Results 1 to 7 of 7
  1. #1
    Member AbsolutePwn's Avatar
    Join Date
    Jul 2007
    Location
    Kelowna, BC, Canada!
    Posts
    57
    Points
    1

    Default CWC.Msconfig amoung other viruses?

    hey help2go team. i have contacted you before about my computer, but this is now my dads computer am asking about. good luck!

    alright, about two days ago, my dad started having problems with his comuter. it would boot slowly and lock-up when he was just browsing the internet. he called me and i started scanning and troubleshooting. I scanned with AVG-U3 edition on my USB in safe mode and it came up with nothing. I then ran Hijackthis and put the info into the Help2Go detective. I did exactly what it told me to do yet it still comes back. I downloaded CWS Shredder, and ran it. it said that it removed (1) variant of cool web search (CWS.Msconfig) . Anyways, there is still a problem with the computer and it seems virus related. I have combo fix, hijackthis, and CWS-Shredder on my comp. Anyways, thanks for considering my issue. Hijackthis, CWS-Shredder log below.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:53:17 PM, on 01/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Shaw Secure\Common\FSM32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whistlerblackcomb.com/wea...tler/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [EPSON Stylus CX7800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /FU "C:\Windows\TEMP\E_S4CDD.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7185 bytes











    **** Run Keys ****

    RUN: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    RUN: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    RUN: [KBD] C:\HP\KBD\KbdStub.EXE
    RUN: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    RUN: [RtHDVCpl] RtHDVCpl.exe
    RUN: []
    RUN: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    RUN: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    RUN: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    RUN: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
    RUN: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    RUN: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    RUN: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    RUN: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    RUN: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    RUN: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    RUN: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    RUN: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    RUN: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"


    **** Browser Helper Objects ****

    BHO: [Adobe PDF Reader Link Helper] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: [Groove GFS Browser Helper] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: [Groove GFS Browser Helper] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: [Windows Live Sign-in Helper] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    **** IE Toolbars ****



    **** IE Extensions ****

    IEExt: [Send to OneNote]
    IEExt: [Research]


    **** Hosts File Entries ****

    HOSTS: 127.0.0.1 localhost
    HOSTS: ::1 localhost
    HOSTS: ::1 localhost


    **** IE Settings ****

    Default Page: http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
    Local Page: C:\Windows\system32\blank.htm
    Search Page: http://go.microsoft.com/fwlink/?LinkId=54896


    **** IE Context Menu (Right click) ****

    IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000


    **** Layered Service Providers ****

    LSP: F-Secure Protocol Scanner [MSAFD Tcpip [TCP/IP]]
    LSP: F-Secure Protocol Scanner [MSAFD Tcpip [UDP/IP]]
    LSP: F-Secure Protocol Scanner [MSAFD Tcpip [TCP/IPv6]]
    LSP: F-Secure Protocol Scanner [MSAFD Tcpip [UDP/IPv6]]
    LSP: F-Secure Protocol Scanner [MSAFD NetBIOS [\Device\NetBT_Tcpip_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] SEQPACKET 4]
    LSP: F-Secure Protocol Scanner [MSAFD NetBIOS [\Device\NetBT_Tcpip_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] DATAGRAM 4]
    LSP: F-Secure Protocol Scanner [MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] SEQPACKET 5]
    LSP: F-Secure Protocol Scanner [MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] DATAGRAM 5]
    LSP: MSAFD Tcpip [TCP/IP]
    LSP: MSAFD Tcpip [UDP/IP]
    LSP: MSAFD Tcpip [TCP/IPv6]
    LSP: MSAFD Tcpip [UDP/IPv6]
    LSP: RSVP TCPv6 Service Provider
    LSP: RSVP TCP Service Provider
    LSP: RSVP UDPv6 Service Provider
    LSP: RSVP UDP Service Provider
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] SEQPACKET 4
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] DATAGRAM 4
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] SEQPACKET 5
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B870F29E-20CD-4BA0-914D-E3B302B8BE49}] DATAGRAM 5


    **** Blocked Control Panel Items ****



    **** Downloaded Program Files ****

    {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jin...dows-i586.cab]
    {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jin...dows-i586.cab]


    **** Windows Services ****

    [AeLookupSvc] %systemroot%\system32\svchost.exe -k netsvcs
    [ALG] %SystemRoot%\System32\alg.exe
    [Appinfo] %SystemRoot%\system32\svchost.exe -k netsvcs
    [AudioEndpointBuilder] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    [Audiosrv] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [BFE] %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    [BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
    [CertPropSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
    [clr_optimization_v2.0.50727_32] %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    [COMSysApp] %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    [CryptSvc] %SystemRoot%\system32\svchost.exe -k NetworkService
    [DcomLaunch] %SystemRoot%\system32\svchost.exe -k DcomLaunch
    [DFSR] %SystemRoot%\system32\DFSR.exe
    [Dhcp] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    [Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
    [dot3svc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [DPS] %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    [EapHost] %SystemRoot%\System32\svchost.exe -k netsvcs
    [ehRecvr] %systemroot%\ehome\ehRecvr.exe
    [ehSched] %systemroot%\ehome\ehsched.exe
    [ehstart] %windir%\system32\svchost.exe -k LocalServiceNoNetwork
    [EMDMgmt] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [Eventlog] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [EventSystem] %SystemRoot%\system32\svchost.exe -k LocalService
    [F-Secure Gatekeeper Handler Starter] "C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe"
    [fdPHost] %SystemRoot%\system32\svchost.exe -k LocalService
    [FDResPub] %SystemRoot%\system32\svchost.exe -k LocalService
    [FontCache3.0.0.0] %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    [FSAUA] "C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe"
    [FSDFWD] "C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe"
    [FSMA] "C:\Program Files\Shaw Secure\Common\FSMA32.EXE"
    [gpsvc] %systemroot%\system32\svchost.exe -k netsvcs
    [hidserv] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [IDriverT] "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
    [idsvc] "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    [IKEEXT] %systemroot%\system32\svchost.exe -k netsvcs
    [IPBusEnum] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [iphlpsvc] %SystemRoot%\System32\svchost.exe -k NetSvcs
    [KeyIso] %SystemRoot%\system32\lsass.exe
    [KtmRm] %SystemRoot%\System32\svchost.exe -k NetworkService
    [LanmanServer] %SystemRoot%\system32\svchost.exe -k netsvcs
    [LanmanWorkstation] %SystemRoot%\System32\svchost.exe -k LocalService
    [LightScribeService] "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
    [lltdsvc] %SystemRoot%\System32\svchost.exe -k LocalService
    [lmhosts] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    [Mcx2Svc] %SystemRoot%\system32\svchost.exe -k LocalService
    [Microsoft Office Groove Audit Service] "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
    [MMCSS] %SystemRoot%\system32\svchost.exe -k netsvcs
    [MpsSvc] %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
    [MSDTC] %SystemRoot%\System32\msdtc.exe
    [MSiSCSI] %systemroot%\system32\svchost.exe -k netsvcs
    [msiserver] %systemroot%\system32\msiexec /V
    [napagent] %SystemRoot%\System32\svchost.exe -k NetworkService
    [NBService] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    [Netlogon] %systemroot%\system32\lsass.exe
    [Netman] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    [netprofm] %SystemRoot%\System32\svchost.exe -k LocalService
    [NetTcpPortSharing] "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
    [NlaSvc] %SystemRoot%\System32\svchost.exe -k NetworkService
    [NMIndexingService] "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
    [nsi] %systemroot%\system32\svchost.exe -k LocalService
    [odserv] "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
    [ose] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    [p2pimsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [p2psvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [PcaSvc] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [pla] %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    [PlugPlay] %SystemRoot%\system32\svchost.exe -k DcomLaunch
    [PNRPAutoReg] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [PNRPsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [PolicyAgent] %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
    [ProfSvc] %systemroot%\system32\svchost.exe -k netsvcs
    [ProtectedStorage] %SystemRoot%\system32\lsass.exe
    [QWAVE] %windir%\system32\svchost.exe -k LocalService
    [RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RemoteRegistry] %SystemRoot%\system32\svchost.exe -k regsvc
    [RoxMediaDB9] "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
    [RpcLocator] %SystemRoot%\system32\locator.exe
    [RpcSs] %SystemRoot%\system32\svchost.exe -k rpcss
    [SamSs] %SystemRoot%\system32\lsass.exe
    [SCardSvr] %SystemRoot%\system32\svchost.exe -k LocalService
    [Schedule] %systemroot%\system32\svchost.exe -k netsvcs
    [SCPolicySvc] %SystemRoot%\system32\svchost.exe -k netsvcs
    [SDRSVC] %SystemRoot%\system32\svchost.exe -k SDRSVC
    [seclogon] %windir%\system32\svchost.exe -k netsvcs
    [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
    [SessionEnv] %SystemRoot%\System32\svchost.exe -k netsvcs
    [SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
    [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
    [slsvc] %SystemRoot%\system32\SLsvc.exe
    [SLUINotify] %SystemRoot%\system32\svchost.exe -k LocalService
    [SNMPTRAP] %SystemRoot%\System32\snmptrap.exe
    [Spooler] %SystemRoot%\System32\spoolsv.exe
    [SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
    [stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
    [stllssvr] "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
    [swprv] %SystemRoot%\System32\svchost.exe -k swprv
    [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
    [SysMain] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [TabletInputService] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    [TapiSrv] %SystemRoot%\System32\svchost.exe -k NetworkService
    [TBS] %SystemRoot%\System32\svchost.exe -k LocalService
    [TermService] %SystemRoot%\System32\svchost.exe -k NetworkService
    [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
    [THREADORDER] %SystemRoot%\system32\svchost.exe -k LocalService
    [TrkWks] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    [TrustedInstaller] %SystemRoot%\servicing\TrustedInstaller.exe
    [UI0Detect] %SystemRoot%\system32\UI0Detect.exe
    [upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
    [usnjsvc] "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
    [UxSms] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    [vds] %SystemRoot%\System32\vds.exe
    [VSS] %systemroot%\system32\vssvc.exe
    [W32Time] %SystemRoot%\system32\svchost.exe -k LocalService
    [wcncsvc] %SystemRoot%\System32\svchost.exe -k LocalService
    [WcsPlugInService] %SystemRoot%\system32\svchost.exe -k wcssvc
    [WdiServiceHost] %SystemRoot%\System32\svchost.exe -k wdisvc
    [WdiSystemHost] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    [WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
    [Wecsvc] %SystemRoot%\system32\svchost.exe -k NetworkService
    [wercplsupport] %SystemRoot%\System32\svchost.exe -k netsvcs
    [WerSvc] %SystemRoot%\System32\svchost.exe -k WerSvcGroup
    [WinDefend] %SystemRoot%\System32\svchost.exe -k secsvcs
    [WinHttpAutoProxySvc] %SystemRoot%\system32\svchost.exe -k LocalService
    [Winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
    [WinRM] %SystemRoot%\System32\svchost.exe -k NetworkService
    [Wlansvc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [WLSetupSvc] "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
    [wmiApSrv] %systemroot%\system32\wbem\WmiApSrv.exe
    [WMPNetworkSvc] "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
    [WPCSvc] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    [WPDBusEnum] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [wscsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    [WSearch] %systemroot%\system32\SearchIndexer.exe /Embedding
    [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
    [wudfsvc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    [XAudioService] %SystemRoot%\system32\DRIVERS\xaudio.exe


    **** Custom IE Search Items ****

    SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    **** Complete IE Options ****

    IEOPT: [Disable Script Debugger] yes
    IEOPT: [Start Page] http://www.whistlerblackcomb.com/wea...tler/index.htm
    IEOPT: [Anchor Underline] yes
    IEOPT: [Cache_Update_Frequency] Once_Per_Session
    IEOPT: [Display Inline Images] yes
    IEOPT: [Do404Search]
    IEOPT: [Local Page] C:\Windows\system32\blank.htm
    IEOPT: [Save_Session_History_On_Exit] no
    IEOPT: [Show_FullURL] no
    IEOPT: [Show_StatusBar] yes
    IEOPT: [Show_ToolBar] yes
    IEOPT: [Show_URLinStatusBar] yes
    IEOPT: [Show_URLToolBar] yes
    IEOPT: [Use_DlgBox_Colors] yes
    IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
    IEOPT: [XMLHTTP]
    IEOPT: [NoUpdateCheck]
    IEOPT: [UseClearType] no
    IEOPT: [Enable Browser Extensions] yes
    IEOPT: [Play_Background_Sounds] yes
    IEOPT: [Play_Animations] yes
    IEOPT: [CompatibilityFlags]
    IEOPT: [FullScreen] no
    IEOPT: [SearchMigrated]
    IEOPT: [Window_Placement] ,
    IEOPT: [StartPageCache]
    IEOPT: [RunOnceComplete]
    IEOPT: [RunOnceHasShown]
    IEOPT: [Use FormSuggest] yes
    IEOPT: [NotifyDownloadComplete] no
    IEOPT: [AlwaysShowMenus]
    IEOPT: [AutoHide] yes
    IEOPT: [ShowedCheckBrowser] Yes
    IEOPT: [Check_Associations] no
    IEOPT: [AutoHide] yes
    IEOPT: [Default_Page_URL] http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    IEOPT: [Default_Secondary_Page_URL]
    IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896
    IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
    IEOPT: [Extensions Off Page] about:NoAdd-ons
    IEOPT: [Security Risk Page] about:SecurityRisk
    IEOPT: [Enable_Disk_Cache] yes
    IEOPT: [Cache_Percent_of_Disk]
    IEOPT: [Delete_Temp_Files_On_Exit] yes
    IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
    IEOPT: [Anchor_Visitation_Horizon]
    IEOPT: [Use_Async_DNS] yes
    IEOPT: [Placeholder_Width]
    IEOPT: [Placeholder_Height]
    IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HP DV7 Laptop
    - Windows 7 Home Premium 64-bit
    - Intel Core i7 CPU Q-720 @ 1.60GHz
    - 4GB DDR3 Ram
    - nVidea GeForce GT 230m (1GB Video Memory)
    - 500GB Hard Drive @ 7200RPM
    - 1TB Seagate External Hard Drive Connected VIA e-SATA.

  2. #2
    Member AbsolutePwn's Avatar
    Join Date
    Jul 2007
    Location
    Kelowna, BC, Canada!
    Posts
    57
    Points
    1

    Default

    Here is the scan results from Deckard's System Scanner (DSS):

    Main.txt:

    Deckard's System Scanner v20071014.68
    Run by Welch Family on 2008-03-01 19:21:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Welch Family.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:23, on 2008-03-01
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Shaw Secure\Common\FSM32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\hp\kbd\kbd.exe
    C:\Users\Welch Family\Desktop\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Welch Family.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whistlerblackcomb.com/wea...tler/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6932 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe"

    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-01 18:44:24 526 --a------ C:\Windows\Tasks\Scheduled scanning task.job


    -- Files created between 2008-02-01 and 2008-03-01 -----------------------------

    2008-03-01 19:18:00 68096 --a------ C:\Windows\system32\zip.exe
    2008-03-01 19:17:59 98816 --a------ C:\Windows\system32\sed.exe
    2008-03-01 19:17:59 80412 --a------ C:\Windows\system32\grep.exe
    2008-03-01 19:17:59 73728 --a------ C:\Windows\system32\fdsv.exe
    2008-03-01 19:17:57 53248 --a------ C:\Windows\PSEXESVC.EXE
    2008-03-01 18:51:53 0 d-------- C:\Program Files\Trend Micro


    -- Find3M Report ---------------------------------------------------------------

    2008-03-01 17:08:13 0 d-------- C:\Users\Welch Family\AppData\Roaming\U3
    2008-02-13 03:18:19 0 d-------- C:\Program Files\Shaw Secure
    2008-01-24 21:10:21 0 d-------- C:\Users\Welch Family\AppData\Roaming\Ahead
    2008-01-24 21:09:21 0 d-------- C:\Program Files\Common Files\Ahead
    2008-01-24 21:07:46 0 d-------- C:\Program Files\Nero
    2008-01-24 21:07:46 0 d-------- C:\Program Files\Common Files
    2008-01-23 16:09:54 0 d-------- C:\Users\Welch Family\AppData\Roaming\MSNInstaller
    2008-01-19 09:16:00 0 d-------- C:\Users\Welch Family\AppData\Roaming\Roxio
    2008-01-09 03:09:05 0 d-------- C:\Program Files\Windows Sidebar
    2008-01-09 03:09:05 0 d-------- C:\Program Files\Windows Mail
    2008-01-06 11:14:57 0 d-------- C:\Program Files\Common Files\Adobe
    2008-01-06 11:09:16 0 d-------- C:\Users\Welch Family\AppData\Roaming\Adobe
    2007-12-22 17:11:36 286720 -----n--- C:\Windows\Setup1.exe
    2007-12-22 17:11:35 73216 --a------ C:\Windows\ST6UNST.EXE
    2007-12-13 21:11:40 0 --a------ C:\Windows\nsreg.dat
    2007-12-13 20:50:08 38386 --a------ C:\Users\Welch Family\AppData\Roaming\Comma Separated Values (Windows).ADR
    2007-12-11 22:28:50 174 --ahs---- C:\Program Files\desktop.ini
    2007-12-03 17:33:18 802816 --a------ C:\Windows\system32\divx_xx11.dll
    2007-12-03 17:33:18 823296 --a------ C:\Windows\system32\divx_xx0c.dll
    2007-12-03 17:33:18 823296 --a------ C:\Windows\system32\divx_xx07.dll
    2007-12-03 17:33:16 682496 --a------ C:\Windows\system32\DivX.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-17 10:34]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 05:42]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 08:16]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 02:59]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 07:38 C:\Windows\RtHDVCpl.exe]
    "@"="" []
    "SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 13:55]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
    "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 01:45]
    "F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2007-11-01 03:42]
    "F-Secure TNB"="C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" [2007-11-01 03:42]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 03:01]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Launcher"=%WINDIR%\SMINST\launcher.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2007-12-22 17:57:13]
    Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 13:55:02]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "disableregistrytools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c0451d2-cbcc-11dc-9871-001bb97b0d50}]
    AutoRun\command- F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad1c2ee8-a84e-11dc-89b8-001bb97b0d50}]
    AutoRun\command- K:\SETUP.EXE /AUTORUN
    configure\command- K:\SETUP.EXE
    install\command- K:\SETUP.EXE


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-01 19:25:30 ------------



    Extra.txt:


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
    Percentage of Memory in Use: 42%
    Physical Memory (total/avail): 1917.88 MiB / 1097.67 MiB
    Pagefile Memory (total/avail): 4057.47 MiB / 3216.24 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1913.3 MiB

    C: is Fixed (NTFS) - 289.23 GiB total, 268.54 GiB free.
    D: is Fixed (NTFS) - 8.86 GiB total, 1.02 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (CDFS)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)
    K: is CDROM (No Media)
    L: is Removable (FAT32)

    \\.\PHYSICALDRIVE0 - ST332082 0AS SCSI Disk Device - 298.09 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 289.23 GiB - C:
    \PARTITION1 - Installable File System - 8.86 GiB - D:

    \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

    \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

    \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

    \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

    \\.\PHYSICALDRIVE5 - SanDisk U3 Cruzer Micro USB Device - 7.65 GiB - 1 partition
    \PARTITION0 - Unknown - 7.64 GiB - L:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: Shaw Secure 2.0 7.03 v7.03 (F-Secure Corporation)
    AV: Shaw Secure 2.0 7.03 v7.03 (F-Secure Corporation)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: Shaw Secure 2.0 7.03 v7.03 (F-Secure Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Welch Family\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=WELCHFAMILY-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Welch Family
    LOCALAPPDATA=C:\Users\Welch Family\AppData\Local
    LOGONSERVER=\\WELCHFAMILY-PC
    NUMBER_OF_PROCESSORS=2
    OnlineServices=Online Services
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PCBRAND=Presario
    PLATFORM=HPD
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=6b01
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\WELCHF~1\AppData\Local\Temp
    TMP=C:\Users\WELCHF~1\AppData\Local\Temp
    USERDOMAIN=WelchFamily-PC
    USERNAME=Welch Family
    USERPROFILE=C:\Users\Welch Family
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Welch Family


    -- Add/Remove Programs ---------------------------------------------------------

    --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
    --> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
    --> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
    --> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
    --> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
    --> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
    --> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
    --> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
    --> "C:\Program Files\HP Games\Cue Master\Uninstall.exe"
    --> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
    --> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
    --> "C:\Program Files\HP Games\FATE\Uninstall.exe"
    --> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
    --> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
    --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
    --> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
    --> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
    --> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
    --> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
    --> "C:\Program Files\HP Games\Otto\Uninstall.exe"
    --> "C:\Program Files\HP Games\Overball\Uninstall.exe"
    --> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
    --> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
    --> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
    --> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
    --> "C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
    --> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
    --> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
    --> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
    --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
    --> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
    --> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
    --> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
    --> C:\Windows\UNNeroVision.exe /UNINSTALL
    --> C:\Windows\UNRecode.exe /UNINSTALL
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    ACDSee Pro --> MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B}
    Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
    EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
    Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    HijackThis / CWShredder Installer 1.0 --> "C:\Program Files\HijackThis\unins000.exe"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
    HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
    HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
    HP On-Screen Cap/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
    HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
    HP PhotoSmart Photo Printing Software --> C:\Windows\IsUninst.exe -f"C:\Program Files\HP PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\HP PhotoSmart\Photo Printing\HpiUPPrn.dll
    HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
    HP Total Care Advisor --> MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
    HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
    My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
    Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    PrintKey2000 --> C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
    Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
    Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
    Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD Basic v9 --> MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Shaw Secure 2.0 --> "C:\Program Files\Shaw Secure\FSGUI\PostInstall.exe" /tUnInstall
    Snapfish Media Detector --> MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
    Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
    Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
    Upgrade --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Upgrade\ST6UNST.LOG"
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type3324 / Error
    Event Submitted/Written: 03/01/2008 06:49:53 PM
    Event ID/Source: 5007 / WerSvc
    Event Description:
    The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

    Event Record #/Type3322 / Error
    Event Submitted/Written: 03/01/2008 06:48:18 PM
    Event ID/Source: 103 / F-Secure Anti-Virus
    Event Description:
    3 2008-03-01 18:48:09-07:00 welchfamily-pc SYSTEM F-Secure Anti-Virus
    Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR\9482F4B4-E343-43B6-B170-9A65BC822C77\WUREDIR.XML was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

    Event Record #/Type3321 / Error
    Event Submitted/Written: 03/01/2008 06:48:16 PM
    Event ID/Source: 103 / F-Secure Anti-Virus
    Event Description:
    2 2008-03-01 18:47:59-07:00 welchfamily-pc SYSTEM F-Secure Anti-Virus
    Scanning of \DEVICE\HARDDISKVOLUME1\USERS\WELCH FAMILY\PICTURES\MY PICTURES\SUMMER 2006\DSCN0894.JPG was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

    Event Record #/Type3320 / Error
    Event Submitted/Written: 03/01/2008 06:48:15 PM
    Event ID/Source: 103 / F-Secure Anti-Virus
    Event Description:
    1 2008-03-01 18:47:57-07:00 welchfamily-pc SYSTEM F-Secure Anti-Virus
    Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\WBEMESS.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

    Event Record #/Type3316 / Success
    Event Submitted/Written: 03/01/2008 06:43:08 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:




    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type17573 / Warning
    Event Submitted/Written: 03/01/2008 07:24:27 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %WelchFamily-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WelchFamily-PC27 can't undo changes that you allow.

    For more information please see the following:
    %WelchFamily-PC275

    Scan ID: {0DF19C08-5B4D-44D7-8708-F015CDF637AA}

    User: WelchFamily-PC\Welch Family

    Name: %WelchFamily-PC271

    ID: %WelchFamily-PC272

    Severity ID: %WelchFamily-PC273

    Category ID: %WelchFamily-PC274

    Path Found: %WelchFamily-PC276

    Alert Type: %WelchFamily-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type17572 / Warning
    Event Submitted/Written: 03/01/2008 07:24:27 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %WelchFamily-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WelchFamily-PC27 can't undo changes that you allow.

    For more information please see the following:
    %WelchFamily-PC275

    Scan ID: {3C49A4BB-E5F7-43D8-B6CD-64CF40F5A5A7}

    User: WelchFamily-PC\Welch Family

    Name: %WelchFamily-PC271

    ID: %WelchFamily-PC272

    Severity ID: %WelchFamily-PC273

    Category ID: %WelchFamily-PC274

    Path Found: %WelchFamily-PC276

    Alert Type: %WelchFamily-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type17571 / Warning
    Event Submitted/Written: 03/01/2008 07:24:27 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %WelchFamily-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WelchFamily-PC27 can't undo changes that you allow.

    For more information please see the following:
    %WelchFamily-PC275

    Scan ID: {BCBD1375-98B1-4EB9-B79F-38CA21117E1D}

    User: WelchFamily-PC\Welch Family

    Name: %WelchFamily-PC271

    ID: %WelchFamily-PC272

    Severity ID: %WelchFamily-PC273

    Category ID: %WelchFamily-PC274

    Path Found: %WelchFamily-PC276

    Alert Type: %WelchFamily-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type17570 / Warning
    Event Submitted/Written: 03/01/2008 07:24:26 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %WelchFamily-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WelchFamily-PC27 can't undo changes that you allow.

    For more information please see the following:
    %WelchFamily-PC275

    Scan ID: {7BD8CD83-8C62-4FDC-888A-72B332F06B64}

    User: WelchFamily-PC\Welch Family

    Name: %WelchFamily-PC271

    ID: %WelchFamily-PC272

    Severity ID: %WelchFamily-PC273

    Category ID: %WelchFamily-PC274

    Path Found: %WelchFamily-PC276

    Alert Type: %WelchFamily-PC278

    Detection Type: 1.1.1505.02

    Event Record #/Type17569 / Warning
    Event Submitted/Written: 03/01/2008 07:24:25 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %WelchFamily-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WelchFamily-PC27 can't undo changes that you allow.

    For more information please see the following:
    %WelchFamily-PC275

    Scan ID: {6CEBE66E-7CF1-4B7F-86BB-67671D364BF0}

    User: WelchFamily-PC\Welch Family

    Name: %WelchFamily-PC271

    ID: %WelchFamily-PC272

    Severity ID: %WelchFamily-PC273

    Category ID: %WelchFamily-PC274

    Path Found: %WelchFamily-PC276

    Alert Type: %WelchFamily-PC278

    Detection Type: 1.1.1505.02



    -- End of Deckard's System Scanner: finished at 2008-03-01 19:25:30 ------------
    HP DV7 Laptop
    - Windows 7 Home Premium 64-bit
    - Intel Core i7 CPU Q-720 @ 1.60GHz
    - 4GB DDR3 Ram
    - nVidea GeForce GT 230m (1GB Video Memory)
    - 500GB Hard Drive @ 7200RPM
    - 1TB Seagate External Hard Drive Connected VIA e-SATA.

  3. #3
    Member
    Join Date
    Feb 2008
    Posts
    110
    Points
    38

    Default

    Hello

    It is important that you don't run any tools unless a helper tells you to


    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      F:\LaunchU3.exe
      K:\SETUP.EXE
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      purity
      HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\explorer\mountpoints2\F
      HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\explorer\mountpoints2\{0c0451d2-cbcc-11dc-9871-00 1bb97b0d50}
      HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\explorer\mountpoints2\{ad1c2ee8-a84e-11dc-89b8-00 1bb97b0d50}
    • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:[list:600ed0ca2e]
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
    [*]Click OK[*]Now under select a target to scan:
    • Select My Computer
    [*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
    [*]Save the file to your desktop.[*]Copy and paste that information in your next post.[/list:u:600ed0ca2e]



    Reboot and post a new DSS log

  4. #4
    Member AbsolutePwn's Avatar
    Join Date
    Jul 2007
    Location
    Kelowna, BC, Canada!
    Posts
    57
    Points
    1

    Default

    The results from MoveIt:

    File/Folder not found.
    File/Folder F:\LaunchU3.exe not found.
    File/Folder K:\SETUP.EXE not found.
    [Custom Input]


    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\explorer\mountpoints2\F\\ not found.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\explorer\mountpoints2\{0c0451d2-cbcc-11dc-9871-00 1bb97b0d50}\\ not found.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentve rsion\explorer\mountpoints2\{ad1c2ee8-a84e-11dc-89b8-00 1bb97b0d50}\\ not found.

    OTMoveIt2 v1.0.20 log created on 03062008_214604


    The reason that a few of those things were not found was because they were from the U3 system on my USB. (http://en.wikipedia.org/wiki/U3). The U3 system is not a virus in any way.




    New HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:23, on 2008-03-01
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Shaw Secure\Common\FSM32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\hp\kbd\kbd.exe
    C:\Users\Welch Family\Desktop\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Welch Family.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whistlerblackcomb.com/wea...tler/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6932 bytes



    That BHO object that you asked me to remove is still there. i repeated the process you told me to do, but it would not go away. i followed EVERY step you asked me to.


    I am scanning with kaspersky right now and i will post the log when it is done. By the way, i scanned with Trend micro housecall, Shaw secure, spybot search and destroy, Xoftspy, Avast! and Ad-Aware. All of those programs said that this system is clean. I scanned with CWS-Shredder, and it says that it removes CWS.msconfig, but when i scan again, it says that it is still there.

    I have also found that people have had false-positives with this type of virus. (http://www.wilderssecurity.com/archi...p/t-58055.html)


    ^^^^^ that is just an idea ^^^^^


    THANK YOU!
    HP DV7 Laptop
    - Windows 7 Home Premium 64-bit
    - Intel Core i7 CPU Q-720 @ 1.60GHz
    - 4GB DDR3 Ram
    - nVidea GeForce GT 230m (1GB Video Memory)
    - 500GB Hard Drive @ 7200RPM
    - 1TB Seagate External Hard Drive Connected VIA e-SATA.

  5. #5
    Member AbsolutePwn's Avatar
    Join Date
    Jul 2007
    Location
    Kelowna, BC, Canada!
    Posts
    57
    Points
    1

    Default

    Kaspersky online scan results:


    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, March 07, 2008 6:49:55 AM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/03/2008
    Kaspersky Anti-Virus database records: 607941
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan Statistics:
    Total number of scanned objects: 120531
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 02:18:55

    Infected Object Name / Virus Name / Last Action
    C:\Boot\BCD Object is locked skipped
    C:\Boot\BCD.LOG Object is locked skipped
    C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
    C:\Program Files\Shaw Secure\Anti-Virus\dbupdate.log Object is locked skipped
    C:\Program Files\Shaw Secure\Anti-Virus\deleteme_msg.log Object is locked skipped
    C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
    C:\Program Files\Shaw Secure\Anti-Virus\perf.dat Object is locked skipped
    C:\Program Files\Shaw Secure\Anti-Virus\power.dat Object is locked skipped
    C:\Program Files\Shaw Secure\Common\History\ha.bpf Object is locked skipped
    C:\Program Files\Shaw Secure\Common\History\index.txt Object is locked skipped
    C:\Program Files\Shaw Secure\Common\Invalid\ia.bpf Object is locked skipped
    C:\Program Files\Shaw Secure\Common\Invalid\ib.bpf Object is locked skipped
    C:\Program Files\Shaw Secure\Common\Invalid\ic.bpf Object is locked skipped
    C:\Program Files\Shaw Secure\Common\Invalid\id.bpf Object is locked skipped
    C:\Program Files\Shaw Secure\Common\Invalid\index.txt Object is locked skipped
    C:\Program Files\Shaw Secure\Common\policy.bpf Object is locked skipped
    C:\Program Files\Shaw Secure\Common\policy.ipf Object is locked skipped
    C:\Program Files\Shaw Secure\FSAUA\program\fsaua.dbg Object is locked skipped
    C:\Program Files\Shaw Secure\FSAUA\program\fsaua.log Object is locked skipped
    C:\Program Files\Shaw Secure\FSAUA\program\fsbwupst.log Object is locked skipped
    C:\ProgramData\f-secure\logs\FSMA\fsma.log Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7e202ff7f7739b41ec63e9bae8c02e7_8abda5f0-7d63-4746-a03b-8b8e3a0d5bb2 Object is locked skipped
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\store.lock Object is locked skipped
    C:\ProgramData\muvee Technologies\030625\0103\0399\values Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008030620080307\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008030620080307\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\UsrClass.dat{9453627a-a84d-11dc-81d3-001bb97b0d50}.TM.blf Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\UsrClass.dat{9453627a-a84d-11dc-81d3-001bb97b0d50}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows\UsrClass.dat{9453627a-a84d-11dc-81d3-001bb97b0d50}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows Defender\FileTracker\{F42A5574-B8A0-42E0-B695-55CB98B7808F} Object is locked skipped
    C:\Users\Welch Family\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
    C:\Users\Welch Family\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Users\Welch Family\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
    C:\Users\Welch Family\Desktop\Kellen's Installation Stuff\SmitfraudFix\Reboot.exe Object is locked skipped
    C:\Users\Welch Family\NTUSER.DAT Object is locked skipped
    C:\Users\Welch Family\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\Welch Family\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\Welch Family\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Users\Welch Family\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Welch Family\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\sam.log Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
    C:\Windows\Logs\DPX\setupact.log Object is locked skipped
    C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
    C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
    C:\Windows\security\database\secedit.sdb Object is locked skipped
    C:\Windows\SoftwareDistribution\EventCache\{F8B6C5E7-D086-4390-9AA6-2944FB021333}.bin Object is locked skipped
    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\catroot2\edb.log Object is locked skipped
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\config\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
    C:\Windows\System32\config\DEFAULT Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
    C:\Windows\System32\config\SAM Object is locked skipped
    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
    C:\Windows\System32\config\SECURITY Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
    C:\Windows\System32\config\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
    C:\Windows\System32\drivers\sptd.sys Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
    C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
    C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
    C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
    C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\Tasks\Scheduled scanning task.job Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

    Scan process completed.
    HP DV7 Laptop
    - Windows 7 Home Premium 64-bit
    - Intel Core i7 CPU Q-720 @ 1.60GHz
    - 4GB DDR3 Ram
    - nVidea GeForce GT 230m (1GB Video Memory)
    - 500GB Hard Drive @ 7200RPM
    - 1TB Seagate External Hard Drive Connected VIA e-SATA.

  6. #6
    Member
    Join Date
    Feb 2008
    Posts
    110
    Points
    38

    Default

    Your logs are clean ! We need to do a few things

    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.

  7. #7
    Member
    Join Date
    Feb 2008
    Posts
    110
    Points
    38

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.