Hi, new here. Last night I got an aspimgr.exe virus which I removed. Now whenever I click on an asp file link in a site I use, it opens in a new window instead of in the same one. How can I fix this? I have IE7.

Thanks

Welcome to PCHF.

Recommend you click on the Pre-work in my signature and follow the directions.

My apologies. Should have read more before just registering and posting! Will do as soon as I have time. Thanks in advance!

Qwikvett, post the Pre-work files/information on this thread and I'll move everything into the proper forum. Just for you...

Thanks for moving this for me Gandalf! I am not sure exactly when I picked up the aspi.mgr virus (which I think I removed). I did a system restore (before I checked back in on this thread ) and it took care of my links opening in new windows. My concern is that i ran a free "spy doctor" scan and it says I have a trojan and 2 backdoor viruses, yet my windows defender and Trend PCillin dont pick them up. Now once in a while my Trend keeps popping up an alert that I have a possible Asprox. hope this helps.


Here is the main.txt -

Deckard's System Scanner v20071014.68
Run by Dad on 2008-07-15 18:16:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-07-16 01:16:58 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:02 PM, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070107
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = SimulatedSports.com Horse Racing Game
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070107
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = VZAccess Manager
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215468741453
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 7991 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ELhid (EL hid Service) - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd (EL KB Service) - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon (EL Monitor Service) - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou (EL Mouse Service) - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.1>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
R3 tmcfw (Trend Micro Common Firewall Service) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.1>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ELService (Intel(R) Quick Resume technology) - c:\program files\intel\inteldh\intel(r) quick resume technology drivers\elservice.exe <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-07-15 18:15:35 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------
2008-07-13 02:38:24 0 d-------- C:\Program Files\UltimateBet
2008-07-13 02:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-13 01:46:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-07-13 01:46:24 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-13 00:55:31 0 d-------- C:\$AVG8.VAULT$
2008-07-13 00:25:33 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-07-13 00:25:33 0 d-------- C:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2008-07-13 00:25:27 0 d-------- C:\Program Files\AVG(2)
2008-07-13 00:25:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-07-12 20:57:15 0 d-------- C:\Documents and Settings\Dad\Application Data\Mozilla
2008-07-09 05:59:33 1437696 --a------ C:\Documents and Settings\Dad\ntuser.dat
2008-07-09 05:59:32 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-08 00:05:25 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-07-08 00:05:25 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-07-08 00:00:52 0 d-------- C:\Program Files\Aspyr
2008-07-07 21:19:28 0 d-------- C:\Program Files\UBNet
2008-07-07 21:05:40 0 d-------- C:\WINDOWS\Sun
2008-07-07 21:05:40 0 d-------- C:\Documents and Settings\Dad\Application Data\Sun
2008-07-07 17:43:58 0 d-------- C:\Program Files\EA GAMES
2008-07-07 17:28:03 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-07-07 17:28:03 0 dr-h----- C:\Documents and Settings\Dad\Application Data\SecuROM
2008-07-07 16:45:01 0 d-------- C:\Program Files\MSXML 4.0
2008-07-07 16:39:06 0 d-------- C:\Documents and Settings\Dad\Application Data\Corel
2008-07-07 16:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-07-07 16:30:21 0 d-------- C:\Documents and Settings\Dad\Application Data\FaxCtr
2008-07-07 16:28:27 0 d-------- C:\WINDOWS\Prefetch
2008-07-07 15:44:25 0 d-------- C:\WINDOWS\system32\scripting
2008-07-07 15:44:24 0 d-------- C:\WINDOWS\system32\en
2008-07-07 15:44:24 0 d-------- C:\WINDOWS\l2schemas
2008-07-07 15:44:23 0 d-------- C:\WINDOWS\system32\bits
2008-07-07 15:41:59 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-07 15:40:20 0 d-------- C:\WINDOWS\network diagnostic
2008-07-07 15:18:23 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-07 15:13:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-07 15:00:07 0 d-------- C:\Program Files\Windows Defender
2008-07-07 14:56:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-07 14:41:04 0 d-------- C:\Documents and Settings\Rick\Application Data\FaxCtr
2008-07-07 14:40:11 0 d--h----- C:\Documents and Settings\Rick\Templates
2008-07-07 14:40:11 0 dr------- C:\Documents and Settings\Rick\Start Menu
2008-07-07 14:40:11 0 dr-h----- C:\Documents and Settings\Rick\SendTo
2008-07-07 14:40:11 0 dr-h----- C:\Documents and Settings\Rick\Recent
2008-07-07 14:40:11 0 d--h----- C:\Documents and Settings\Rick\PrintHood
2008-07-07 14:40:11 786432 --ah----- C:\Documents and Settings\Rick\ntuser.dat
2008-07-07 14:40:11 0 d--h----- C:\Documents and Settings\Rick\NetHood
2008-07-07 14:40:11 0 dr------- C:\Documents and Settings\Rick\My Documents
2008-07-07 14:40:11 0 d--h----- C:\Documents and Settings\Rick\Local Settings
2008-07-07 14:40:11 0 dr------- C:\Documents and Settings\Rick\Favorites
2008-07-07 14:40:11 0 d-------- C:\Documents and Settings\Rick\Desktop
2008-07-07 14:40:11 0 d--hs---- C:\Documents and Settings\Rick\Cookies
2008-07-07 14:40:11 0 dr-h----- C:\Documents and Settings\Rick\Application Data
2008-07-07 14:40:11 0 d---s---- C:\Documents and Settings\Rick\Application Data\Microsoft
2008-07-07 14:40:11 0 d-------- C:\Documents and Settings\Rick\Application Data\InstallShield
2008-07-07 14:40:11 0 d-------- C:\Documents and Settings\Rick\Application Data\Identities
2008-07-07 14:40:11 0 d--h----- C:\Documents and Settings\Rick\Application Data\Gtek
2008-07-07 14:37:15 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-07 14:36:47 32768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-07-07 14:36:47 20480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-07-07 14:36:27 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-07-07 14:36:27 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-07-07 14:36:27 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-07-07 14:36:20 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-07-07 14:36:12 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-07-07 14:35:43 0 d-------- C:\Program Files\Lx_cats
2008-07-07 14:34:32 0 d-------- C:\Program Files\Lexmark 4300 Series
2008-07-07 14:33:34 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-07 14:07:16 0 d--hs---- C:\Documents and Settings\Dad\UserData
2008-07-07 13:59:08 0 d-------- C:\Documents and Settings\Dad\Application Data\Macromedia
2008-07-07 13:48:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-07 13:34:14 0 d-------- C:\Documents and Settings\Dad\Application Data\AdobeUM
2008-07-07 13:33:44 0 d-------- C:\Documents and Settings\Dad\Application Data\Adobe
2008-07-07 13:32:52 122 --a------ C:\Documents and Settings\Dad\Application Data\wklnhst.dat
2008-07-07 13:32:52 0 d-------- C:\Documents and Settings\Dad\Application Data\Template
2008-07-07 12:11:56 0 d-------- C:\Documents and Settings\Dad\Application Data\Google
2008-07-07 12:10:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Smith Micro
2008-07-07 12:08:17 77824 --a------ C:\WINDOWS\system32\ptdmwmcp.dll <Not Verified; DEVGURU; Application Interface DLL>
2008-07-07 12:08:17 0 d-------- C:\Program Files\PANTECH
2008-07-07 11:44:43 0 d-------- C:\Program Files\Verizon Wireless
2008-07-07 11:43:45 0 d-------- C:\Program Files\LG Drivers
2008-07-07 11:38:46 0 d--h----- C:\Documents and Settings\Dad\Templates
2008-07-07 11:38:46 0 dr------- C:\Documents and Settings\Dad\Start Menu
2008-07-07 11:38:46 0 dr-h----- C:\Documents and Settings\Dad\SendTo
2008-07-07 11:38:46 0 dr-h----- C:\Documents and Settings\Dad\Recent
2008-07-07 11:38:46 0 d--h----- C:\Documents and Settings\Dad\PrintHood
2008-07-07 11:38:46 0 d--h----- C:\Documents and Settings\Dad\NetHood
2008-07-07 11:38:46 0 dr------- C:\Documents and Settings\Dad\My Documents
2008-07-07 11:38:46 0 d--h----- C:\Documents and Settings\Dad\Local Settings
2008-07-07 11:38:46 0 dr------- C:\Documents and Settings\Dad\Favorites
2008-07-07 11:38:46 0 d-------- C:\Documents and Settings\Dad\Desktop
2008-07-07 11:38:46 0 d--hs---- C:\Documents and Settings\Dad\Cookies
2008-07-07 11:38:46 0 dr-h----- C:\Documents and Settings\Dad\Application Data
2008-07-07 11:38:46 0 d-------- C:\Documents and Settings\Dad\Application Data\InstallShield
2008-07-07 11:38:46 0 d-------- C:\Documents and Settings\Dad\Application Data\Identities
2008-07-07 11:38:46 0 d--h----- C:\Documents and Settings\Dad\Application Data\Gtek
2008-07-07 11:38:24 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-07 11:38:19 0 d-------- C:\Documents and Settings\Default User\Application Data\InstallShield
2008-07-07 11:38:19 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities

-- Find3M Report ---------------------------------------------------------------
2008-07-13 00:55:31 0 d-------- C:\Program Files\DIGStream
2008-07-08 00:00:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 17:54:30 0 d-------- C:\Program Files\Google
2008-07-07 17:42:32 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-07 15:44:51 0 d-------- C:\Program Files\Messenger
2008-07-07 15:44:23 0 d-------- C:\Program Files\Movie Maker
2008-07-07 15:41:45 0 d-------- C:\Program Files\Windows NT
2008-07-07 14:18:30 0 d-------- C:\Program Files\Common Files
2008-07-07 13:47:10 0 d-------- C:\Program Files\Common Files\AOL

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 02:39 PM]
"SigmatelSysTrayApp"="stsystra.exe" [07/24/2006 04:20 PM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 06:15 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 02:12 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [11/21/2006 02:02 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 04:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [07/27/2004 03:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 03:50 PM]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [07/20/2005 06:46 AM]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [08/02/2005 10:45 AM]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [07/26/2005 05:17 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/12/2005 02:36 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/07/2007 12:37 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [08/04/2006 03:15 PM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 08:57 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [7/7/2008 11:44:44 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/7/2007 12:33:38 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


-- End of Deckard's System Scanner: finished at 2008-07-15 18:18:24 ------------

Here is the extra.txt -

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1021.85 MiB / 437.48 MiB
Pagefile Memory (total/avail): 2459.64 MiB / 1980.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.36 MiB
C: is Fixed (NTFS) - 228.13 GiB total, 213.63 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 228.13 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB
\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device
\\.\PHYSICALDRIVE2 - PANTECH Mass Storage USB Device

-- Security Center -------------------------------------------------------------
AUOptions is disabled.

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dad\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QWIKVETT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dad
LOGONSERVER=\\QWIKVETT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
USERDOMAIN=QWIKVETT
USERNAME=Dad
USERPROFILE=C:\Documents and Settings\Dad
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Dad (admin)
Rick
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SU BSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Gothic III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuni nst.exe
Intel(R) Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) Quick Resume Technology Drivers --> C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software --> MsiExec.exe /X{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNS T.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PANTECH PC USB Modem Software --> C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Trend Micro PC-cillin Internet Security 14 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 14 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
UBNet --> C:\PROGRA~1\UBNet\UNWISE.EXE C:\PROGRA~1\UBNet\INSTALL.LOG
UltimateBet --> C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst .exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spunins t.exe"
Windows XP Media Center Edition 2005 KB912067 -->
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spun inst.exe"
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}

-- Application Event Log -------------------------------------------------------
Event Record #/Type181 / Warning
Event Submitted/Written: 07/15/2008 06:11:44 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type178 / Warning
Event Submitted/Written: 07/15/2008 02:35:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type175 / Error
Event Submitted/Written: 07/15/2008 02:21:05 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type173 / Warning
Event Submitted/Written: 07/15/2008 01:25:04 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type170 / Warning
Event Submitted/Written: 07/14/2008 10:38:38 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type1486 / Warning
Event Submitted/Written: 07/15/2008 06:18:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%QWIKVETT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %QWIKVETT27 can't undo changes that you allow.
For more information please see the following:
%QWIKVETT275
Scan ID: {4D6272BD-3C18-41EE-A923-9AB9443E475E}
User: QWIKVETT\Dad
Name: %QWIKVETT271
ID: %QWIKVETT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %QWIKVETT276
Alert Type: %QWIKVETT278
Detection Type: 1.1.1593.02
Event Record #/Type1485 / Warning
Event Submitted/Written: 07/15/2008 06:18:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%QWIKVETT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %QWIKVETT27 can't undo changes that you allow.
For more information please see the following:
%QWIKVETT275
Scan ID: {2D9AF4C0-640B-4F21-9799-A45E781ADFAC}
User: QWIKVETT\Dad
Name: %QWIKVETT271
ID: %QWIKVETT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %QWIKVETT276
Alert Type: %QWIKVETT278
Detection Type: 1.1.1593.02
Event Record #/Type1484 / Warning
Event Submitted/Written: 07/15/2008 06:18:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%QWIKVETT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %QWIKVETT27 can't undo changes that you allow.
For more information please see the following:
%QWIKVETT275
Scan ID: {0D49E349-54EF-49D0-B71E-B960E2F53095}
User: QWIKVETT\Dad
Name: %QWIKVETT271
ID: %QWIKVETT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %QWIKVETT276
Alert Type: %QWIKVETT278
Detection Type: 1.1.1593.02
Event Record #/Type1483 / Warning
Event Submitted/Written: 07/15/2008 06:18:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%QWIKVETT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %QWIKVETT27 can't undo changes that you allow.
For more information please see the following:
%QWIKVETT275
Scan ID: {80BC5F05-4676-45C9-9C3D-3830BC7BD6CB}
User: QWIKVETT\Dad
Name: %QWIKVETT271
ID: %QWIKVETT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %QWIKVETT276
Alert Type: %QWIKVETT278
Detection Type: 1.1.1593.02
Event Record #/Type1482 / Warning
Event Submitted/Written: 07/15/2008 06:18:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%QWIKVETT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %QWIKVETT27 can't undo changes that you allow.
For more information please see the following:
%QWIKVETT275
Scan ID: {21E524AA-BBC9-4690-8DF1-AAF3AD1E46B3}
User: QWIKVETT\Dad
Name: %QWIKVETT271
ID: %QWIKVETT272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %QWIKVETT276
Alert Type: %QWIKVETT278
Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-07-15 18:18:24 ------------

See if this helps..

Please download the OTMoveIt2 by OldTimer. http://download.bleepingcomputer.com.../OTMoveIt2.exe

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



C:\Program Files\Aspyr


Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post the log along with a new HJT log when done.

C:\Program Files\Aspyr\Gothic III\snapshots moved successfully.
C:\Program Files\Aspyr\Gothic III\scripts moved successfully.
C:\Program Files\Aspyr\Gothic III\Ini moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Video moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\ShaderMaterial\Effects moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\ShaderMaterial moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\Images\_Intern moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\Images\G3_Startscreen moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\Images moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\Effects\ImageProcessing moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials\Effects moved successfully.
C:\Program Files\Aspyr\Gothic III\Data\Materials moved successfully.
C:\Program Files\Aspyr\Gothic III\Data moved successfully.
C:\Program Files\Aspyr\Gothic III moved successfully.
C:\Program Files\Aspyr moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_212632


HERE IS THE NEW HIJACK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:21 PM, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmoAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccUpdUI.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070107
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = SimulatedSports.com Horse Racing Game
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070107
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = VZAccess Manager
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1215468741453
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F314D6E-EA9D-41BA-896E-181DCB0ACA73}: NameServer = 66.174.92.14 69.78.96.14
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 8317 bytes