# Unintentional shutdowns and slowing down of pc



## lahhlahh (Feb 16, 2008)

The problem started recently and is pretty annoying. It shutdowns mostly upon start up and upon access of online games and internet browsers. I'm currently on safemode since I've tried sending it twice awhile ago, but when I pressed the "submit" button below it restarts, It happened twice so I decided to go on safemode where the problem doesn't occur.

My HJT log: 
Logfile of HijackThis v1.99.1
Scan saved at 2:00:55 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: NTKit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra 'Tools' menuitem: Network Tools Kit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

Thanks in advance!


----------



## JSntgRvr (Jul 1, 2003)

hI, *lahhlahh * 

Welcome.

Please *download* the *OTMoveIt2 by OldTimer*.

 *Save* it to your *desktop*.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. *

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)

*Now *close all windows and browsers, other than HiJackThis*, then click Fix Checked.

Close Hijackthis.

 Please double-click *OTMoveIt2.exe* to run it. (Vista users, please right click on *OTMoveit2.exe* and select "Run as an *Administrator*")
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):



> *C:\WINDOWS\system32\kxvo.exe*



 Return to OTMoveIt2, right click in the *"Paste List of Files/Folders to be Moved"* window (under the light blue bar) and choose *Paste*.
Click the red *Moveit!* button.
A log of files and folders moved will be created in the *c:\_OTMoveIt\MovedFiles* folder in the form of Date and Time (*mmddyyyy_hhmmss.log*). Please open this log in Notepad and post its contents in your next reply along with a Hijackthis log.
Close *OTMoveIt2*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*








Download *Deckard's System Scanner (DSS)* from *here* or *here* to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on *dss.exe *to run it, and follow the prompts.
When the scan is complete, two text files will open - *main.txt *<- this one will be maximized and *extra.txt *<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the *main.txt* and the *extra.txt* in your next reply.
If the files are too long, attach them to a reply:

Scroll down and click the [*Manage Attachments*] button
Browse to the following folder:
*C:\Deckard\System Scanner*

Click *Upload* to upload these files one by one
*Submit *your reply


----------



## lahhlahh (Feb 16, 2008)

Do I do this in safemode or not?


----------



## lahhlahh (Feb 16, 2008)

File/Folder not found.
File/Folder C:\WINDOWS\system32\kxvo.exe not found.

OTMoveIt2 v1.0.20 log created on 02172008_005912

=========================================================

Logfile of HijackThis v1.99.1
Scan saved at 1:04:12 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo

.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo

.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo

.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} -

C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital

Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher]

c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky

Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1

\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates

from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program

Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: NTKit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} -

C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra 'Tools' menuitem: Network Tools Kit - {10954C80-4F0F-11d3-

B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-

9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 6.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-

8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-

00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-

070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

C:\Program Files\Common Files\Microsoft Shared\Encarta Search

Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-

462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-

Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-

B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-

Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-

0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-

B5C9-0050045C3C96} - C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}

- C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -

C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945}

- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner -

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

-r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file

missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner

- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file

missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file

missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050

\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown

owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file

missing)

=========================================================

Main:

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-02-17 01:05:37
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.

-- Last 5 Restore Point(s) --
50: 2008-02-15 05:32:50 UTC - RP163 - Software Distribution Service 3.0
49: 2008-02-14 15:30:11 UTC - RP162 - Removed MaaTec Network Analyzer
48: 2008-02-14 15:22:20 UTC - RP161 - Removed NetInfo
47: 2008-02-14 15:21:31 UTC - RP160 - Removed MaaTec Network Analyzer
46: 2008-02-14 15:15:16 UTC - RP159 - Removed MaaTec Network Analyzer

-- First Restore Point -- 
1: 2007-11-18 11:07:30 UTC - RP114 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:08:38 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\HJT\NEWFOL~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: NTKit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra 'Tools' menuitem: Network Tools Kit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

-- HijackThis Fixed Entries (C:\HJT\NEWFOL~1\backups\) -------------------------

backup-20080215-013054-787 O4 - HKCU\..\Run: [NetWorx] K:\bg.o nga tools\NetWorx\networx.exe
backup-20080215-013157-869 O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
backup-20080217-005808-355 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20080217-005808-385 O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
backup-20080217-005808-605 O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
backup-20080217-005808-688 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080217-005808-898 O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SPFDRV - c:\windows\system32\drivers\spfdrv.sys <Not Verified; SoftPerfect Research; NDIS packet redirector driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 WPRO_40_1040 (WinPcap Packet Driver (WPRO_40_1040)) - c:\windows\system32\drivers\wpro_40_1040.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccevtmgr.exe" (file missing)
S2 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsetmgr.exe" (file missing)
S2 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)
S3 ccPwdSvc (Symantec Password Validation) - "c:\program files\common files\symantec shared\ccpwdsvc.exe" (file missing)
S4 bwmservice (SoftPerfect Bandwidth Manager) - k:\bg.o nga tools\softperfect bandwidth manager\bwmsvc.exe (file missing)
S4 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - k:\tools\ipcheck server monitor 5\firebird\bin\fbguard.exe -s (file missing)
S4 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - k:\tools\ipcheck server monitor 5\firebird\bin\fbserver.exe -s (file missing)
S4 IPCProbeService (IPCheck Server Monitor Local/Remote Probe Module) - k:\tools\ipcheck server monitor 5\ipcheckprobe.exe (file missing)
S4 IPCServerService (IPCheck Server Monitor Webserver Module) - k:\tools\ipcheck server monitor 5\ipcheckserver.exe (file missing)
S4 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S4 PRTGService (PRTG Service) - c:\program files\prtg traffic grapher\prtg traffic grapher.exe (file missing)
S4 prtgwatchservice (PRTG Watchdog) - c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe (file missing)
S4 salive (Servers Alive) - k:\comsci~3\serversalive.exe (file missing)
S4 SymWSC (SymWMI Service) - "c:\program files\common files\symantec shared\security center\symwsc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

-- Scheduled Tasks -------------------------------------------------------------

2008-02-16 15:41:59 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2008-01-17 and 2008-02-17 -----------------------------

2008-02-16 02:16:57 0 d-------- C:\WINDOWS\help
2008-02-15 16:59:27 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-15 16:38:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\PrintHood
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\NetHood
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-15 16:38:05 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-15 16:38:04 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-14 22:54:39 143078 -r-hs---- C:\hbq.exe
2008-02-14 16:40:42 19584 --a------ C:\WINDOWS\system32\drivers\spfdrv.sys <Not Verified; SoftPerfect Research; NDIS packet redirector driver>
2008-02-14 16:05:29 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\MaaTec
2008-02-14 15:45:46 393216 --a------ C:\WINDOWS\system32\GDS32.DLL <Not Verified; FirebirdSQL Project; Firebird SQL Server>
2008-02-14 15:22:45 217088 --a------ C:\WINDOWS\system32\wsmibex.dll <Not Verified; bvba Woodstone; wsMIBEx Module>
2008-02-14 15:22:45 286720 --a------ C:\WINDOWS\system32\wsmib.dll <Not Verified; ; wsMIB Module>
2008-02-14 15:22:45 223232 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-14 15:22:45 1564672 --a------ C:\WINDOWS\system32\Exgrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-02-14 15:22:45 315392 --a------ C:\WINDOWS\system32\ExCalendar.dll <Not Verified; Exontrol Inc.; ExCalendar Module>
2008-02-14 15:22:22 73728 --a------ C:\WINDOWS\system32\AduHid.dll <Not Verified; Ontrak Control Systems Incorporated; AduHid Dynamic Link Library>
2008-02-14 15:22:22 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-02-14 15:22:18 81920 --a------ C:\WINDOWS\system32\tccradcom.dll <Not Verified; ; TCCRadCOM Module>
2008-02-14 15:22:15 454656 --a------ C:\WINDOWS\system32\PSWinCom.dll <Not Verified; ProduktivData; PSWinCom Module>
2008-02-14 15:22:15 1044480 --a------ C:\WINDOWS\system32\ExTree.dll <Not Verified; Exontrol Inc.; ExTree Module>
2008-02-14 15:22:15 172032 --a------ C:\WINDOWS\system32\exprint.dll <Not Verified; Exontrol Inc.; ExPrint Module>
2008-02-14 15:22:13 76800 --a------ C:\WINDOWS\system32\acrypt32.dll <Not Verified; littleBIGSoftware; addCRYPT Encryption & Hash Components>
2008-02-14 15:22:02 40960 --a------ C:\WINDOWS\system32\ARINIMgr.dll <Not Verified; Alvaro Redondo; AR INI Manager Library v2>
2008-02-14 15:21:47 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-02-13 21:25:30 146 --a------ C:\WINDOWS\DelMR.bat
2008-02-12 13:03:40 100538 -r-hs---- C:\vyp2tbt.exe
2008-02-09 16:40:16 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\iNetCalc
2008-02-09 16:36:18 185 --a------ C:\WINDOWS\system32\msblcd32.dll
2008-02-09 16:35:44 51200 -r-hs---- C:\WINDOWS\system32\fool0.dll
2008-02-09 16:28:47 51200 -r-hs---- C:\WINDOWS\system32\fool1.dll
2008-02-09 16:09:37 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Rokario
2008-02-09 15:53:17 724992 --a------ C:\WINDOWS\iun6002.exe


----------



## lahhlahh (Feb 16, 2008)

2008-02-09 15:53:17 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-09 13:49:01 0 d-------- C:\WINDOWS\system32\YingInstall
2008-02-09 13:49:00 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-02-08 13:09:43 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-04 19:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-04 19:01:14 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

-- Find3M Report ---------------------------------------------------------------

2008-02-14 23:14:19 0 d-------- C:\Program Files\Common Files
2008-02-14 17:00:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-13 21:25:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Teleca
2008-02-13 21:25:33 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-13 20:41:07 0 d-------- C:\Program Files\Warcraft III
2008-02-12 18:24:16 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-02-11 22:08:47 0 d-------- C:\Program Files\Messenger
2008-02-11 22:08:43 0 d-------- C:\Program Files\DivX
2008-02-09 10:06:39 0 d-------- C:\Program Files\RF Online
2008-02-08 13:50:40 0 d-------- C:\Program Files\AMPED
2008-02-04 19:08:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-15 11:02:54 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-01-13 01:25:03 0 d-------- C:\Program Files\Hi-Net Software
2008-01-06 13:41:50 0 d-------- C:\Program Files\Mobius
2007-12-18 22:54:47 0 d-------- C:\Program Files\Dofus
2007-12-18 22:49:55 0 d-------- C:\Program Files\Ankama Games
2007-12-18 19:13:03 3790336 --a------ C:\Dofus_INSTALLER_windows.exe <Not Verified; Ankama Games; Dofus>
2007-12-14 17:35:26 281088 --a------ C:\WINDOWS\system32\dbexpmda.dll <Not Verified; Core Lab; DbxMda>
2007-12-12 18:24:06 353280 --a------ C:\WINDOWS\system32\dbexpoda.dll <Not Verified; Core Lab; DbxOda>
2007-12-12 17:33:26 276992 --a------ C:\WINDOWS\system32\dbexpsda.dll <Not Verified; Core Lab; DbxSda>
2007-11-26 19:17:11 2508 --a------ C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/14/2005 09:05 PM]
"SoundMan"="SOUNDMAN.EXE" [05/04/2005 02:43 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [05/04/2005 06:01 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [05/04/2005 02:43 AM C:\WINDOWS\ALCMTR.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 07:35 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/03/2005 12:44 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 11:17 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/11/2005 01:50 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/11/2005 11:12 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [02/16/2007 04:11 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/07/2007 02:08 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [11/7/2005 5:12:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"=ishost.exe
"issearch.exe"=issearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva]
C:\WINDOWS\system32\kxvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTestPro]
"C:\Program Files\SpeedTestPro\SpeedTestPro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"salive"=3 (0x3)
"rpcapd"=3 (0x3)
"prtgwatchservice"=2 (0x2)
"PRTGService"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPodService"=3 (0x3)
"IPCServerService"=2 (0x2)
"IPCProbeService"=2 (0x2)
"ImapiService"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"bwmservice"=2 (0x2)
"Pml Driver HPZ12"=0 (0x0)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- C:\hbq.exe
explore\Command- C:\hbq.exe
open\Command- C:\hbq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\hbq.exe
explore\Command- D:\hbq.exe
open\Command- D:\hbq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1226e388-c0c7-11db-8290-0015f21ce203}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e89f13c-dad9-11dc-9f53-0015f21ce203}]
AutoRun\command- K:\hbq.exe
explore\Command- K:\hbq.exe
open\Command- K:\hbq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f898045-dad5-11dc-9f52-0015f21ce203}]
AutoRun\command- K:\hbq.exe
explore\Command- K:\hbq.exe
open\Command- K:\hbq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9d50154-d5db-11dc-9f48-0015f21ce203}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca758b94-f741-11da-81af-0015f21ce203}]
AutoRun\command- K:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca758b95-f741-11da-81af-0015f21ce203}]
AutoRun\command- L:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca758b96-f741-11da-81af-0015f21ce203}]
AutoRun\command- M:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e08fe4-0754-11db-81ca-0015f21ce203}]
AutoRun\command- N:\arun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e08fec-0754-11db-81ca-0015f21ce203}]
AutoRun\command- O:\arun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d991eab3-d6e6-11dc-9f49-0015f21ce203}]
AutoRun\command- K:\evkq381.com
explore\Command- K:\evkq381.com
open\Command- K:\evkq381.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecbcc3d9-dd2c-11db-8298-0015f21ce203}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fcf94a-9a5f-11db-8279-0015f21ce203}]
1\Command- K:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- K:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe


----------



## lahhlahh (Feb 16, 2008)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fcf94b-9a5f-11db-8279-0015f21ce203}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

-- End of Deckard's System Scanner: finished at 2008-02-17 01:09:15 ------------

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1279.3 MiB / 935.54 MiB
Pagefile Memory (total/avail): 1518.28 MiB / 1372.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.03 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 84.18 GiB free. 
D: is Fixed (FAT32) - 6.96 GiB total, 1.11 GiB free. 
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
FW: Kaspersky Internet Security v6.0.2.666 (Kaspersky Lab)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated
AV: Kaspersky Internet Security v6.0.2.666 (Kaspersky Lab) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe"="C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe:*:Enabledofus Client"
"C:\\Program Files\\AMPED\\WarRock\\System\\WarRock.exe"="C:\\Program Files\\AMPED\\WarRock\\System\\WarRock.exe:*:Enabled:WarRock"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Ankama Games\\Dofus\\.install4j\\Dofus\\Dofus.exe"="C:\\Program Files\\Ankama Games\\Dofus\\.install4j\\Dofus\\Dofus.exe:*:Enabledofus Client"
"C:\\Program Files\\Dofus\\Dofus.exe"="C:\\Program Files\\Dofus\\Dofus.exe:*:Enabledofus Client"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\RF Online\\RF.exe"="C:\\Program Files\\RF Online\\RF.exe:*:Enabled:RFLauncher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\iNetCalc\\iNetCalc.exe"="C:\\Program Files\\iNetCalc\\iNetCalc.exe:LocalSubNetisabled:iNetCalc"
"C:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\IKernel.exe"="C:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\IKernel.exe:*isabled:InstallShield (R) Setup Engine"
"K:\\tools\\IPCheck Server Monitor 5\\IPCheckServer.exe"="K:\\tools\\IPCheck Server Monitor 5\\IPCheckServer.exe:*isabled:IPCheck_Server_Monitor_Webserver"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*isabled:iTunes"
"K:\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"="K:\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe:*isabledRTG Traffic Grapher"
"C:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"="C:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe:*isabledRTG_Traffic_Grapher_Webserver"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAH
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\LAH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Adobe\AGL;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=LAH
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Owner _(admin)_
Administrator _(new local, admin)_

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems PCI Soft Modem --> agrsmdel
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Black & White® 2 Battle of the Gods --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10631C28-62E5-477C-9B40-40C5EA8219BE}\setup.exe" -l0x9 -removeonly
ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
DarkRO --> C:\Program Files\Gravity\RO\UnInstall_28796.exe
Dofus 1.21.0 --> C:\Program Files\Dofus\uninstall.exe
GG E-Sports Platform --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Hamachi 0.9.9.9 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe /uninstall
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.9 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50} 
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Kaspersky Internet Security 6.0 --> MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
Kaspersky Internet Security 6.0 --> MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MaaTec Network Analyzer --> MsiExec.exe /I{01010013-0001-2007-1127-4D6161546563}
MagicDisc 2.5.52 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
ManageEngine NetFlow Analyzer 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DA4493A-480C-4554-A02C-4B542D33A1D9}\Setup.exe" 
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Encarta Encyclopedia Standard 2005 --> MsiExec.exe /I{055A0044-64A6-4248-A026-9745C1E9E159}
Microsoft Money --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9 
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
OpenOffice.org 2.1 --> MsiExec.exe /I{65D36658-B897-4119-814E-60C7D7907B5E}
PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033 
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RF Online --> "C:\WINDOWS\RF Online\uninstall.exe" "/U:C:\Program Files\RF Online\Uninstall\uninstall.xml"
RF Online --> "C:\WINDOWS\RF Online\uninstall.exe" "/U:C:\Program Files\RF Online\Uninstall\uninstall.xml"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SimCity 4 --> C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WarRock --> MsiExec.exe /I{A40FBD4C-BDF3-49BC-A231-36686D3D766C}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type10817 / Error
Event Submitted/Written: 02/16/2008 07:54:23 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

This service is not authorized to start.

Event Record #/Type10816 / Error
Event Submitted/Written: 02/16/2008 03:31:30 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

This service is not authorized to start.

Event Record #/Type10814 / Error
Event Submitted/Written: 02/16/2008 02:11:43 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

This service is not authorized to start.

Event Record #/Type10812 / Error
Event Submitted/Written: 02/16/2008 01:55:46 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

This service is not authorized to start.

Event Record #/Type10811 / Error
Event Submitted/Written: 02/16/2008 01:48:23 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

This service is not authorized to start.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type24480 / Error
Event Submitted/Written: 02/16/2008 07:58:12 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load: 
Fips
intelppm
kl1
klif
SYMTDI

Event Record #/Type24479 / Error
Event Submitted/Written: 02/16/2008 07:57:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type24463 / Error
Event Submitted/Written: 02/16/2008 07:55:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error: 
%%1053

Event Record #/Type24462 / Error
Event Submitted/Written: 02/16/2008 07:55:31 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.

Event Record #/Type24445 / Error
Event Submitted/Written: 02/16/2008 03:32:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error: 
%%1053

-- End of Deckard's System Scanner: finished at 2008-02-17 01:09:15 ------------


----------



## JSntgRvr (Jul 1, 2003)

Hi, *lahhlahh* 

 Please insert your flash (pen) drives if any.
 Please double-click *OTMoveIt2.exe* to run it. (Vista users, please right click on *OTMoveit2.exe* and select "Run as an *Administrator*")
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
[b]C:\hbq.exe
C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\fool1.dll
C:\vyp2tbt.exe
D:\hbq.exe
C:\WINDOWS\system32\RavMonE.exe
K:\hbq.exe
K:\suppress_explorer.exe
L:\suppress_explorer.exe
M:\suppress_explorer.exe
O:\arun.exe
N:\arun.exe
C:\WINDOWS\system32\Knight.exe
K:\.\RECYCLER\RECYCLER\autorun.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe[/b]
```

 Return to OTMoveIt2, right click in the *"Paste List of Files/Folders to be Moved"* window (under the light blue bar) and choose *Paste*.

*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
[b]HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\ishost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\issearch.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\AutoRun
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\explore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\open
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\AutoRun
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\explore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\open
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1226e388-c0c7-11db-8290-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e89f13c-dad9-11dc-9f53-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f898045-dad5-11dc-9f52-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9d50154-d5db-11dc-9f48-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca758b94-f741-11da-81af-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca758b95-f741-11da-81af-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca758b96-f741-11da-81af-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e08fe4-0754-11db-81ca-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e08fec-0754-11db-81ca-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d991eab3-d6e6-11dc-9f49-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecbcc3d9-dd2c-11db-8298-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fcf94a-9a5f-11db-8279-0015f21ce203}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fcf94b-9a5f-11db-8279-0015f21ce203}
[/b]
```

 Return to OTMoveIt2, right click in the *"Paste List Of Files/Patterns To Search For and Move"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button.
A log of files and folders moved will be created in the *c:\_OTMoveIt\MovedFiles* folder in the form of Date and Time (*mmddyyyy_hhmmss.log*). Please open this log in Notepad and post its contents in your next reply along with a Hijackthis log.
Close *OTMoveIt2*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*
*
Please run DDS once again to confirm these changes* and post its report.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*


----------



## lahhlahh (Feb 16, 2008)

[Custom Input]
< C:\WINDOWS\system32\kxvo.exe >
File/Folder C:\WINDOWS\system32\kxvo.exe not found.

OTMoveIt2 v1.0.20 log created on 02172008_102139

==================================================================
C:\hbq.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\fool0.dll NOT unregistered.
C:\WINDOWS\system32\fool0.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fool1.dll
C:\WINDOWS\system32\fool1.dll NOT unregistered.
C:\WINDOWS\system32\fool1.dll moved successfully.
C:\vyp2tbt.exe moved successfully.
D:\hbq.exe moved successfully.
File/Folder C:\WINDOWS\system32\RavMonE.exe not found.
File/Folder K:\hbq.exe not found.
File/Folder K:\suppress_explorer.exe not found.
File/Folder L:\suppress_explorer.exe not found.
File/Folder M:\suppress_explorer.exe not found.
File/Folder O:\arun.exe not found.
File/Folder N:\arun.exe not found.
File/Folder C:\WINDOWS\system32\Knight.exe not found.
File/Folder K:\.\RECYCLER\RECYCLER\autorun.exe not found.
File/Folder C:\WINDOWS\system32\ishost.exe not found.
File/Folder C:\WINDOWS\system32\issearch.exe not found.

OTMoveIt2 v1.0.20 log created on 02172008_102223
==================================================================

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-02-17 10:35:47
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:35:49 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\HJT\NEWFOL~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: NTKit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra 'Tools' menuitem: Network Tools Kit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

-- Files created between 2008-01-17 and 2008-02-17 -----------------------------

2008-02-17 10:23:57 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-02-17 10:23:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-17 10:23:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-16 02:16:57 0 d-------- C:\WINDOWS\help
2008-02-15 16:59:27 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-15 16:38:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-15 16:38:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\PrintHood
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\NetHood
2008-02-15 16:38:05 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-15 16:38:05 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-15 16:38:04 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-14 16:40:42 19584 --a------ C:\WINDOWS\system32\drivers\spfdrv.sys <Not Verified; SoftPerfect Research; NDIS packet redirector driver>
2008-02-14 16:05:29 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\MaaTec
2008-02-14 15:45:46 393216 --a------ C:\WINDOWS\system32\GDS32.DLL <Not Verified; FirebirdSQL Project; Firebird SQL Server>
2008-02-14 15:22:45 217088 --a------ C:\WINDOWS\system32\wsmibex.dll <Not Verified; bvba Woodstone; wsMIBEx Module>
2008-02-14 15:22:45 286720 --a------ C:\WINDOWS\system32\wsmib.dll <Not Verified; ; wsMIB Module>
2008-02-14 15:22:45 223232 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-14 15:22:45 1564672 --a------ C:\WINDOWS\system32\Exgrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-02-14 15:22:45 315392 --a------ C:\WINDOWS\system32\ExCalendar.dll <Not Verified; Exontrol Inc.; ExCalendar Module>
2008-02-14 15:22:22 73728 --a------ C:\WINDOWS\system32\AduHid.dll <Not Verified; Ontrak Control Systems Incorporated; AduHid Dynamic Link Library>
2008-02-14 15:22:22 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-02-14 15:22:18 81920 --a------ C:\WINDOWS\system32\tccradcom.dll <Not Verified; ; TCCRadCOM Module>
2008-02-14 15:22:15 454656 --a------ C:\WINDOWS\system32\PSWinCom.dll <Not Verified; ProduktivData; PSWinCom Module>
2008-02-14 15:22:15 1044480 --a------ C:\WINDOWS\system32\ExTree.dll <Not Verified; Exontrol Inc.; ExTree Module>
2008-02-14 15:22:15 172032 --a------ C:\WINDOWS\system32\exprint.dll <Not Verified; Exontrol Inc.; ExPrint Module>
2008-02-14 15:22:13 76800 --a------ C:\WINDOWS\system32\acrypt32.dll <Not Verified; littleBIGSoftware; addCRYPT Encryption & Hash Components>
2008-02-14 15:22:02 40960 --a------ C:\WINDOWS\system32\ARINIMgr.dll <Not Verified; Alvaro Redondo; AR INI Manager Library v2>
2008-02-14 15:21:47 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-02-13 21:25:30 146 --a------ C:\WINDOWS\DelMR.bat
2008-02-09 16:40:16 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\iNetCalc
2008-02-09 16:36:18 185 --a------ C:\WINDOWS\system32\msblcd32.dll
2008-02-09 16:09:37 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Rokario
2008-02-09 15:53:17 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-09 13:49:01 0 d-------- C:\WINDOWS\system32\YingInstall
2008-02-09 13:49:00 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-02-08 13:09:43 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-04 19:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-04 19:01:14 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

-- Find3M Report ---------------------------------------------------------------

2008-02-17 10:27:27 0 d-------- C:\Program Files\Common Files
2008-02-14 17:00:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-13 21:25:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Teleca
2008-02-13 21:25:33 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-13 20:41:07 0 d-------- C:\Program Files\Warcraft III
2008-02-12 18:24:16 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-02-11 22:08:47 0 d-------- C:\Program Files\Messenger
2008-02-11 22:08:43 0 d-------- C:\Program Files\DivX
2008-02-09 10:06:39 0 d-------- C:\Program Files\RF Online
2008-02-08 13:50:40 0 d-------- C:\Program Files\AMPED
2008-02-04 19:08:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-15 11:02:54 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-01-13 01:25:03 0 d-------- C:\Program Files\Hi-Net Software
2008-01-06 13:41:50 0 d-------- C:\Program Files\Mobius
2007-12-18 22:54:47 0 d-------- C:\Program Files\Dofus
2007-12-18 22:49:55 0 d-------- C:\Program Files\Ankama Games
2007-12-18 19:13:03 3790336 --a------ C:\Dofus_INSTALLER_windows.exe <Not Verified; Ankama Games; Dofus>
2007-12-14 17:35:26 281088 --a------ C:\WINDOWS\system32\dbexpmda.dll <Not Verified; Core Lab; DbxMda>
2007-12-12 18:24:06 353280 --a------ C:\WINDOWS\system32\dbexpoda.dll <Not Verified; Core Lab; DbxOda>
2007-12-12 17:33:26 276992 --a------ C:\WINDOWS\system32\dbexpsda.dll <Not Verified; Core Lab; DbxSda>
2007-11-26 19:17:11 2508 --a------ C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/14/2005 09:05 PM]
"SoundMan"="SOUNDMAN.EXE" [05/04/2005 02:43 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [05/04/2005 06:01 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [05/04/2005 02:43 AM C:\WINDOWS\ALCMTR.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/02/2005 07:35 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/03/2005 12:44 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 11:17 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/11/2005 01:50 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/11/2005 11:12 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [02/16/2007 04:11 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/07/2007 02:08 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [11/7/2005 5:12:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTestPro]
"C:\Program Files\SpeedTestPro\SpeedTestPro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"salive"=3 (0x3)
"rpcapd"=3 (0x3)
"prtgwatchservice"=2 (0x2)
"PRTGService"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPodService"=3 (0x3)
"IPCServerService"=2 (0x2)
"IPCProbeService"=2 (0x2)
"ImapiService"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"bwmservice"=2 (0x2)
"Pml Driver HPZ12"=0 (0x0)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- hbq.exe
explore\Command- hbq.exe
open\Command- hbq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- hbq.exe
explore\Command- hbq.exe
open\Command- hbq.exe

*Newly Created Service* - ADOBE_LM_SERVICE

-- End of Deckard's System Scanner: finished at 2008-02-17 10:36:06 ------------


----------



## lahhlahh (Feb 16, 2008)

Logfile of HijackThis v1.99.1
Scan saved at 10:35:49 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\HJT\NEWFOL~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: NTKit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra 'Tools' menuitem: Network Tools Kit - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\ntkit\ntkit.exe (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

==================================================================
Malwarebytes' Anti-Malware 1.03
Database version: 367

Scan type: Quick Scan
Objects scanned: 24115
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ieso0.dll (Worm.OnlineG) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.


----------



## lahhlahh (Feb 16, 2008)

Btw, my c and d drives can't be opened anymore. I had to use folders to get through the other files. Anyway you can help me fix this problem to? It was fixed before we started to try to fix this mess. Thanks!


----------



## JSntgRvr (Jul 1, 2003)

Please download the enclosed folder. Save and extract its contents to the desktop. It is a batch file to query the registry. Once extracted double click on the batch file and post its report.

Download *WinPFind3U.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *WinPFind3u* on your desktop.

Open the *WinPFind3u* folder and double-click on WinPFind3U.exe to start the program.
In the *Processes* group click *Non Microsoft *
In the *Win32 Services * group click *Non Microsoft*
In the *Driver Services * group click *Non Microsoft*
In the *Registry* group click *Non Microsoft *
In the *Files Created Within *group click *60 days *Make sure *Non-Microsoft only is UNCHECKED*
In the Files *Modified Within *group select *30 days *Make sure *Non-Microsoft only is UNCHECKED*
In the *File String Search *group select *Non Microsoft *
In the *Additional scans* sections please press select *All* and *uncheck* non-microsoft only

Now click the *Run Scan *button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the *Reply* button and attach the notepad file here *(Do not copy and paste in a reply, rather attach it to it).*


----------



## lahhlahh (Feb 16, 2008)

Done! my drives C and D have problems.


----------



## JSntgRvr (Jul 1, 2003)

On post #11, I asked you to run a batch file to query the registry. Please post its report. There is an Autorun.inf file in the root directory.


*1 - Flash Drive Disinfector*
Download *Flash_Disinfector.exe by sUBs* from *>here<* and save it to your desktop.
 Double-click *Flash_Disinfector.exe* to run it and follow any prompts that may appear.
 The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
 Wait until it has finished scanning and then exit the program.
 Reboot your computer when done.
*Note*: _Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection._


----------



## lahhlahh (Feb 16, 2008)

I'm getting the error "Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" When I try to run the batch file. As for my flash drive I kinda misplaced it.


----------



## JSntgRvr (Jul 1, 2003)

Try the Flash Drive Disinfector program anyway.


----------



## lahhlahh (Feb 16, 2008)

I've tried but when I log on normal mode(I'm doing this in safe mode due to frequent restarts on normal mode) I still get restarted after startup. My drives C and D can't be opened still


----------



## lahhlahh (Feb 16, 2008)

I've done rebooting on normal mode(I'm running on safemode right now) but I keep restarting. So the problem is still rpobably there. My drives C and D are still broken. I can't open them except through folders


----------



## JSntgRvr (Jul 1, 2003)

lahhlahh said:


> I've done rebooting on normal mode(I'm running on safemode right now) but I keep restarting. So the problem is still rpobably there. My drives C and D are still broken. I can't open them except through folders


Download the enclosed folder. Save and extract its contents to the desktop. It contain two registry entries filesand a batch file, *DelAutoruns.bat*. Once extracted double click on the batch file. the MSDOS window will flash for a second. That is normal. This can be done in Safe Mode. Restart the computer afterward.

Let me know how it goes.

BTW:

Is this a Laptop of a Desktop?


----------

