Help, I've been hi-jacked

j24jacobs · July 2008

Hi, I'm Larry and new to this... I have been infected with something that has taken control of my computer. I have run spy-bot and ad-aware and searched for updates for both. I ran Hijackthis but when I try to "analizethis" I get a error message that hijackthis has encountered an error and must close. I have attached the log. I am somewhat of an ameture, so please keep it simple. Thank you in advance for any help you can provide. Please be patient with me as I type slowly and have to pause often to close pop-ups.
Lar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:52 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\My Documents\PrintKey20.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [c83fcbd8] rundll32.exe "C:\WINDOWS\system32\elukwqkm.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37570.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: AlrtStat - {be27dc86-6512-4a4e-a513-56bd74efc705} - C:\WINDOWS\Resources\AlrtStat.dll (file missing)
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - C:\WINDOWS\system32\ezzhjmt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 9964 bytes

Katana · July 2008

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

j24jacobs · July 2008

Listed below are the registry results. I was prompted to restart the computer. I pasted the results without restarting.

I then followed your instructions with Hijackthis. When I clicked the "save list..." button the window closed. I tried it a second time with the same results. I will now restart my computer to complete the removal process from mbam. I will send another reply if it works after restart. If there is no other reply from me, it didn't work.

As far as the time it took to respond to my request... Please know how greatful I am that you are here to help people like me. I am soooooo greatful!!! Thank you, thank you, thank you.

Malwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 2
6:15:05 PM 7/16/2008
mbam-log-7-16-2008 (18-15-05).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132914
Time elapsed: 35 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 18
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 56
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ddcYqnLb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tlhlpuau.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\uhfvddsw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\klkobbof.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ibuooh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fcccyYPG.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94cad25a-b890-4b81-89a3-ed76d354fd44} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{94cad25a-b890-4b81-89a3-ed76d354fd44} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{661e42e2-e557-4612-8834-aa24d9ca659d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{661e42e2-e557-4612-8834-aa24d9ca659d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e31f5c72-8e0d-4921-8375-9573746c170c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e38bd7e-2a68-4507-9ac1-7c4c58202a80} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcao6j0ev45 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc9o6j0ev45 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\shcao6j0ev45 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcccyypg (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c83fcbd8 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e31f5c72-8e0d-4921-8375-9573746c170c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcyqnlb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcyqnlb -> Delete on reboot.
Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\ddcYqnLb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bLnqYcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bLnqYcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctbfpfdp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdfpfbtc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlhlpuau.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uauplhlt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhfvddsw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wsddvfhu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klkobbof.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ibuooh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GZLFAMVP\scan[1].exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\PSRAVV9V\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\RQG7BPCT\kb767887[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y5T3OW0E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-504832412-3993091450-3851245412-1008\Dc293.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP301\A0037492.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP305\A0037737.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP309\A0037804.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axdldawv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceanoasg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flaclk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njnwkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ouwvcshr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlzgbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tatycn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upifoybo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\shcao6j0ev45.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\shcao6j0ev45\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcccyYPG.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

j24jacobs · July 2008

Hi again Katana. After restart I was able to complete your Hijackthis instructions, they are listed below. I was also able to turn on my "automatic updates". Yeah, we are making progress!!

I won't do anything else until I hear from you.

Thanks again

Lar

j24jacobs · July 2008

Oops! I forgot something...

5 Card Slingo from HP Media Center (remove only)
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
Chuzzle Deluxe from HP Media Center (remove only)
Crystal Maze from HP Media Center (remove only)
Data Fax SoftModem with SmartCP
Desktop Doctor
Easy Internet Sign-up
EasyChange Powered by TrueSwitch
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
EPSON Scan
FATE from HP Media Center (remove only)
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918766)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
Insaniquarium Deluxe from HP Media Center (remove only)
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.2)
MSN
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
OpenOffice.org Installer 1.0
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Skype 3.2
Skype Plugin Manager
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
Super Granny from HP Media Center (remove only)
TimeLeft
Tradewinds from HP Media Center (remove only)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB953356)
Updates from HP (remove only)
ViewSonic Monitor Drivers
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
XoftSpySE
Zuma Deluxe from HP Media Center (remove only)

Katana · July 2008

Looking good

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

Adobe Acrobat 4.0 << Unless you have a specific reason for keeping this I recommend you remove it
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2[/b]
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 5

Now close the Control Panel.

The following program/s are regarded as either "Rogue", being bundled with "Adware" or having dubious reputations

XoftSpy << Used to be listed as Rogue

I recommend that you remove Via Add/Remove Programs

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary and let the database download.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

A Fresh HJT Log
Kaspersky Log
How are things running now ?

j24jacobs · July 2008

Things are much better, My speed is back to normal and everything seems to be working fine. I still won't access my bank account or anything sensitive until you tell me it is safe. Here is my HJT...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:19 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37570.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: AlrtStat - {be27dc86-6512-4a4e-a513-56bd74efc705} - C:\WINDOWS\Resources\AlrtStat.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 10436 bytes

And here is the Kaspersky results...

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 18, 2008 04:40:30
Records in database: 967237

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 97772
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:42:57

File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\favicon[3].ico Infected: Trojan.Win32.Monderb.gen 1
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YDH2FQXW\setup[2].htm Infected: Trojan-Downloader.JS.Psyme.aaw 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1
C:\RECYCLER\S-1-5-21-504832412-3993091450-3851245412-1008\Dc288.dll Infected: Trojan.Win32.Monderb.gen 1
C:\RECYCLER\S-1-5-21-504832412-3993091450-3851245412-1008\Dc289.dll Infected: Trojan.Win32.Monderb.gen 1
C:\RECYCLER\S-1-5-21-504832412-3993091450-3851245412-1008\Dc294.dll Infected: Trojan.Win32.Monderb.gen 1
The selected area was scanned.

I am anxiously awaiting your next instruction ol' great and mighty one...

Thanks

Lar

Katana · July 2008

j24jacobs wrote:

I am anxiously awaiting your next instruction ol' great and mighty one...

Ohhh errr .... I could get used to that sort of flattery (LMAO)

You will be glad to know that we are nearly done

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O21 - SSODL: AlrtStat - {be27dc86-6512-4a4e-a513-56bd74efc705} - C:\WINDOWS\Resources\AlrtStat.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

ATF Cleaner by Atribune

Please Download ATF Cleaner
Double click ATF.exe
Put a check mark next to the items with an X
- Windows Temp X
  Current User Temp X
  All Users Temp X
  Cookies
  Temporary Internet Files X
  History
  Prefetch X
  Java Cache X
  Recycle Bin X
  Select All
Now click Empty Selected then Exit

Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

j24jacobs · July 2008

Hi Katana,
This

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-19 18:26:28
Computer is in Normal Mode.

-- System Restore

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
17: 2008-07-20 01:26:33 UTC - RP316 - Deckard's System Scanner Restore Point
16: 2008-07-19 02:46:33 UTC - RP315 - Windows Defender Checkpoint
15: 2008-07-18 01:18:29 UTC - RP314 - Removed Java(TM) 6 Update 5
14: 2008-07-18 01:17:39 UTC - RP313 - Removed J2SE Runtime Environment 5.0 Update 5
13: 2008-07-18 01:12:46 UTC - RP312 - Installed Adobe Reader 9.

-- First Restore Point --
1: 2008-07-10 04:25:38 UTC - RP300 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as HP_Administrator.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:39 PM, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\Documents and Settings\HP_Administrator\My Documents\PrintKey20.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37570.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 10143 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\)

backup-20080710-210649-383 O4 - HKLM\..\Run: [lphcco6j0ev45] C:\WINDOWS\system32\lphcco6j0ev45.exe
backup-20080712-124848-658 O4 - HKLM\..\Run: [SMshcao6j0ev45] C:\Program Files\shcao6j0ev45\shcao6j0ev45.exe
backup-20080712-124848-803 O4 - HKLM\..\Run: [SMrhc9o6j0ev45] C:\Program Files\rhc9o6j0ev45\rhc9o6j0ev45.exe
backup-20080719-181816-103 O21 - SSODL: AlrtStat - {be27dc86-6512-4a4e-a513-56bd74efc705} - C:\WINDOWS\Resources\AlrtStat.dll (file missing)
backup-20080719-181816-323 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
backup-20080719-181816-344 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
-- File Associations

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled

No disabled devices found.

-- Scheduled Tasks

2008-07-19 18:25:42 330 --ah

C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-05 16:01:14 362 --a

C:\WINDOWS\Tasks\McDefragTask.job
2008-01-05 16:01:13 354 --a

C:\WINDOWS\Tasks\McQcTask.job

-- Files created between 2008-06-19 and 2008-07-19

2008-07-17 18:13:45 0 d

C:\Program Files\Common Files\Adobe AIR
2008-07-17 18:10:16 0 d

C:\Documents and Settings\All Users\Application Data\NOS
2008-07-17 18:10:14 0 d

C:\Program Files\NOS
2008-07-16 18:16:37 397548 --ahs---- C:\WINDOWS\system32\bLnqYcdd.ini2
2008-07-16 17:16:21 0 d

C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-16 17:16:08 0 d

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-16 17:16:06 0 d

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-16 17:04:09 116352

n--- C:\WINDOWS\system32\ibuooh.dll
2008-07-16 17:04:08 116352

n--- C:\WINDOWS\system32\klkobbof.dll
2008-07-16 17:02:55 92672

n--- C:\WINDOWS\system32\tlhlpuau.dll
2008-07-15 17:21:52 93184

n--- C:\WINDOWS\system32\uhfvddsw.dll
2008-07-13 21:31:20 0 d

C:\Program Files\Sun
2008-07-12 13:39:14 0 d

C:\Program Files\Windows Defender
2008-07-10 20:57:39 0 d

C:\Program Files\Trend Micro
2008-07-09 19:47:13 318208

n--- C:\WINDOWS\system32\ddcYqnLb.dll
2008-07-08 23:25:15 29568

n--- C:\WINDOWS\system32\fcccyYPG.dll

-- Find3M Report

2008-07-19 18:05:26 0 d

C:\Program Files\TrueSwitchComcast
2008-07-17 21:43:04 0 d

C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-07-17 18:18:43 0 d

C:\Program Files\Java
2008-07-17 18:16:40 0 d

C:\Program Files\Common Files\Adobe
2008-07-17 18:13:45 0 d

C:\Program Files\Common Files
2008-06-27 14:36:50 0 d

C:\Program Files\McAfee
2008-06-26 16:39:37 0 d

C:\Program Files\Common Files\McAfee

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 09:56 PM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 12:19 AM C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"@=" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [09/21/2005 10:41 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 08:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 03:21 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/13/2008 05:36 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 08:00 PM]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe [8/4/2007 6:39:43 PM]
TrueAssistant.lnk - C:\Program Files\TrueSwitchComcast\TrueWizard.exe [11/28/2007 8:48:02 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [6/9/2007 9:58:21 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 7:23:26 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [11/10/2005 5:50:28 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a25ac8a3-8c84-11da-9dfe-0015f264cb44}]
AutoRun\command- F:\JDSecure\Windows\JDSecure31.exe

-- End of Deckard's System Scanner: finished at 2008-07-19 18:28:18

********************************************

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 958.48 MiB / 422.48 MiB
Pagefile Memory (total/avail): 2312.8 MiB / 1844.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.22 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 177.8 GiB total, 160.77 GiB free.
D: is Fixed (FAT32) - 8.5 GiB total, 1.12 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
[URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - SAMSUNG SP2004C - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 8.51 GiB - D:
\PARTITION1 (bootable) - Installable File System - 177.8 GiB - C:
[URL="file://\\.\PHYSICALDRIVE5"]\\.\PHYSICALDRIVE5[/URL] - EPSON Stylus Storage USB Device
[URL="file://\\.\PHYSICALDRIVE2"]\\.\PHYSICALDRIVE2[/URL] - Generic USB CF Reader USB Device
[URL="file://\\.\PHYSICALDRIVE4"]\\.\PHYSICALDRIVE4[/URL] - Generic USB MS Reader USB Device
[URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - Generic USB SD Reader USB Device
[URL="file://\\.\PHYSICALDRIVE3"]\\.\PHYSICALDRIVE3[/URL] - Generic USB SM Reader USB Device

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LARRY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\LARRY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=LARRY
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS

-- User Profiles

HP_Administrator (admin)
Administrator (admin)

-- Add/Remove Programs

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\Uninstall.exe"
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AstroPop Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\Uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barnyard Invasion from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Blackhawk Striker 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
Chuzzle Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
Crystal Maze from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EasyChange Powered by TrueSwitch --> C:\Program Files\TrueSwitchComcast\TrueWizard.exe -uninstall
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
FATE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Insaniquarium Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lemonade Tycoon 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\Uninstall.exe"
Lexibox Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Lost Worlds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Skype 3.2 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
Snowboard SuperJam from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
TimeLeft --> "C:\Program Files\TimeLeft3\unins000.exe"
Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Zuma Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\Uninstall.exe"

-- Application Event Log

Event Record #/Type7138 / Warning
Event Submitted/Written: 07/18/2008 10:47:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type7129 / Warning
Event Submitted/Written: 07/18/2008 08:45:47 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type7118 / Warning
Event Submitted/Written: 07/17/2008 11:37:14 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type7071 / Error
Event Submitted/Written: 07/14/2008 05:34:24 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type7053 / Error
Event Submitted/Written: 07/13/2008 11:21:40 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application NOTEPAD.EXE, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type31683 / Warning
Event Submitted/Written: 07/19/2008 06:27:56 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%LARRY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LARRY27 can't undo changes that you allow.
For more information please see the following:
%LARRY275
Scan ID: {C017E507-24CE-4255-9BD0-9DCE6CFCF506}
User: LARRY\HP_Administrator
Name: %LARRY271
ID: %LARRY272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %LARRY276
Alert Type: %LARRY278
Detection Type: 1.1.1593.02
Event Record #/Type31682 / Warning
Event Submitted/Written: 07/19/2008 06:27:56 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%LARRY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LARRY27 can't undo changes that you allow.
For more information please see the following:
%LARRY275
Scan ID: {970E92ED-E30A-4259-BF45-A06EAC3895D0}
User: LARRY\HP_Administrator
Name: %LARRY271
ID: %LARRY272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %LARRY276
Alert Type: %LARRY278
Detection Type: 1.1.1593.02
Event Record #/Type31681 / Warning
Event Submitted/Written: 07/19/2008 06:27:56 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%LARRY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LARRY27 can't undo changes that you allow.
For more information please see the following:
%LARRY275
Scan ID: {6D1F742C-FD89-4521-8773-2644A038B25D}
User: LARRY\HP_Administrator
Name: %LARRY271
ID: %LARRY272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %LARRY276
Alert Type: %LARRY278
Detection Type: 1.1.1593.02
Event Record #/Type31680 / Warning
Event Submitted/Written: 07/19/2008 06:27:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%LARRY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LARRY27 can't undo changes that you allow.
For more information please see the following:
%LARRY275
Scan ID: {6F95F444-7262-4FA4-84DB-2D1C41FC91B0}
User: LARRY\HP_Administrator
Name: %LARRY271
ID: %LARRY272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %LARRY276
Alert Type: %LARRY278
Detection Type: 1.1.1593.02
Event Record #/Type31679 / Warning
Event Submitted/Written: 07/19/2008 06:27:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%LARRY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LARRY27 can't undo changes that you allow.
For more information please see the following:
%LARRY275
Scan ID: {6B7AF0CA-59F9-4001-A8C6-0C8D2E14D748}
User: LARRY\HP_Administrator
Name: %LARRY271
ID: %LARRY272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %LARRY276
Alert Type: %LARRY278
Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-07-19 18:28:18

j24jacobs · July 2008

Hi Katana,
This is so cool. You have been beyond wonderful. I have learned a great deal... mostly that I need to be more careful. I have also learned that there are still realy nice people in the world, and you are one of them... helping total strangers.

Lar

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-07-19 18:26:28
Computer is in Normal Mode.