Possible .exe virus/trojan?

system · November 18, 2007, 9:32am

So i suspect i have a buttload of spyware. I have ran various anti spyware software including Lavasoft Ad Aware, Registry Mechanic and Spybot - Search & Destroy. My system stills seems to be running slow, but the main problem seems to be when some keys on the keyboard are hit (volume for instance) the machine will completely lock up. All i can do then is ctrl alt delete, but i cannot close any processes, i can only log off/shutdown/cancel. Sometimes when i just boot up nothing is clickable, so i have to restart a few times before it works.

Just out of curiousity i went to run /msconfig and had a look at the startup. I have ran all the startup item codes through this process library site on the net: http://www.pchell.com/linkto/processlibrary.shtml

All of them seem to be alright until i get to this one: NvCpl. It’s command is the following: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup.

On that process library it detects NvCpl as Security High Risk and detects the Process Name as: W32.SpyBot.S Worm.

Description: vcpl.exe is a process which is registered as W32.SpyBot.S Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/sec.../ms04-011.mspx. This process is a security risk and should be removed from your system. Please see additional details regarding this process. Reccomendation: DISABLE AND REMOVE nvcpl.exe IMMEDIATELY. This process is most likely a virus or trojan.

Now i have simply tried disabling this startup item from the MSCONFIG STARTUP section but to no avail. I simply re open that menu once i have tried and it is back.

Can anyone recommend anything to remove this?

EDIT:

So i’ve just tried to boot in safe mood several times, however it would not boot up correctly. It would give me a list of a bunch of drivers and then freeze. I booted windows back up normally and decided to check out the folder the nvcpl.dll file was located. Apon right clicking i get this info:

File Version: 6.14.10.9163
Product Name: NVIDIA Compatible Windows 2000 Display driver, Version 91.63
Description: NVIDIA Display Properties Extension
Copyright: NVIDIA Corportation. All rights reserved.

Now knowing that is says something about NVIDIA Display Properties…

A few days ago i setup a second monitor, so the mouse flicks between the two. Now wondering if this has anything to do with it. I’m not sure i should delete the NvCpl.dll file, as it could possibly mess up my Display? no idea…

EDIT: i should note that i had posted everything above elsewhere and recieved little to no help. Really worried about my pc + data. As for where it is at now, the machine does not lock up apon booting anymore, well…just no way near as often. One of my main problems is it has seemed to messed with some .exe’s? I play san andreas online (samp) regularly and i can no longer boot up the exe. Has been a week or so now so i’m itching to play, ofcourse the health of my machine is much more importany obviously.

Any help would be appreciated, will post up my Hijackthis log in a second.

oldman960 · November 18, 2007, 9:46am

It could very well be the extra monitor as that line is common in hijackthis logs,

example

http://forum.avast.com/index.php?topic=29733.msg244929#msg244929

system · November 18, 2007, 10:03am

Forgot to mention i actualy disconnected the second monitor for the time being, atleast until i resolve these issues. Won’t bother me if it is safer to keep it unplugged in the long run. Another thing i forgot to mention was that Spybot S&D always found something called smithfraud.c or something. It is no longer doing that, but it did a good 10 times. Even when i attempted to fix the problem it auto restored itself or something.

system · November 18, 2007, 10:03am

Find below my hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:51 AM, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Downloads\Software\HiJackThis.exe

system · November 18, 2007, 10:04am

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM..\Run: [DMAScheduler] “c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [HPBootOp] “C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” /run
O4 - HKLM..\Run: [CnxTrApp] rundll32.exe “C:\Program Files\NetComm\NetComm USB Network\CnxTrApp.dll”,AppEntry -REG “NetComm\NetComm USB Network”
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [BtTray] “C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘Default user’)

system · November 18, 2007, 10:05am

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘SYSTEM’)
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra ‘Tools’ menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194502863937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189755363437
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

–
End of file - 14393 bytes

Sorry to multi-post, it aparently would not let me post it all in one due to too many characters per post.

system · November 18, 2007, 6:21pm

Hi :

  Your HijackThis Log indicates you are using AVG Antivirus & NOT Avast ;
  since this is the Avast Support Forums, it is recommend you use the
  AVG Forums at http://forum.grisoft.cz/freeforum/ ; however, since you
  seem to have a spyware problem and have Spybot, the Spybot Forums
  at http://forums.spybot.info should be the Best Forum to get help .

  I will mention that your Sun Java is 2 "Updates/Versions" behind, a semi-
  serious security risk . Should remove all versions you have; the latest
  version is at www.java.com .

oldman960 · November 18, 2007, 7:18pm

Don’t worry about being an AVG guy, we might be biased, but not prejudiced.

It looks like you had an infection before and you said the odd run in with smitfraud.

Let’s look closer.

Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

system · November 19, 2007, 2:20am

I appreciate the speedy response guys, and i will note that apon discovering this place i downloaded avast!

I apologise in advance if my main.txt and extra.txt readings take up serveral posts, find them below:

main.txt log:

Deckard’s System Scanner v20071014.68
Run by HP_Administrator on 2007-11-19 12:11:36
Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –
97: 2007-11-19 02:11:43 UTC - RP444 - Deckard’s System Scanner Restore Point
96: 2007-11-19 02:08:07 UTC - RP443 - Installed Java™ 6 Update 3
95: 2007-11-19 02:05:37 UTC - RP442 - Removed J2SE Runtime Environment 5.0 Update 11
94: 2007-11-19 02:04:50 UTC - RP441 - Removed J2SE Runtime Environment 5.0 Update 6
93: 2007-11-19 02:04:12 UTC - RP440 - Removed J2SE Runtime Environment 5.0 Update 9

– First Restore Point –
1: 2007-08-21 17:53:18 UTC - RP348 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

– HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:24 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\DOWNLO~1\Software\HP_Administrator.exe

system · November 19, 2007, 2:21am

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM..\Run: [DMAScheduler] “c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe”
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [HPBootOp] “C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” /run
O4 - HKLM..\Run: [CnxTrApp] rundll32.exe “C:\Program Files\NetComm\NetComm USB Network\CnxTrApp.dll”,AppEntry -REG “NetComm\NetComm USB Network”
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [BtTray] “C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘Default user’)
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘SYSTEM’)
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘Default user’)

system · November 19, 2007, 2:22am

O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra ‘Tools’ menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194502863937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189755363437
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

–
End of file - 14569 bytes

– File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - “C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe”,2

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mapledxp - c:\windows\system32\drivers\mapledxp.sys <Not Verified; Jeff Hurchalla and Marble Sound; MarbleSound Maple Midi XP Driver SYS>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 audiobridge (Virtual Audio Bridge) - c:\windows\system32\drivers\aubridge.sys <Not Verified; SoundGenetics; Audio Bridge Wave>
R3 CnxTrLan (NetComm USB Network Adapter Driver) - c:\windows\system32\drivers\cnxtrlan.sys <Not Verified; Conexant; Conexant USB Network Device>
R3 CnxTrUsb (NetComm USB Network Interface Device Driver) - c:\windows\system32\drivers\cnxtrusb.sys <Not Verified; Conexant; Conexant USB Network Device>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 LoopBeMidi1 (nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM)) - c:\windows\system32\drivers\loopbe1.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

system · November 19, 2007, 2:22am

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - “c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe” <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - “c:\program files\common files\autodesk shared\service\adskscsrv.exe”
R2 BlueSoleilCS - c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe <Not Verified; ; BlueSoleilCS Module>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - “c:\program files\bonjour\mdnsresponder.exe” <Not Verified; Apple Computer, Inc.; Bonjour>
R3 BsHelpCS - c:\program files\ivt corporation\bluesoleil\bshelpcs.exe <Not Verified; ; BsHelpCS Module>

S3 FLEXnet Licensing Service - “c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe” <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 ServiceLayer - “c:\program files\pc connectivity solution\servicelayer.exe” <Not Verified; Nokia.; PC Connectivity Solution>

– Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

– Scheduled Tasks -------------------------------------------------------------

2007-11-19 11:27:56 286 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-11-14 17:14:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-13 02:20:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-09 09:03:08 360 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job

– Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-19 12:08:26 0 d-------- C:\Program Files\Common Files\Java
2007-11-18 20:51:55 0 d-------- C:\Program Files\Alwil Software
2007-11-14 17:29:07 0 d-------- C:\Program Files\iPod
2007-11-13 20:20:49 0 d-------- C:\Program Files\IVT Corporation
2007-11-13 19:27:38 0 d-------- C:\Program Files\OLVI Soft
2007-11-13 18:58:50 0 --a------ C:\WINDOWS\system32\0
2007-11-13 18:58:50 32 --a------ C:\WINDOWS\0
2007-11-13 16:52:52 0 d-------- C:\Documents and Settings\HP_Administrator\Phone Browser
2007-11-13 16:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-13 16:31:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia
2007-11-13 16:31:23 0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-13 16:31:22 0 d-------- C:\Program Files\Common Files\Nokia
2007-11-13 16:31:12 0 d-------- C:\Program Files\DIFX
2007-11-13 16:31:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Suite
2007-11-13 16:31:03 0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-13 16:30:40 0 d-------- C:\Program Files\Nokia
2007-11-13 16:29:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-11-12 19:35:08 4144 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-12 19:34:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-12 19:34:51 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-12 19:34:51 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-12 19:34:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-12 19:34:51 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-10 11:55:48 0 d-------- C:\NVIDIA
2007-11-09 09:14:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinPatrol
2007-11-09 09:14:47 0 d-------- C:\Program Files\BillP Studios
2007-11-08 23:23:42 0 d-------- C:\Program Files\Windows Defender
2007-11-08 22:44:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-08 17:45:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Registry Booster
2007-11-08 16:14:39 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2007-11-04 00:20:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2007-11-04 00:18:32 0 d-------- C:\Program Files\Last.fm
2007-10-27 01:23:29 0 d-------- C:\WINDOWS\vbSkinner
2007-10-27 01:22:46 0 d-------- C:\Program Files\PFConfig
2007-10-21 20:29:38 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Free Download Manager
2007-10-21 20:29:33 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-10-21 20:29:32 0 d-------- C:\Program Files\Free Download Manager

– Find3M Report ---------------------------------------------------------------

2007-11-19 12:10:39 0 d-------- C:\Program Files\Java
2007-11-19 12:08:26 0 d-------- C:\Program Files\Common Files
2007-11-19 11:59:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2007-11-18 19:37:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-11-18 19:07:42 0 d–h----- C:\Program Files\InstallShield Installation Information
2007-11-14 17:29:29 0 d-------- C:\Program Files\iTunes
2007-11-14 17:27:08 0 d-------- C:\Program Files\QuickTime
2007-11-14 08:15:50 8 --a------ C:\Documents and Settings\HP_Administrator\Application Data\NMM-MetaData.db
2007-11-13 20:21:16 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-12 17:38:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-11 09:52:06 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2007-11-08 17:45:27 0 d-------- C:\Program Files\Uniblue
2007-11-08 17:37:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2007-10-18 15:10:14 534 --a------ C:\WINDOWS\eReg.dat
2007-10-18 15:09:52 0 d-------- C:\Program Files\Maxis
2007-10-16 23:58:41 0 d-------- C:\Program Files\PeerGuardian2
2007-10-09 13:32:09 72748 --a------ C:\WINDOWS\unins001.exe <Not Verified; Jordan Russell; >
2007-10-09 13:32:09 1310 --a------ C:\WINDOWS\unins001.dat
2007-10-08 15:01:27 0 d-------- C:\Program Files\ImTOO
2007-10-08 14:38:57 0 d-------- C:\Program Files\Xilisoft
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-04 15:36:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVS4YOU
2007-10-04 15:36:10 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-10-04 13:50:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2007-09-22 14:49:50 0 d-------- C:\Program Files\MagicDVDCopier
2007-09-22 14:23:54 0 d-------- C:\Program Files\Common Files\MagicDVDCopier
2007-09-22 14:22:04 0 d-------- C:\Program Files\MagicDVDRipper
2007-09-21 19:47:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LG Electronics
2007-09-21 19:44:41 0 d-------- C:\Program Files\LG Electronics
2007-08-21 12:53:38 28766 --a------ C:\WINDOWS\system32\PlayerCtrl.dll <Not Verified; IVT; PlayerCtrl Dynamic Link Library>

system · November 19, 2007, 2:23am

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ftutil2”=“ftutil2.dll” [07/06/2004 07:05 AM C:\WINDOWS\system32\ftutil2.dll]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [10/08/2004 07:00 AM]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [10/08/2004 07:00 AM]
“RTHDCPL”=“RTHDCPL.EXE” [14/06/2006 06:05 AM C:\WINDOWS\RTHDCPL.EXE]
“AlwaysReady Power Message APP”=“ARPWRMSG.EXE” [02/08/2005 04:19 PM C:\WINDOWS\arpwrmsg.exe]
“DMAScheduler”=“c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe” [13/04/2006 02:05 AM]
“Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [22/07/2005 03:14 PM]
“HPBootOp”=“C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” [15/02/2006 03:34 PM]
“CnxTrApp”=“C:\Program Files\NetComm\NetComm USB Network\CnxTrApp.dll” [19/07/2003 10:32 AM]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [08/11/2007 04:46 PM]
“Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [23/08/2006 11:38 PM]
“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [16/02/2005 11:11 PM]
“ISUSPM Startup”=“c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe” [27/07/2004 04:50 PM]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [10/08/2004 07:00 AM C:\WINDOWS\system32\bthprops.cpl]
“BrMfcWnd”=“C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe” [28/06/2006 07:46 AM]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [01/06/2006 01:36 AM]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [03/11/2006 07:20 PM]
“WinPatrol”=“C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe” [27/10/2007 02:06 AM]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [04/10/2007 05:14 PM]
“BtTray”=“C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe” [10/09/2007 11:08 AM]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [06/09/2007 08:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [19/01/2007 12:54 PM]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [10/08/2004 07:00 AM]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [4/11/2007 12:18:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32]
winhab32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
“C:\Program Files\ICQLite\ICQLite.exe” -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
“C:\Program Files\iTunes\iTunesHelper.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
“C:\Program Files\Microsoft IntelliType Pro\itype.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
“C:\Program Files\MSN Messenger\msnmsgr.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
“C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe” -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{6E615E07-8CA2-BF63-4CB9-CD1A796988B3}]
C:\WINDOWS\system32:svchost.exe

– End of Deckard’s System Scanner: finished at 2007-11-19 12:15:41 ------------

system · November 19, 2007, 2:24am

Now find the extra.txt below

extra.txt log:

Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.36 MiB / 518.75 MiB
Pagefile Memory (total/avail): 2458.73 MiB / 2100.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.45 MiB

C: is Fixed (NTFS) - 178.03 GiB total, 70.56 GiB free.
D: is Fixed (FAT32) - 8.26 GiB total, 0.56 GiB free.
E: is CDROM (No Media)
F: is Fixed (FAT32) - 232.83 GiB total, 45.33 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\.\PHYSICALDRIVE0 - ST3200827AS - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 178.03 GiB - C:
\PARTITION1 - Unknown - 8.27 GiB - D:

\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\.\PHYSICALDRIVE1 - WD 2500BB External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - F:

– Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: avast! antivirus 4.7.1043 [VPS 071118-2] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe”="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe::Enabled:Updates from HP”
“C:\Program Files\MSN Messenger\msncall.exe”=“C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)"
“C:\Program Files\MSN Messenger\msnmsgr.exe”="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1”
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)”

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe”="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe::Enabled:Updates from HP”
“C:\Program Files\MSN Messenger\msncall.exe”=“C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)"
“C:\Program Files\BitTorrent\bittorrent.exe”="C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent”
“C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire"
“C:\3dsmax7\3dsmax.exe”="C:\3dsmax7\3dsmax.exe::Enabled:3ds max 7”
“C:\Program Files\backburner 2\monitor.exe”=“C:\Program Files\backburner 2\monitor.exe::Enabled:backburner 2.3 monitor"
“C:\Program Files\backburner 2\manager.exe”="C:\Program Files\backburner 2\manager.exe::Enabled:backburner 2.3 manager”
“C:\Program Files\backburner 2\server.exe”=“C:\Program Files\backburner 2\server.exe::Enabled:backburner 2.3 server"
“C:\Documents and Settings\HP_Administrator\My Documents\My Music\LimeWire\LimeWire.exe”="C:\Documents and Settings\HP_Administrator\My Documents\My Music\LimeWire\LimeWire.exe::Enabled:LimeWire”
“C:\Documents and Settings\HP_Administrator\My Documents\marcus\Other Crap\utorrent.exe”=“C:\Documents and Settings\HP_Administrator\My Documents\marcus\Other Crap\utorrent.exe::Enabled:µTorrent"
“C:\Program Files\WiFiConnector\NintendoWFCReg.exe”="C:\Program Files\WiFiConnector\NintendoWFCReg.exe::Enabled:Nintendo Wi-Fi USB Connector”
“C:\Program Files\ICQLite\ICQLite.exe”=“C:\Program Files\ICQLite\ICQLite.exe::Enabled:ICQ Lite"
“C:\Program Files\Messenger\msmsgs.exe”="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger”
“C:\Documents and Settings\HP_Administrator\My Documents\installers\My Music\LimeWire\LimeWire.exe”=“C:\Documents and Settings\HP_Administrator\My Documents\installers\My Music\LimeWire\LimeWire.exe::Enabled:LimeWire"
“C:\Program Files\MSN Messenger\msnmsgr.exe”="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1”
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)"
“C:\Program Files\Grisoft\AVG7\avginet.exe”="C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe”
“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=“C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe"
“C:\Program Files\Grisoft\AVG7\avgcc.exe”="C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe”
“C:\Program Files\Grisoft\AVG7\avgemc.exe”=“C:\Program Files\Grisoft\AVG7\avgemc.exe::Enabled:avgemc.exe"
“C:\Documents and Settings\HP_Administrator\Application Data\SopCast\adv\SopAdver.exe”="C:\Documents and Settings\HP_Administrator\Application Data\SopCast\adv\SopAdver.exe::Enabled:SopCast Adver”
“C:\Program Files\Mozilla Firefox\firefox.exe”=“C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox"
“C:\Program Files\SopCast\SopCast.exe”="C:\Program Files\SopCast\SopCast.exe::Enabled:SopCast Main Application”
“C:\Program Files\Microsoft Games\Age of Empires III\age3.exe”=“C:\Program Files\Microsoft Games\Age of Empires III\age3.exe::Enabled:Age of Empires 3"
“C:\WINDOWS\system32\dpvsetup.exe”="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test”
“C:\WINDOWS\system32\rundll32.exe”=“C:\WINDOWS\system32\rundll32.exe::Enabled:Run a DLL as an App"
“C:\Program Files\DC++\DCPlusPlus.exe”="C:\Program Files\DC++\DCPlusPlus.exe::Enabled:DC++”
“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe::Enabled:BlueSoleil"
“C:\Program Files\Bonjour\mDNSResponder.exe”="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour”
“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe”=“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe::Enabled:BlueSoleilCS"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes”
“C:\Program Files\Last.fm\LastFM.exe”=“C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm”

system · November 19, 2007, 2:25am

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARCUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\MARCUS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\backburner 2;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MARCUS
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

– User Profiles ---------------------------------------------------------------

HP_Administrator I[/I]
Administrator I[/I]

system · November 19, 2007, 2:26am

– Add/Remove Programs ---------------------------------------------------------

→ C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
→ C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
→ c:\WINDOWS\system32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
→ c:\WINDOWS\system32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
→ c:\WINDOWS\system32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
→ c:\WINDOWS\system32\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
→ MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
→ MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
→ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent → “C:\Documents and Settings\HP_Administrator\My Documents\marcus\Other Crap\uninstall.exe”
3ds max 7 → MsiExec.exe /I{F92AB933-9FE7-4335-92BD-D1C3BA27613C}
3ds max 7 Reference Files → MsiExec.exe /I{E5F6E1A6-44AA-4CF7-883E-4F7FA7C4BCA5}
7 Wonders of the Ancient World → “C:\Program Files\Oberon Media\7 Wonders of the Ancient World\Uninstall.exe” “C:\Program Files\Oberon Media\7 Wonders of the Ancient World\install.log”
Ad-Aware SE Professional → C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 → MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 → MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 → MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 → MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting → MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 → MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps → MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings → MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Common File Installer → MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 → MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 → MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 → MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 → C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin → C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All → MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 → MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 → MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 → msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 → MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files → MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 → msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro CS3 → C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 → MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content → MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content → MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 7.0.5 → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup → MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Stock Photos 1.0 → MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 → C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support → MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 → MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client → MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe XMP DVA Panels CS3 → MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 → MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Age of Empires III → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Any to Icon → “C:\Program Files\Any to Icon\uninstall.exe”
Apple Mobile Device Support → MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update → MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Armadillo Run Demo Version 1.0.1 → “C:\Program Files\Armadillo Run Demo\unins000.exe”
Audy06 v1.0 → “C:\Program Files\Audy06\unins000.exe”
avast! Antivirus → rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG 7.5 → C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVS DVDMenu Editor 1.2.1.19 → “C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe”
Bejeweled 2 Deluxe → “C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe” “C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log”
Bengal - Game of Gods → “C:\Program Files\Oberon Media\Bengal - Game of Gods\Uninstall.exe” “C:\Program Files\Oberon Media\Bengal - Game of Gods\install.log”
BeTrapped! → “C:\Program Files\Oberon Media\BeTrapped!\Uninstall.exe” “C:\Program Files\Oberon Media\BeTrapped!\install.log”
BlueSender → MsiExec.exe /I{D1E385AC-D2B5-4DDB-B889-60EF787D43A7}
Bluesoleil 5.0.5.178 → MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Bookworm Deluxe → “C:\Program Files\Oberon Media\Bookworm Deluxe\Uninstall.exe” “C:\Program Files\Oberon Media\Bookworm Deluxe\install.log”
Bricks of Atlantis → “C:\Program Files\Oberon Media\Bricks of Atlantis\Uninstall.exe” “C:\Program Files\Oberon Media\Bricks of Atlantis\install.log”
Bricks of Egypt → “C:\Program Files\Oberon Media\Bricks of Egypt\Uninstall.exe” “C:\Program Files\Oberon Media\Bricks of Egypt\install.log”
Brother MFL-Pro Suite → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F0F563C4-D4AD-41C4-A8A6-26664C027D11}\Setup.exe” -l0x9 Brunin03.dll -removeonly
Cake Mania → “C:\Program Files\Oberon Media\Cake Mania\Uninstall.exe” “C:\Program Files\Oberon Media\Cake Mania\install.log”
CamStudio → C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only) → “C:\Program Files\CCleaner\uninst.exe”
CDisplay 1.8 → “C:\Program Files\CDisplay\unins000.exe”
Celestia 1.4.1 → “C:\Program Files\Celestia\unins000.exe”
Chuzzle → “C:\Program Files\Oberon Media\Chuzzle\Uninstall.exe” “C:\Program Files\Oberon Media\Chuzzle\install.log”
CloneDVD2 → “C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe” /D=“C:\Program Files\Elaborate Bytes\CloneDVD2”
ConvertXtoDVD 2.2.0.251 → “C:\Program Files\vso\ConvertXtoDVD\unins000.exe”
CoreFLAC Audio Decoder+Source Filter (remove only) → “C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe”
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 → “C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe”
Customer Experience Enhancement → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DB Commander 2000 PRO → MsiExec.exe /I{DB6C3449-AD77-4C65-A038-BAC98E4F7536}
DC++ 0.674 → “C:\Program Files\DC++\uninstall.exe”
DivX → C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader → C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player → C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) → “C:\Program Files\DVD Decrypter\uninstall.exe”
EA SPORTS online 2007 → C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Easy Internet Sign-up → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution → C:\HP\KBD\Install.exe /u
FastCapPro version 2.0.0 → “C:\Program Files\EjoyStudio\FastCapPro\unins000.exe”
Flatcast 4.15 → C:\WINDOWS\unins001.exe
Fraps → “C:\Fraps\uninstall.exe”
Free Download Manager 2.5 → “C:\Program Files\Free Download Manager\unins000.exe”
Game Maker 7.0 → C:\Program Files\Game_Maker7\Uninstal.exe

system · November 19, 2007, 2:26am

Game of Life (remove only) → “C:\Program Files\Game of Life\Uninstall.exe”
Gem Shop → “C:\Program Files\Oberon Media\Gem Shop\Uninstall.exe” “C:\Program Files\Oberon Media\Gem Shop\install.log”
GemMaster Mystic → “C:\Program Files\GemMaster\uninstallgemmaster.exe”
GoldWave v5.19 → “C:\Program Files\GoldWave\unstall.exe” “GoldWave v5.19” “C:\Program Files\GoldWave\unstall.log”
Google Desktop → C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth → MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer → regsvr32 /u /s “c:\program files\google\googletoolbar2.dll”
Growler Guncam → MsiExec.exe /I{9B743536-28E5-4A48-A1CC-8600A18386C3}
Hexic → “C:\Program Files\Oberon Media\Hexic\Uninstall.exe” “C:\Program Files\Oberon Media\Hexic\install.log”
High Definition Audio Driver Package - KB888111 → “C:\WINDOWS$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe”
HijackThis 2.0.2 → “C:\Downloads\Software\HijackThis.exe” /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) → “C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
HP Boot Optimizer → MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive → MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe” -uninstall
HP Imaging Device Functions 7.0 → C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC → c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 → C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Update → MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Hurchalla Maple VMidi Cable v3.56 → “C:\WINDOWS\unins000.exe”
ICQ 5.1 → C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ImTOO 3GP Video Converter → C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
Insaniquarium Deluxe → “C:\Program Files\Oberon Media\Insaniquarium Deluxe\Uninstall.exe” “C:\Program Files\Oberon Media\Insaniquarium Deluxe\install.log”
iPod Video Converter 3 → C:\Program Files\Xilisoft\iPod Video Converter 3\Uninstall.exe
iTunes → MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java™ 6 Update 3 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jewel of Atlantis → “C:\Program Files\Oberon Media\Jewel of Atlantis\Uninstall.exe” “C:\Program Files\Oberon Media\Jewel of Atlantis\install.log”
Jewel Quest → “C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe” “C:\Program Files\Oberon Media\Jewel Quest\install.log”
Jigsaw 365 → “C:\Program Files\Oberon Media\Jigsaw 365\Uninstall.exe” “C:\Program Files\Oberon Media\Jigsaw 365\install.log”
Jigtopia Version 1.0.5.0 → “C:\Documents and Settings\HP_Administrator\My Documents\Alex\ITS\Term 3\tuts\Jigtopia\unins000.exe”
Last.fm 1.3.2.13 → “C:\Program Files\Last.fm\unins000.exe”
LEGO Star Wars II → C:\Program Files\InstallShield Installation Information{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0409
LG SyncManager → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{92636B62-9423-4246-82FE-69E2F4158350}\setup.exe” -l0x9 -removeonly
LG USB Modem driver → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe” -l0x9 -removeonly
Lighthouse 3D Screensaver 1.1 → “C:\Program Files\Lighthouse 3D Screensaver\unins000.exe”
LimeWire PRO 4.13.0 → “C:\Program Files\LimeWire\uninstall.exe”
Logitech Gaming Software → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}\setup.exe” -l0x9 -removeonly
Macromedia Dreamweaver 8 → MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager → MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 → MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder → MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Shockwave Player → C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic Ball 2 → “C:\Program Files\Oberon Media\Magic Ball 2\Uninstall.exe” “C:\Program Files\Oberon Media\Magic Ball 2\install.log”
Magic DVD Copier V4.3.4 → “C:\Program Files\MagicDVDCopier\unins000.exe”
Magic DVD Ripper V4.2.4 → “C:\Program Files\MagicDVDRipper\unins000.exe”
Magic Match → “C:\Program Files\Oberon Media\Magic Match\Uninstall.exe” “C:\Program Files\Oberon Media\Magic Match\install.log”
Mahjong Match → “C:\Program Files\Oberon Media\Mahjong Match\Uninstall.exe” “C:\Program Files\Oberon Media\Mahjong Match\install.log”
MAME32k (remove only) → “C:\Program Files\MAME32k\uninst.exe”
Mellosoftron III → C:\WINDOWS\uninst.exe -f"C:\Program Files\Polyhedric Software\Mellosoftron III\DeIsL1.isu" -c"C:\Program Files\Polyhedric Software\Mellosoftron III_ISREG32.DLL"
Messenger Plus! Live & Sponsor (CiD) → “C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft Age of Empires II → “C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE” /runtemp /uninstall
Microsoft Away Mode →
Microsoft Compression Client Pack 1.0 for Windows XP → “C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Encarta Standard 2006 → MsiExec.exe /I{06680048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Money → C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003 → MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 → “C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable → MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works → MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MIDI Yoke → MsiExec.exe /I{61781604-466B-43EA-A62D-930DBB21FDAF}
Mosiac - Tomb of Mystery → “C:\Program Files\Oberon Media\Mosiac - Tomb of Mystery\Uninstall.exe” “C:\Program Files\Oberon Media\Mosiac - Tomb of Mystery\install.log”
Mozaki Blocks → “C:\Program Files\Oberon Media\Mozaki Blocks\Uninstall.exe” “C:\Program Files\Oberon Media\Mozaki Blocks\install.log”
Mozilla Firefox (2.0.0.9) → C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN → C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MTA: Race for San Andreas 1.1.1 → C:\Program Files\MTA San Andreas\Uninstall.exe
muvee autoProducer 5.0 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe” -l0x9
Mystery Case Files - Huntsville → “C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\Uninstall.exe” “C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\install.log”
NBA LIVE 07 → C:\Program Files\EA SPORTS\NBA LIVE 07\EAUninstall.exe
Need for Speed Underground 2 → C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need for Speed™ Carbon → C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
NetComm NB1300 USB Network Adapter → “C:\Program Files\NetComm\NetComm USB Network\SETUP.EXE” -U -IVID_0572&PID_CB01
Nintendo Wi-Fi USB Connector Registration Tool → C:\Program Files\WiFiConnector\SoftAPUninst.exe
Nokia Connectivity Cable Driver → MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite → C:\Documents and Settings\All Users\Application Data\Installations{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_APAC.exe /LANG=“2057”
Nokia PC Suite → MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers → C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O&O Defrag Professional Edition → MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}

system · November 19, 2007, 2:27am

Ocean Express → “C:\Program Files\Oberon Media\Ocean Express\Uninstall.exe” “C:\Program Files\Oberon Media\Ocean Express\install.log”
Otto → “C:\Program Files\EnglishOtto\uninstallotto.exe”
PaperPort → MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Pat Sajak’s Lucky Letters → “C:\Program Files\Oberon Media\Pat Sajaks Lucky Letters\Uninstall.exe” “C:\Program Files\Oberon Media\Pat Sajaks Lucky Letters\install.log”
PC-Doctor 5 for Windows → C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PC Connectivity Solution → MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PeerGuardian 2.0 → “C:\Program Files\PeerGuardian2\unins000.exe”
PFConfig 1.0.162 → C:\Program Files\PFConfig\uninst.exe
Pinnacle Hollywood FX for Studio → C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Poker Superstars 2 → “C:\Program Files\Oberon Media\Poker Superstars 2\Uninstall.exe” “C:\Program Files\Oberon Media\Poker Superstars 2\install.log”
Power Tab Editor 1.7 → MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO → “C:\Program Files\PowerISO\uninstall.exe”
Project64 1.6 → MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Python 2.2 pywin32 extensions (build 203) → “C:\Python22\Removepywin32.exe” -u “C:\Python22\pywin32-wininst.log”
Python 2.2.3 → C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime → MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Rainbow Web → “C:\Program Files\Oberon Media\Rainbow Web\Uninstall.exe” “C:\Program Files\Oberon Media\Rainbow Web\install.log”
RapidLeecher .Net v 5.0 - ALPHA TECHNOLOGY PREVIEW → MsiExec.exe /I{4CDDD091-2037-4A8E-94A8-0EA0BFB15C82}
RealPlayer → C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver → RtlUpd.exe -r -m
Registry Mechanic 6.0 → “C:\Program Files\Registry Mechanic\unins000.exe”
Ricochet Lost Worlds → “C:\Program Files\Oberon Media\Ricochet Lost Worlds\Uninstall.exe” “C:\Program Files\Oberon Media\Ricochet Lost Worlds\install.log”
River Past Audio Converter Pro → C:\WINDOWS\Audio Converter Pro Uninstaller.exe
Security Update for CAPICOM (KB931906) → MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) → MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) → “C:\WINDOWS$NtUninstallKB898458$\spuninst\spuninst.exe”
Security Update for Step By Step Interactive Training (KB923723) → “C:\WINDOWS$NtUninstallKB923723$\spuninst\spuninst.exe”
SimCity 4 Deluxe → C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Slingo → “C:\Program Files\Oberon Media\Slingo\Uninstall.exe” “C:\Program Files\Oberon Media\Slingo\install.log”
SmartSound Quicktracks Plugin → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Solar System 3D Screensaver 1.2 → “C:\Program Files\Solar System 3D Screensaver\unins000.exe”
Sonic Express Labeler → MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus → MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio → MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy → MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data → MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager → MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 1.1.1 → C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.4 → “C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Studio 9 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D02FCF71-B9A2-406F-ABE5-8E183526CDDF}\Setup.exe” -l0x9 UNINSTALL
SX Fidelity Amplifier → C:\Program Files\SX Fidelity Amplifier\uninst.exe
Tiks Texas Hold em → “C:\Program Files\Oberon Media\Tiks Texas Hold em\Uninstall.exe” “C:\Program Files\Oberon Media\Tiks Texas Hold em\install.log”
TKL Puzzle 2.0 → C:\Program Files\TKL Puzzle 2.0\uninstall.exe
Total Video Converter 3.02 → “C:\Program Files\Total Video Converter\unins000.exe”
TVUPlayer 2.2.1.23 Beta → C:\Program Files\TVUPlayer\uninst.exe
Uniblue Registry Booster → “C:\Program Files\Uniblue\Registry Booster\unins000.exe”
Uniblue RegistryBooster 2 → “C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe”
Uniblue SpyEraser → “C:\Program Files\Uniblue\SpyEraser\unins000.exe”
Update Rollup 2 for Windows XP Media Center Edition 2005 →
Updates from HP (remove only) → C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Video Piggy → MsiExec.exe /I{0ECD747E-1AC3-46DA-B63E-107543759C63}
VideoLAN VLC media player 0.8.5 → C:\Program Files\VideoLAN\VLC\uninstall.exe
VIPER TV PLAYER → C:\Program Files\VIPER TV PLAYER\maintenance.exe
VIPER TV PLAYER (v 7.1.1) → C:\Program Files\VIPER TV PLAYER\maintenance.exe
Vitalize! → C:\Program Files\Common Files\Vitalize\Uninstal.exe
Walaber’s Trampoline → MsiExec.exe /I{9617BEC2-A487-40E7-94FB-AC699F1B360B}
WD Diagnostics → MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WIDCOMM Bluetooth Software → MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Wii Play the Drums → MsiExec.exe /I{45833D08-FB60-47EE-86DC-868EC31ADB50}
WinAVIVideoConverter → “C:\Program Files\WinAVIVideoConverter\unins000.exe”
Windows Defender → MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) → C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) → C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) → C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live Messenger → MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime → “C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows XP Media Center Edition 2005 KB925766 → “C:\WINDOWS$NtUninstallKB925766$\spuninst\spuninst.exe”
WinPatrol 2007 → C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver → C:\Program Files\WinRAR\uninstall.exe
Wonderland - Secret Worlds → “C:\Program Files\Oberon Media\Wonderland - Secret Worlds\Uninstall.exe” “C:\Program Files\Oberon Media\Wonderland - Secret Worlds\install.log”
Woodland Dreams → C:\Program Files\Delfyn Software\Woodland Dreams\Uninst_Woodland Dreams.exe /U “C:\Program Files\Delfyn Software\Woodland Dreams\Uninst_Woodland Dreams.log”
Xfire (remove only) → “C:\Program Files\Xfire\uninst.exe”
Xilisoft 3GP Video Converter → C:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
XviD MPEG-4 Video Codec → “C:\Program Files\XviD\unins000.exe”
Yahoo! Toolbar → C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm → C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zuma Deluxe → “C:\Program Files\Oberon Media\Zuma Deluxe\Uninstall.exe” “C:\Program Files\Oberon Media\Zuma Deluxe\install.log”

system · November 19, 2007, 2:28am

– Application Event Log -------------------------------------------------------

Event Record #/Type10696 / Error
Event Submitted/Written: 11/19/2007 00:14:32 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type10695 / Error
Event Submitted/Written: 11/19/2007 00:14:32 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type10694 / Error
Event Submitted/Written: 11/19/2007 00:10:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20071.2514, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type10678 / Error
Event Submitted/Written: 11/19/2007 11:54:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sopcast.exe, version 1.1.2.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [sopcast.exe!ws!]

Event Record #/Type10646 / Success
Event Submitted/Written: 11/18/2007 06:40:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type21594 / Error
Event Submitted/Written: 11/19/2007 11:58:08 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type21593 / Warning
Event Submitted/Written: 11/19/2007 11:58:05 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00142B003ADB. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type21589 / Warning
Event Submitted/Written: 11/19/2007 11:55:17 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of “SAS window”

Event Record #/Type21588 / Warning
Event Submitted/Written: 11/19/2007 11:55:16 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of “SAS window”

Event Record #/Type21587 / Warning
Event Submitted/Written: 11/19/2007 11:55:16 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

– End of Deckard’s System Scanner: finished at 2007-11-19 12:15:41 ------------

[b]-----

Again, my apologies for the multiple posts. Perhaps there is a way to include it all into one post? Granted…that isn’t the real problem here

Look forward to your next response :)[/b]

oldman960 · November 19, 2007, 3:46am

Hi, I’m not finding a whole lot.

You should upload this file to www.virustotal.com

C:\WINDOWS\system32\d3d9caps.dat

You can open HJT and fix this line

O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)

I’ll look a bit more, but not really finding anything.

Possible .exe virus/trojan?

Deckard’s System Scanner v20071014.68 Run by HP_Administrator on 2007-11-19 12:11:36 Computer is in Normal Mode.

Deckard’s System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post.

Announcements

Deckard’s System Scanner v20071014.68
Run by HP_Administrator on 2007-11-19 12:11:36
Computer is in Normal Mode.

Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.