\WINDOWS\system32\keystone.exe
+ 2006-05-10 02:50:00   425,984   ----a-w   C:\WINDOWS\system32\keystone.exe
+ 2008-03-25 03:21:18   2,889,088   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20   218,496   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-06-13 23:26:49   70,264   ----a-w   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-01-25 02:15:00   3,955,328   ----a-w   C:\WINDOWS\system32\nv4_disp.dll
+ 2006-05-10 02:50:00   3,955,200   ----a-w   C:\WINDOWS\system32\nv4_disp.dll
- 2006-01-25 02:15:00   106,496   ----a-w   C:\WINDOWS\system32\nvapi.dll
+ 2006-05-10 02:50:00   106,496   ----a-w   C:\WINDOWS\system32\nvapi.dll
- 2006-01-25 02:15:00   442,368   ----a-w   C:\WINDOWS\system32\nvappbar.exe
+ 2006-05-10 02:50:00   442,368   ----a-w   C:\WINDOWS\system32\nvappbar.exe
- 2006-01-25 02:15:00   35,840   ----a-w   C:\WINDOWS\system32\nvcod.dll
+ 2006-05-10 02:50:00   35,840   ----a-w   C:\WINDOWS\system32\nvcod.dll
- 2006-01-25 02:15:00   35,840   ----a-w   C:\WINDOWS\system32\nvcodins.dll
+ 2006-05-10 02:50:00   35,840   ----a-w   C:\WINDOWS\system32\nvcodins.dll
- 2006-01-25 02:15:00   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
+ 2006-05-10 02:50:00   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
- 2006-01-25 02:15:00   7,311,360   ----a-w   C:\WINDOWS\system32\nvcpl.dll
+ 2006-05-10 02:50:00   7,311,360   ----a-w   C:\WINDOWS\system32\nvcpl.dll
- 2006-01-25 02:15:00   1,339,392   ----a-w   C:\WINDOWS\system32\nvdspsch.exe
+ 2006-05-10 02:50:00   1,339,392   ----a-w   C:\WINDOWS\system32\nvdspsch.exe
- 2006-01-25 02:15:00   573,440   ----a-w   C:\WINDOWS\system32\nvhwvid.dll
+ 2006-05-10 02:50:00   573,440   ----a-w   C:\WINDOWS\system32\nvhwvid.dll
- 2006-01-25 02:15:00   1,466,368   ----a-w   C:\WINDOWS\system32\nview.dll
+ 2006-05-10 02:50:00   1,466,368   ----a-w   C:\WINDOWS\system32\nview.dll
- 2006-01-25 02:15:00   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
+ 2006-05-10 02:50:00   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
- 2006-01-25 02:15:00   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
+ 2006-05-10 02:50:00   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
- 2006-01-25 02:15:00   86,016   ----a-w   C:\WINDOWS\system32\nvmctray.dll
+ 2006-05-10 02:50:00   86,016   ----a-w   C:\WINDOWS\system32\nvmctray.dll
- 2006-01-25 02:15:00   286,720   ----a-w   C:\WINDOWS\system32\nvnt4cpl.dll
+ 2006-05-10 02:50:00   286,720   ----a-w   C:\WINDOWS\system32\nvnt4cpl.dll
- 2006-01-25 02:15:00   5,402,624   ----a-w   C:\WINDOWS\system32\nvoglnt.dll
+ 2006-05-10 02:50:00   5,402,624   ----a-w   C:\WINDOWS\system32\nvoglnt.dll
- 2006-01-25 02:15:00   319,488   ----a-w   C:\WINDOWS\system32\nvrsar.dll
+ 2006-05-10 02:50:00   319,488   ----a-w   C:\WINDOWS\system32\nvrsar.dll
- 2006-01-25 02:15:00   241,664   ----a-w   C:\WINDOWS\system32\nvrscs.dll
+ 2006-05-10 02:50:00   241,664   ----a-w   C:\WINDOWS\system32\nvrscs.dll
- 2006-01-25 02:15:00   245,760   ----a-w   C:\WINDOWS\system32\nvrsda.dll
+ 2006-05-10 02:50:00   245,760   ----a-w   C:\WINDOWS\system32\nvrsda.dll
- 2006-01-25 02:15:00   270,336   ----a-w   C:\WINDOWS\system32\nvrsde.dll
+ 2006-05-10 02:50:00   270,336   ----a-w   C:\WINDOWS\system32\nvrsde.dll
- 2006-01-25 02:15:00   274,432   ----a-w   C:\WINDOWS\system32\nvrsel.dll
+ 2006-05-10 02:50:00   274,432   ----a-w   C:\WINDOWS\system32\nvrsel.dll
- 2006-01-25 02:15:00   241,664   ----a-w   C:\WINDOWS\system32\nvrseng.dll
+ 2006-05-10 02:50:00   241,664   ----a-w   C:\WINDOWS\system32\nvrseng.dll
- 2006-01-25 02:15:00   274,432   ----a-w   C:\WINDOWS\system32\nvrses.dll
+ 2006-05-10 02:50:00   274,432   ----a-w   C:\WINDOWS\system32\nvrses.dll
- 2006-01-25 02:15:00   266,240   ----a-w   C:\WINDOWS\system32\nvrsesm.dll
+ 2006-05-10 02:50:00   266,240   ----a-w   C:\WINDOWS\system32\nvrsesm.dll
- 2006-01-25 02:15:00   241,664   ----a-w   C:\WINDOWS\system32\nvrsfi.dll
+ 2006-05-10 02:50:00   241,664   ----a-w   C:\WINDOWS\system32\nvrsfi.dll
- 2006-01-25 02:15:00   278,528   ----a-w   C:\WINDOWS\system32\nvrsfr.dll
+ 2006-05-10 02:50:00   278,528   ----a-w   C:\WINDOWS\system32\nvrsfr.dll
- 2006-01-25 02:15:00   319,488   ----a-w   C:\WINDOWS\system32\nvrshe.dll
+ 2006-05-10 02:50:00   319,488   ----a-w   C:\WINDOWS\system32\nvrshe.dll
- 2006-01-25 02:15:00   253,952   ----a-w   C:\WINDOWS\system32\nvrshu.dll
+ 2006-05-10 02:50:00   253,952   ----a-w   C:\WINDOWS\system32\nvrshu.dll
- 2006-01-25 02:15:00   274,432   ----a-w   C:\WINDOWS\system32\nvrsit.dll
+ 2006-05-10 02:50:00   274,432   ----a-w   C:\WINDOWS\system32\nvrsit.dll
- 2006-01-25 02:15:00   258,048   ----a-w   C:\WINDOWS\system32\nvrsja.dll
+ 2006-05-10 02:50:00   258,048   ----a-w   C:\WINDOWS\system32\nvrsja.dll
- 2006-01-25 02:15:00   253,952   ----a-w   C:\WINDOWS\system32\nvrsko.dll
+ 2006-05-10 02:50:00   253,952   ----a-w   C:\WINDOWS\system32\nvrsko.dll
- 2006-01-25 02:15:00   266,240   ----a-w   C:\WINDOWS\system32\nvrsnl.dll
+ 2006-05-10 02:50:00   266,240   ----a-w   C:\WINDOWS\system32\nvrsnl.dll
- 2006-01-25 02:15:00   249,856   ----a-w   C:\WINDOWS\system32\nvrsno.dll
+ 2006-05-10 02:50:00   249,856   ----a-w   C:\WINDOWS\system32\nvrsno.dll
- 2006-01-25 02:15:00   249,856   ----a-w   C:\WINDOWS\system32\nvrspl.dll
+ 2006-05-10 02:50:00   249,856   ----a-w   C:\WINDOWS\system32\nvrspl.dll
- 2006-01-25 02:15:00   266,240   ----a-w   C:\WINDOWS\system32\nvrspt.dll
+ 2006-05-10 02:50:00   266,240   ----a-w   C:\WINDOWS\system32\nvrspt.dll
- 2006-01-25 02:15:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsptb.dll
+ 2006-05-10 02:50:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsptb.dll
- 2006-01-25 02:15:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsru.dll
+ 2006-05-10 02:50:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsru.dll
- 2006-01-25 02:15:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssk.dll
+ 2006-05-10 02:50:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssk.dll
- 2006-01-25 02:15:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssl.dll
+ 2006-05-10 02:50:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssl.dll
- 2006-01-25 02:15:00   245,760   ----a-w   C:\WINDOWS\system32\nvrssv.dll
+ 2006-05-10 02:50:00   245,760   ----a-w   C:\WINDOWS\system32\nvrssv.dll
- 2006-01-25 02:15:00   249,856   ----a-w   C:\WINDOWS\system32\nvrstr.dll
+ 2006-05-10 02:50:00   249,856   ----a-w   C:\WINDOWS\system32\nvrstr.dll
- 2006-01-25 02:15:00   217,088   ----a-w   C:\WINDOWS\system32\nvrszhc.dll
+ 2006-05-10 02:50:00   217,088   ----a-w   C:\WINDOWS\system32\nvrszhc.dll
- 2006-01-25 02:15:00   118,784   ----a-w   C:\WINDOWS\system32\nvrszht.dll
+ 2006-05-10 02:50:00   118,784   ----a-w   C:\WINDOWS\system32\nvrszht.dll
- 2006-01-25 02:15:00   466,944   ----a-w   C:\WINDOWS\system32\nvshell.dll
+ 2006-05-10 02:50:00   466,944   ----a-w   C:\WINDOWS\system32\nvshell.dll
- 2006-01-25 02:15:00   131,139   ----a-w   C:\WINDOWS\system32\nvsvc32.exe
+ 2006-05-10 02:50:00   131,139   ----a-w   C:\WINDOWS\system32\nvsvc32.exe
- 2006-01-25 02:15:00   81,920   ----a-w   C:\WINDOWS\system32\nvwddi.dll
+ 2006-05-10 02:50:00   81,920   ----a-w   C:\WINDOWS\system32\nvwddi.dll
- 2006-01-25 02:15:00   1,662,976   ----a-w   C:\WINDOWS\system32\nvwdmcpl.dll
+ 2006-05-10 02:50:00   1,662,976   ----a-w   C:\WINDOWS\system32\nvwdmcpl.dll
- 2006-01-25 02:15:00   1,019,904   ----a-w   C:\WINDOWS\system32\nvwimg.dll
+ 2006-05-10 02:50:00   1,019,904   ----a-w   C:\WINDOWS\system32\nvwimg.dll
- 2006-01-25 02:15:00   282,624   ----a-w   C:\WINDOWS\system32\nvwrsar.dll
+ 2006-05-10 02:50:00   282,624   ----a-w   C:\WINDOWS\system32\nvwrsar.dll
- 2006-01-25 02:15:00   286,720   ----a-w   C:\WINDOWS\system32\nvwrscs.dll
+ 2006-05-10 02:50:00   286,720   ----a-w   C:\WINDOWS\system32\nvwrscs.dll
- 2006-01-25 02:15:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrsda.dll
+ 2006-05-10 02:50:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrsda.dll
- 2006-01-25 02:15:00   311,296   ----a-w   C:\WINDOWS\system32\nvwrsde.dll
+ 2006-05-10 02:50:00   311,296   ----a-w   C:\WINDOWS\system32\nvwrsde.dll
- 2006-01-25 02:15:00   335,872   ----a-w   C:\WINDOWS\system32\nvwrsel.dll
+ 2006-05-10 02:50:00   335,872   ----a-w   C:\WINDOWS\system32\nvwrsel.dll
- 2006-01-25 02:15:00   286,720   ----a-w   C:\WINDOWS\system32\nvwrseng.dll
+ 2006-05-10 02:50:00   286,720   ----a-w   C:\WINDOWS\system32\nvwrseng.dll
- 2006-01-25 02:15:00   335,872   ----a-w   C:\WINDOWS\system32\nvwrses.dll
+ 2006-05-10 02:50:00   335,872   ----a-w   C:\WINDOWS\system32\nvwrses.dll
- 2006-01-25 02:15:00   327,680   ----a-w   C:\WINDOWS\system32\nvwrsesm.dll
+ 2006-05-10 02:50:00   327,680   ----a-w   C:\WINDOWS\system32\nvwrsesm.dll
- 2006-01-25 02:15:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrsfi.dll
+ 2006-05-10 02:50:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrsfi.dll
- 2006-01-25 02:15:00   327,680   ----a-w   C:\WINDOWS\system32\nvwrsfr.dll
+ 2006-05-10 02:50:00   327,680   ----a-w   C:\WINDOWS\system32\nvwrsfr.dll
- 2006-01-25 02:15:00   278,528   ----a-w   C:\WINDOWS\system32\nvwrshe.dll
+ 2006-05-10 02:50:00   278,528   ----a-w   C:\WINDOWS\system32\nvwrshe.dll
- 2006-01-25 02:15:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrshu.dll
+ 2006-05-10 02:50:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrshu.dll
- 2006-01-25 02:15:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrsit.dll
+ 2006-05-10 02:50:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrsit.dll
- 2006-01-25 02:15:00   212,992   ----a-w   C:\WINDOWS\system32\nvwrsja.dll
+ 2006-05-10 02:50:00   212,992   ----a-w   C:\WINDOWS\system32\nvwrsja.dll
- 2006-01-25 02:15:00   196,608   ----a-w   C:\WINDOWS\system32\nvwrsko.dll
+ 2006-05-10 02:50:00   196,608   ----a-w   C:\WINDOWS\system32\nvwrsko.dll
- 2006-01-25 02:15:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsnl.dll
+ 2006-05-10 02:50:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsnl.dll
- 2006-01-25 02:15:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrsno.dll
+ 2006-05-10 02:50:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrsno.dll
- 2006-01-25 02:15:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrspl.dll
+ 2006-05-10 02:50:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrspl.dll
- 2006-01-25 02:15:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrspt.dll
+ 2006-05-10 02:50:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrspt.dll
- 2006-01-25 02:15:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsptb.dll
+ 2006-05-10 02:50:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsptb.dll
- 2006-01-25 02:15:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrsru.dll
+ 2006-05-10 02:50:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrsru.dll
- 2006-01-25 02:15:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrssk.dll
+ 2006-05-10 02:50:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrssk.dll
- 2006-01-25 02:15:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrssl.dll
+ 2006-05-10 02:50:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrssl.dll
- 2006-01-25 02:15:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrssv.dll
+ 2006-05-10 02:50:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrssv.dll
- 2006-01-25 02:15:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrstr.dll
+ 2006-05-10 02:50:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrstr.dll
- 2006-01-25 02:15:00   163,840   ----a-w   C:\WINDOWS\system32\nvwrszhc.dll
+ 2006-05-10 02:50:00   163,840   ----a-w   C:\WINDOWS\system32\nvwrszhc.dll
- 2006-01-25 02:15:00   167,936   ----a-w   C:\WINDOWS\system32\nvwrszht.dll
+ 2006-05-10 02:50:00   167,936   ----a-w   C:\WINDOWS\system32\nvwrszht.dll
- 2006-01-25 02:15:00   1,519,616   ----a-w   C:\WINDOWS\system32\nwiz.exe
+ 2006-05-10 02:50:00   1,519,616   ----a-w   C:\WINDOWS\system32\nwiz.exe
+ 2006-01-25 02:15:00   3,955,328   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nv4_disp.dll
+ 2006-01-25 02:15:00   3,535,520   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nv4_mini.sys
+ 2006-01-25 02:15:00   106,496   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvapi.dll
+ 2006-01-25 02:15:00   35,840   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvcod.dll
+ 2006-01-25 02:15:00   7,311,360   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvcpl.dll
+ 2006-01-25 02:15:00   573,440   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvhwvid.dll
+ 2006-01-25 02:15:00   229,376   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvmccs.dll
+ 2006-01-25 02:15:00   86,016   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvmctray.dll
+ 2006-01-25 02:15:00   286,720   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvnt4cpl.dll
+ 2006-01-25 02:15:00   5,402,624   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvoglnt.dll
+ 2006-01-25 02:15:00   131,139   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvsvc32.exe
+ 2006-01-25 02:15:00   81,920   ----a-w   C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvwddi.dll
- 2006-12-31 02:34:07   1,510,388   ----a-w   C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-14 00:24:11   1,171,476   ----a-w   C:\WINDOWS\system32\Restore\rstrlog.dat
- 2008-03-26 18:04:00   266,240   ----a-w   C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll
+ 2006-02-24 23:32:58   266,240   ----a-w   C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll
- 2008-03-26 22:50:00   131,072   ----a-w   C:\WINDOWS\system32\RTCOM\RtlCPAPI.dll
+ 2005-11-01 01:17:38   135,168   ----a-w   C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 15:02 1343488]
"Aim6"="" []
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-20 22:36 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 22:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 22:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 12:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 18:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 18:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 18:50 290816]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 22:57 1095256]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 16:32 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 22:50 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 21:18 49152 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 05:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1162745142\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Steam\\steamapps\\moviegod14\\counter-strike\\hl.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\steamapps\\moviegod14\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\moviegod14\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0f8e64-9a74-11db-b989-001731dfc6d0}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66ac30-ec99-11dc-ba34-001731dfc6d0}]
\Shell\AutoRun\command - F:\copetttt.com
\Shell\explore\Command - F:\copetttt.com
\Shell\open\Command - F:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c824e6-35f3-11db-b93c-001731dfc6d0}]
\Shell\AutoRun\command - J:\mri.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda89918-e983-11dc-ba32-001731dfc6d0}]
\Shell\AutoRun\command - F:\copetttt.com
\Shell\explore\Command - F:\copetttt.com
\Shell\open\Command - F:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc122a8b-e43c-11db-b9c6-001731dfc6d0}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 16:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 13:31:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-14 13:33:10
ComboFix-quarantined-files.txt 2008-06-14 17:32:42
ComboFix2.txt 2008-06-12 18:11:32
ComboFix3.txt 2008-06-12 16:44:08

Pre-Run: 101,641,867,264 bytes free
Post-Run: 101,632,970,752 bytes free

425   --- E O F ---   2008-06-12 07:04:32

guestolo · « **Reply #9 on:** June 15, 2008, 08:40:27 AM »

Did you run Flash_Disinfector.exe?

Can you do the following

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the Blue entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66ac30-ec99-11dc-ba34-001731dfc6d0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c824e6-35f3-11db-b93c-001731dfc6d0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda89918-e983-11dc-ba32-001731dfc6d0}
[/color]

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

Post that log from OTMove2 please along with a fresh hijackthis log

Keep me informed how things are running please

Juggernaut · « **Reply #10 on:** June 15, 2008, 10:23:51 AM »

OTMoveIT log...

File/Folder not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66ac30-ec99-11dc-ba34-001731dfc6d0} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66ac30-ec99-11dc-ba34-001731dfc6d0}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c824e6-35f3-11db-b93c-001731dfc6d0} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94c824e6-35f3-11db-b93c-001731dfc6d0}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda89918-e983-11dc-ba32-001731dfc6d0} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda89918-e983-11dc-ba32-001731dfc6d0}\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06152008_113240

Juggernaut · « **Reply #11 on:** June 15, 2008, 10:24:56 AM »

and things are definitely running a whole lot smoother and quicker

HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:24 AM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\AOL\1162745142\ee\aolsoftware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 10353 bytes

guestolo · « **Reply #12 on:** June 15, 2008, 10:47:49 AM »

I just missed a couple entries with Hijackthis

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

The next ones do not really need to be run on startup
You may choose to tick them too
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Afterwards
Go to START>>RUN>>type the following in exactly

ComboFix /u

Then hit OK
This will uninstall ComboFix and it's components

You can manually delete ATF-Cleaner.exe or hold onto it, your option
Also, Open MalwareByte's AntiMalware>>Update it>>Run a Quick scan
If it finds anything post the finding back here
If it doesn't, open the Quarantine tab and Delete All
Again, Optionally, you can have your friend Uninstall this scanner from Add and Remove programs
Or hold onto it and update and run a scan occassionally
If you choose to uninstall it, don't reboot the computer yet

Instead, continue with the following

OTMoveit2.exe

Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

NOTE: A couple entries in your hijackthis are related to the Google toolbar
Which appears to have got corrupt through all this
If they intend on keeping the Google Toolbar for Internet Explorer
I would close down browser windows and uninstall it from Add and Remove programs and then reinstall it

If they don't require it , just uninstall it

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool

After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Take a look at miekiemoes site with other ideas on How to prevent Malware:

I hope that helps

By the way, when do you think your friend ran the Disk Defragment utility on this computer
Now would be a good time, if he hasn't been done in awhile

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Juggernaut · « **Reply #13 on:** June 20, 2008, 06:42:59 PM »

HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:46 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\AOL\1162745142\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 10516 bytes

guestolo · « **Reply #14 on:** June 20, 2008, 07:05:56 PM »

I'm not sure why your posting that log, did you do any of my last steps?

TheTechGuide Forum

News:

Author Topic: no sound in XP (Read 679 times)

Juggernaut

no sound in XP

guestolo

no sound in XP

Juggernaut

no sound in XP

guestolo

no sound in XP

Juggernaut

no sound in XP

guestolo

no sound in XP

Juggernaut

no sound in XP

guestolo

no sound in XP

Juggernaut

no sound in XP

guestolo

no sound in XP

Juggernaut

no sound in XP

Juggernaut

no sound in XP

guestolo

no sound in XP

Juggernaut

no sound in XP

guestolo

no sound in XP