Need Some Help 'Cause I'm Freakin' Out Over Here

Alrighty… So, I logged onto my computer this morning to discover that my display settings had been seemingly reset to the default settings and my desktop and folder icons where all re-arranged (nothing seems to be missing or altered, just re-arranged and reset).

I thought that strange, so I ran a Malwarebytes Scan, which came up with nothing. Then I ran a full scan through Avast (version 5.1.889). Said scan came up with one infected file, which I moved to the chest. Upon restarting the pc, an Avast Boot Scan was run and the following items were moved to the chest…

A0185446.exe C:\System Volume Information_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP620 9/16/1999 2:32:50 PM 2/12/2001 6:18:11 PM Win32:KillApp-W [PUP]

Killlt.exe C:\hp\bin 9/16/1999 2:32:50 PM 2/12/2011 5:54:04 PM Win32:KillApp-W [PUP]

loaderav_2003-1_pq8[1].exe C;\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\HBQX3PTO 2/10/2011 2:03:22 PM 2/12/2011 4:11:53 PM Win32:Malware-gen

PPCRunOnce.exe C:\Program Files\Online Services\PeoplePC\ISP5900\System 7/25/2005 7:18:32 PM 2/10/2011 12:54:12 PM Win32:JunkPoly-B[Cryp]

I’m using an HP Pavilion a1520n desktop PC.

I’m not very computer savvy, so beyond that I don’t know much as far as the technical aspects of my machine go. I’m also a bit paranoid as to what to delete and waht not to delete.

I can say that I have not noticed much in the way of my PC acting strange aside from the aforementioned resetting and re-arranging this morning. I do do a lot of online shopping, so I am a bit worried about one of the above listed files corrupting my system or someone being able to swipe my passwords and such. So…

What do I do now?

Please, any help would be much appreciated and do please keep in mind that I am not in any way, shape, or form well-versed in the inner workings of computers. I’d be happy to provide any iadditional information you fine folks might need to help me with this problem.

  1. have you recently been in safe mode as that screws with desktop settings, resolution, colour and icon locations.

  2. When you modify your avast default scan settings, it is best to know what effect these changes will have.

Unfortunately the boot-time scan will scan for PUPs (Potentially Unwanted Programs) by default, so don’t be surprised when it finds some, but then you have the dilemma of deciding if it is unwanted or not.

  1. lets deal with the PUPs first, Killlt.exe C:\hp\bin which is an HP tool (in the recovery section) used to kill processes, etc. in the wrong location/hands this tool can be harmful, in this location it is legit.

The one in the C:\System Volume Information_ restore point is basically a copy of the above when it was moved to the chest system restore saved a copy. Nothing to wory about leave this in the chest

The PPCRunOnce.exe is related to PeoplePC ISP software, may display advertising, also see, http://www.bleepingcomputer.com/startups/PPCRunOnce.exe-11675.html

This one is highly suspect and appears to be a good detection:

loaderav_2003-1_pq8[1].exe C;\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\HBQX3PTO 2/10/2011 2:03:22 PM 2/12/2011 4:11:53 PM Win32:Malware-gen

Any .exe file in the Temp Internet Files folder is always suspect to me, also since this is a temp location there is no harm in it being removed at all in fact I would suggest that you clear the Temp Internet Files folder.
What concerns me more is why this in in the C:\Documents and Settings\HP_Administrator\ folder, I take it you aren’t running as the administrator ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file). 

- 1.  MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. [url=http://www.superantispyware.com][b]SUPERantispyware[/b][/url] (SAS). On-Demand only in free version.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Firstly, let me say Thank You for your reply.

No, I haven’t run in safe mode for about six months now. I think there may have been an automatic update installed last night when I logged off, but can’t rember for certain as I was just about falling asleep at the computer. :slight_smile:

Actually, I don’t recall ever altering the scan settings in Avast. Typically, I just click on quick scan (weekly) or Full System Scan (monthly) and let it run. Should I switch it back to the default settings, just in case? If so, how do I do that (I can’t seem to see that option anywhere)?

So, basically, there’s only one of teh four items which I should be worried about? Is that right?

Actually, I am running as the computer’s administrator (I’m pretty much the only one who uses it). Does that make a difference?

I do have both MalwareBytes and SuperAntiSpyware installed. I will run both and see what comes up…

You’re welcome.

As I said unfortunately the default settings in the boot-time scan looks for PUPs and also scans Archive files, both of which are unnecessary and can be unchecked when scheduling the boot-time scan, would have saved you some time and some grief.

You shouldn’t run as ‘The Administrator’ as any malware that gets on to your system inherits that level of permissions/privileges and can reap havoc. Even running on another account with admin privileges is better than that, but if you can running as a limited user is better in restricting what damage malware can do. Whilst most find it a pain in the rear running on a limited user account.

Two that you should be concerned about as a) PPCRunOnce.exe could deliver ads and be considered adware and is non-essential and b) loaderav_2003-1_pq8[1].exe which I believe is definitely malicious.

Just finished running MalwareBytes and SuperAntiSpyware… No infections found.

Is it safe to remove the two suspicious items (PPCRunOnce.exe & loaderav_2003-1_pq8[1].exe) from the virus chest on Avast? I think I read that they can’t do any further damage while quarantined in the chest, but I was just wondering if it’s alright to go ahead and remove them all-together.

About running as something other than the administrator; I don’t do a whole lot of technical stuff on the computer. Basically, I use it for my writing, surfing the net, online shopping, listening to/ripping/buring music, and the occassional streaming movie or playing of a video game. I hardly ever download things online (just music in the form of bonus tracks from CDs I’ve purchased really). Does that mean that I can run as a lesser/limited user and not encounter any real difference in my computer use? (sorry if that sounds like a silly question, I’ve tried learning the ins and outs of computer use more in depth but keep running into conflicting information on many topics).

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Those two are the ones that had to have positive action taken against them, the HP one, nothing needed, but the restore point could also have been removed as a) it is just a copy of something previously moved/removed and b) any doubt on a restore point is better removed than left. That way if you use system restore in the future you shouldn’t be reactivation that one…

Hardly ever downloading things is a bit of a fallacy as the whole time you are on-line you are downloading things and the Internet is the source of the greatest majority of infection. Even sites that you might trust can be hacked and this is a very frequent occurrence and that is where many driveby download infections come from. You are certainly doing enough on-line to need to protect your system.

This is an old article but it is none the less relevant today - See http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/.

For the most part you could run as a limited user, but there might be times when you need Admin privileges, to install a program for example. Some Programs insist on you having admin privileges, but more recent ones probably not as much. However, to change some program or system settings, etc. you would need admin rights.

This is either where you right click on the program file and select Run as Administrator you logon as the administrator. This can be a hassle, but it is something that you have to decide is it worth the risk of always running as ‘The Administrator’ or the inconvenience of running as a limited user with less risk of more serious infection because of lowered inherited privileges.

Or running as a user with admin privileges, but not ‘The Administrator,’ this is a decision that I can’t make for you. I run using an account with admin privileges, but take pro-active measures to prevent/limit possible for malware infection.

Thank You again for your continued assistance. It has been exceptionally helpful.

Alrighty, I’ll just leave them in the chest for a few weeks or so. Nothing was wonky when I flipped on the computer today and (though I might just be imagining it) it almost seemed that the thing loaded a wee bit faster.

'Twas an interesting, yet somewhat terrifying, article. Thanks for the link.

Yeah, I suppose I should have said I hardly ever purposely download things online. :slight_smile:

Currently, when it comes to protecting my computer, I have the following programs…

MalwareBytes Anti-Malware
SuperAntiSpyware
Avast Anti-Virus (always running)
ZoneAlarm (Always Running)

I do also have SpyBot Search & Destroy, but honestly don’t use it much.

Other than running as a limited user (which I will defintely try do from now on), are there any other programs I should use or things I should do?

I know no one can protect themselves from everything and for the most part I don’t notice my PC having many issues, but whenever it does, I do admitedly get a bit paranoid. LOL.

You’re welcome.

Personally I would get rid of spybot S&D as we are now seeing more instances of it being more of a hindrance than a help.

I don’t know if either MBAM or SAS are the Pro/paid version then that would give resident protection (only one should be resident) and either I fell is as good as or better than S&D.

Well there is WinPatrol that monitors changes to your system, there is a free version and a paid version WinPatrol Plus (one off subscription).

But one of the biggest things to sort out is a robust backup and recovery strategy, so if the worst happens you don’t lose important data files and you can recover your system, Drive Imaging software can make an exact copy (image) of your hard disk or partition, that can be restored in a short time saving you a lot of grief.

Yeah, I’ve actually be thinking of dumping Spybot S&D for a while.

Both MBAM and SAS are the free versions, so I’ll check out the WinPatrol, per your suggetion.

As far as backup and recovery goes, I’m kind of out of my understanding on that. I do backup my files and pictures and whatnot on USB flash drives and plan on getting an external hard drive as soon as I can. How do I go about setting a system restore point on my on computer?

I’ve never been a great fan of System Restore as it is less than perfect (disabled on my system) but better than nothing.

  1. Click Start, All Programs, Accessories, System tools, System Restore.
  2. In the pop-up that appears fill in the radio button to Create a Restore Point
  3. Click NEXT
  4. Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
  5. Click CREATE

This is for windows XP, but presumably it is similar in Vista/Win7

You now have a clean restore point, you should clear the old ones:

  1. Click Start, All Programs, Accessories, System tools, Disk Clean Up
  2. Click OK on the C: drive
  3. Click the More Options tab
  4. In the System Restore section click the Clean Up button

Thanks. :slight_smile:

I’ll create a new one to tide me over until I can get an external hard drive.

Are you having any problems now or, is your computer running ok?
Meaby a hijack scan could be a good one to do just in case.

http://filehippo.com/download_hijackthis/ download, install, and do a scan of your system and post the result here. (only if you still having problems) if not ignore my post :smiley:

No, I don’t seem to be having any problems now. I did run a HiJack This scan, just in case though. I don’t know it it matters at all, but I recently switch from running as the administrator in my daily use to a limited user (Windows XP). However, I logged on as the administrator when running the scan. Here are the results…

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:32:13 AM, on 2/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

And the rest of the results…

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] “nwiz.exe” /install
O4 - HKLM..\Run: [DMAScheduler] “c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [hcsystray] “C:\Program Files\Kuma Games\hcsystray\hc_tray.exe”
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] “C:\Program Files\Browser Mouse\MOffice.exe”
O4 - HKLM..\Run: [REGSHAVE] “C:\Program Files\REGSHAVE\REGSHAVE.EXE” /AUTORUN
O4 - HKLM..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
O4 - HKLM..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
O4 - HKLM..\Run: [DivX Download Manager] “C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe” start
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra ‘Tools’ menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.brookebms.com/License/smsx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 11439 bytes

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [DMAScheduler] “c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [hcsystray] “C:\Program Files\Kuma Games\hcsystray\hc_tray.exe”
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] “C:\Program Files\Browser Mouse\MOffice.exe”
O4 - HKLM..\Run: [REGSHAVE] “C:\Program Files\REGSHAVE\REGSHAVE.EXE” /AUTORUN
O4 - HKLM..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
O4 - HKLM..\Run: [DivX Download Manager] “C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe” start
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

Fix also all lines starting with O16 - DPF and lines that end with (file missing).
Reboot after having doing so.

And please use the attachment option next time to give us a log file.

ARE you kidding :o :o some of those are legit startups,please if you don’t what you do don’t break it.
@Quazimoto:
Please wait for mikaelrask to give you advice.

Thank You Kindly… And sorry about not posting as an attachment. I’ll make sure to do that next time.

Thanks… I’ll wait a bit then. The computer seems to be running fine except that since I installed HiJack This, it won’t play my screensaver (Sharks 2.0 from LifeGlobe/Prolific). Just plays a blank screen. I’m going to try uninstalling and re-installing the screensaver and see if that works.