Inactive need help in removing key loggers

[Inactive] need help in removing key loggers

I am not the most savy person when it comes to computers so I would appreciate any help in how to fix this situation I am in right now with my computer. I have a hp multimedia computer windows XP edition series 2005. I have had no problems with it until recently. What has happened is I play world of warcraft and have had no problems at all. Then recently, I had a few incidents where as someone would hack into my Wow account and try to used my characters and steal my stuff. I did contact wow or blizzard immediately and they told me that someone infected my computer with "key loggers" and that every time I log on, they have access to my account.

So one of the steps I have done is to order an authenticator that blizzard (wow) sells that requires me to type in a special code in 45 seconds. This is to stop the hackers from having access to my account. However, I still might have the problem of the keyloggers still being infiltrated or laying somewhere inside my computer. I am not sure about this if the keyloggers are still inside my computer or not.

But if they are there, I need to know where they are and how to remove them. I also want to know on what software allowed them to attach these keyloggers to my computer and account. The interesting thing is I have Norton 2009 Internet Security and system works. When I run these programs and do a full scan or a cleaning out, nothing shows up. However, when I try to run the game (world of warcraft), I get a warning that someone has hacked into my system. Also I recently downloaded some addons and wondered if this could be how the keyloggers got into my system. That is why I want to know where they came from so I know which addon program to delete from my system.

Now please understand, I am not a computer person and therefore go easy on me and tell me what is the best avenue I should persue to get this cleaned up. I am willing to try and fix it myself or if you feel I shouldn't, is there an online service that can do that? Also is there any good software out there that will keep my computer safe so this never happens again. One more thing, why didnt Norton stop the intrusion in the first place? Thank you for any help you can give me. J

 

need help in removing key loggers more info

Sorry forgot to enter the information abt my system to my previous post: "need help in removing key loggers" :

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2008 6:36:47 PM
System Uptime: 1/18/2009 2:40:57 PM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/199mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 185.636 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.354 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP22: 10/19/2008 12:33:29 PM - Installed FinePixViewer
RP23: 10/19/2008 12:33:44 PM - Installed RAW FILE CONVERTER LE
RP24: 10/24/2008 8:37:30 AM - System Checkpoint
RP25: 10/25/2008 10:24:18 PM - System Checkpoint
RP26: 10/26/2008 11:41:45 PM - System Checkpoint
RP27: 10/28/2008 12:26:43 PM - System Checkpoint
RP28: 10/30/2008 2:35:00 PM - System Checkpoint
RP29: 11/1/2008 10:46:20 PM - System Checkpoint
RP30: 11/3/2008 3:10:09 PM - System Checkpoint
RP31: 11/7/2008 4:53:01 AM - System Checkpoint
RP32: 11/8/2008 6:09:30 AM - System Checkpoint
RP33: 11/10/2008 1:43:54 AM -
RP34: 11/10/2008 1:44:40 AM - Shockwave Player
RP35: 11/10/2008 1:45:10 AM - Shockwave Player
RP36: 11/13/2008 1:59:38 AM - System Checkpoint
RP37: 11/15/2008 1:31:51 PM - System Checkpoint
RP38: 11/16/2008 1:58:51 PM - Installed Branded Windows Internet Explorer 7
RP39: 11/20/2008 4:21:17 PM - System Checkpoint
RP40: 11/21/2008 7:39:45 PM - System Checkpoint
RP41: 11/22/2008 1:19:38 PM - Configured easy Internet sign-up
RP42: 11/25/2008 5:57:37 AM - System Checkpoint
RP43: 11/27/2008 5:08:47 AM - System Checkpoint
RP44: 11/28/2008 6:10:51 AM - System Checkpoint
RP45: 12/7/2008 3:00:24 AM - Software Distribution Service 3.0
RP46: 12/7/2008 7:27:56 AM - Software Distribution Service 3.0
RP47: 12/7/2008 2:02:46 PM - Software Distribution Service 3.0
RP48: 12/10/2008 3:09:20 AM - System Checkpoint
RP49: 12/10/2008 11:40:58 PM - Software Distribution Service 3.0
RP50: 12/14/2008 5:45:54 AM - System Checkpoint
RP51: 12/16/2008 1:31:49 PM - System Checkpoint
RP52: 12/17/2008 8:40:38 PM - Software Distribution Service 3.0
RP53: 12/22/2008 11:47:45 AM - System Checkpoint
RP54: 12/25/2008 5:55:28 PM - System Checkpoint
RP55: 12/28/2008 2:19:30 AM - System Checkpoint
RP56: 12/31/2008 3:15:51 AM - System Checkpoint
RP57: 1/1/2009 5:43:31 AM - System Checkpoint
RP58: 1/7/2009 10:58:50 AM - System Checkpoint
RP59: 1/11/2009 6:31:39 PM - System Checkpoint
RP60: 1/13/2009 2:13:26 AM - System Checkpoint
RP61: 1/14/2009 3:00:18 AM - Software Distribution Service 3.0
RP62: 1/15/2009 2:19:42 AM - Software Distribution Service 3.0
RP63: 1/15/2009 2:21:23 AM - Software Distribution Service 3.0
RP64: 1/15/2009 2:41:41 PM - Removed HPSU306Stub
RP65: 1/15/2009 6:00:15 PM - Software Distribution Service 3.0
RP66: 1/16/2009 7:07:34 AM - Software Distribution Service 3.0
RP67: 1/16/2009 5:24:47 PM - Software Distribution Service 3.0
RP68: 1/17/2009 3:37:20 AM - Software Distribution Service 3.0
RP69: 1/17/2009 5:16:27 PM - Software Distribution Service 3.0
RP70: 1/18/2009 3:53:19 AM - Software Distribution Service 3.0

==== Installed Programs ======================

5700_Help
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
Apple Software Update
AutoUpdate
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BufferChm
ccCommon
CheckIt Diagnostics
Component Framework
Connection Keep Alive
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DISCover
DivX
DocProc
DocProcQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
FinePixViewer Ver.4.3
FUJIFILM USB Driver
FullDPAppQFolder
GemMaster Mystic
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Product Detection
HP Solution Center 7.0
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
J5700
LightScribe 1.4.105.1
LiveUpdate (Symantec Corporation)
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Netscape Browser (remove only)
Norton Cleanup
Norton Internet Security
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OptionalContentQFolder
Otto
PC-Doctor 5 for Windows
PhotoGallery
ProductContext
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC 32bit
Status
Symantec Technical Support Web Controls
Toolbox
TrayApp
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
World of Warcraft
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== Event Viewer Messages From Past Week ========

1/13/2009 6:47:44 PM, error: SRTSP [4] - Error loading virus definitions.
1/14/2009 6:20:33 PM, error: DCOM [10000] - Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}. The error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding
1/15/2009 2:49:06 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x87ff0004: Windows XP Service Pack 3 (KB936929).
1/15/2009 11:22:29 AM, error: NtServicePack [4374] - Windows XP installation failed, leaving Windows XP partially updated.
The installation of the Service Pack did not complete, and a rollback to the pre-installation state has been initiated. A rollback is a two-step process. Step one is complete; to complete step two, click OK. To be reminded at next login to complete step two, click Cancel. After you complete the rollback, your system will reboot and you may retry the installation of the Service Pack.
1/15/2009 11:52:43 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
1/15/2009 3:17:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/15/2009 3:17:54 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2009 6:00:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB946648).
1/16/2009 10:49:30 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/14/2009 6:19:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\ehome\ehtray.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2710.2732.
1/14/2009 6:20:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
1/14/2009 6:20:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\ehome\ehmsas.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2710.2732.

==== End Of File ===========================

thank you for any help you can give me. J

 

Hi dewrose,

This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to [color= "Blue"] Report[/color]
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

 

thanks noah, Ill download this and try it later today since it is now 5:14 am . Ill post the report later today. thanks again, J

 

results from Dr. Web as per requested by Noah

Hi Noah and others,
A couple of things. first: I have disabled my Norton internet security first before running Dr. Web. (hope i did the right thing). Second: The system kept telling me to restart my computer after the short scan but I did not restart the computer until after I ran the complete scan.
Here is the report of the complete scan:

WinHel.dll;C:\Documents and Settings\HP_Administrator\Desktop;Trojan.PWS.Wow.1116;;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;;
npCouponPrinter.dll;C:\Program Files\Netscape\Netscape Browser\plugins;Adware.Coupons.34;;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;;
A0047363.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP61;Tool.ProcessKill;;
A0047364.DLL;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP61;Program.PopcapLoader;;
A0047597.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP63;Trojan.PWS.Wow.1116;;
A0069498.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP70;Probably MULDROP.Trojan;;
A0069508.EXE\data004;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP70\A0069508.EXE;Probably MULDROP.Trojan;;
A0069508.EXE;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP70;Archive contains infected objects;;
A0070030.exe\data002;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP70\A0070030.exe;Adware.SpywareStorm;;
A0070030.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP70;Archive contains infected objects;;
A0070111.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP70;Trojan.PWS.Wow.1116;;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;;
WinHel.dll;C:\WINDOWS;Trojan.PWS.Wow.1116;;
data030\data002;D:\I386\APPS\APP05435\src\install\Worldwide-MediaCenter\games\cakemania-setup.exe\data030;Adware.SpywareStorm;;
data030;D:\I386\APPS\APP05435\src\install\Worldwide-MediaCenter\games\cakemania-setup.exe;Archive contains infected objects;;
cakemania-setup.exe;D:\I386\APPS\APP05435\src\install\Worldwide-MediaCenter\games;Archive contains infected objects;;
firstopt.js;D:\I386\APPS\APP24750;Probably SCRIPT.Virus;;

Thank you for your help in getting my computer cleaned up. J

 

The following 2 infected files need to be removed. These are your keyloggers.

C:\Documents and Settings\HP_Administrator\Desktop\WinHel.dll
C:\WINDOWS\WinHel.dll

Did you install the program music_now?
Appears you also have the program Coupons as well, which is considered adware. I'd recommend you uninstall it, though the choice is yours. It's not a serious threat.

 

thanks much but small prob still occuring

Thanks for the info Noah and no I did not install any music program. I did remove the two keyloggers and the coupon program. But I have a new problem. When I restarted my computer, a program pulled up waiting for me to install it. The program was called BPDSoftware. I dont recognize it and it seems to come back every time I turn on my computer. The only way I can stop it is if I bring up the task manager and delete it that way. However, it comes back when i start my computer. Any help will be appreciated. Thanks J.

 

From your installed programs list;

BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini


HP Printer/Fax/Scanner maybe?

Delete the C:\Program Files\music_now folder, then empty the recycle bin.

 

updated DDS scan

I didnt know if you would need this but here is an updated DDs scan after I removed the two keyloggers and coupon software. I don't know if it will show the reason I keep getting that BPDSoftware wanting to install upon start of computer:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2008 6:36:47 PM
System Uptime: 1/21/2009 12:48:02 AM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/199mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 187.122 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.354 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP24: 10/24/2008 8:37:30 AM - System Checkpoint
RP25: 10/25/2008 10:24:18 PM - System Checkpoint
RP26: 10/26/2008 11:41:45 PM - System Checkpoint
RP27: 10/28/2008 12:26:43 PM - System Checkpoint
RP28: 10/30/2008 2:35:00 PM - System Checkpoint
RP29: 11/1/2008 10:46:20 PM - System Checkpoint
RP30: 11/3/2008 3:10:09 PM - System Checkpoint
RP31: 11/7/2008 4:53:01 AM - System Checkpoint
RP32: 11/8/2008 6:09:30 AM - System Checkpoint
RP33: 11/10/2008 1:43:54 AM -
RP34: 11/10/2008 1:44:40 AM - Shockwave Player
RP35: 11/10/2008 1:45:10 AM - Shockwave Player
RP36: 11/13/2008 1:59:38 AM - System Checkpoint
RP37: 11/15/2008 1:31:51 PM - System Checkpoint
RP38: 11/16/2008 1:58:51 PM - Installed Branded Windows Internet Explorer 7
RP39: 11/20/2008 4:21:17 PM - System Checkpoint
RP40: 11/21/2008 7:39:45 PM - System Checkpoint
RP41: 11/22/2008 1:19:38 PM - Configured easy Internet sign-up
RP42: 11/25/2008 5:57:37 AM - System Checkpoint
RP43: 11/27/2008 5:08:47 AM - System Checkpoint
RP44: 11/28/2008 6:10:51 AM - System Checkpoint
RP45: 12/7/2008 3:00:24 AM - Software Distribution Service 3.0
RP46: 12/7/2008 7:27:56 AM - Software Distribution Service 3.0
RP47: 12/7/2008 2:02:46 PM - Software Distribution Service 3.0
RP48: 12/10/2008 3:09:20 AM - System Checkpoint
RP49: 12/10/2008 11:40:58 PM - Software Distribution Service 3.0
RP50: 12/14/2008 5:45:54 AM - System Checkpoint
RP51: 12/16/2008 1:31:49 PM - System Checkpoint
RP52: 12/17/2008 8:40:38 PM - Software Distribution Service 3.0
RP53: 12/22/2008 11:47:45 AM - System Checkpoint
RP54: 12/25/2008 5:55:28 PM - System Checkpoint
RP55: 12/28/2008 2:19:30 AM - System Checkpoint
RP56: 12/31/2008 3:15:51 AM - System Checkpoint
RP57: 1/1/2009 5:43:31 AM - System Checkpoint
RP58: 1/7/2009 10:58:50 AM - System Checkpoint
RP59: 1/11/2009 6:31:39 PM - System Checkpoint
RP60: 1/13/2009 2:13:26 AM - System Checkpoint
RP61: 1/14/2009 3:00:18 AM - Software Distribution Service 3.0
RP62: 1/15/2009 2:19:42 AM - Software Distribution Service 3.0
RP63: 1/15/2009 2:21:23 AM - Software Distribution Service 3.0
RP64: 1/15/2009 2:41:41 PM - Removed HPSU306Stub
RP65: 1/15/2009 6:00:15 PM - Software Distribution Service 3.0
RP66: 1/16/2009 7:07:34 AM - Software Distribution Service 3.0
RP67: 1/16/2009 5:24:47 PM - Software Distribution Service 3.0
RP68: 1/17/2009 3:37:20 AM - Software Distribution Service 3.0
RP69: 1/17/2009 5:16:27 PM - Software Distribution Service 3.0
RP70: 1/18/2009 3:53:19 AM - Software Distribution Service 3.0
RP71: 1/20/2009 5:09:39 PM - System Checkpoint

==== Installed Programs ======================

5700_Help
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
Apple Software Update
AutoUpdate
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BufferChm
ccCommon
CheckIt Diagnostics
Component Framework
Connection Keep Alive
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DISCover
DivX
DocProc
DocProcQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
FinePixViewer Ver.4.3
FUJIFILM USB Driver
FullDPAppQFolder
GemMaster Mystic
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Product Detection
HP Solution Center 7.0
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
J5700
LightScribe 1.4.105.1
LiveUpdate (Symantec Corporation)
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Netscape Browser (remove only)
Norton Cleanup
Norton Internet Security
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OptionalContentQFolder
Otto
PC-Doctor 5 for Windows
PhotoGallery
ProductContext
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC 32bit
Status
Symantec Technical Support Web Controls
Toolbox
TrayApp
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
World of Warcraft
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== Event Viewer Messages From Past Week ========

1/15/2009 6:00:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB946648).
1/15/2009 5:30:49 PM, error: DCOM [10000] - Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}. The error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding
1/15/2009 3:17:54 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2009 3:17:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/15/2009 3:17:54 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
1/15/2009 11:22:29 AM, error: NtServicePack [4374] - Windows XP installation failed, leaving Windows XP partially updated.
The installation of the Service Pack did not complete, and a rollback to the pre-installation state has been initiated. A rollback is a two-step process. Step one is complete; to complete step two, click OK. To be reminded at next login to complete step two, click Cancel. After you complete the rollback, your system will reboot and you may retry the installation of the Service Pack.
1/15/2009 2:49:06 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x87ff0004: Windows XP Service Pack 3 (KB936929).
1/16/2009 10:49:30 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/14/2009 6:20:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\ehome\ehmsas.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2710.2732.
1/14/2009 6:20:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
1/14/2009 6:19:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\ehome\ehtray.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2710.2732.

==== End Of File ===========================

 

The other log is the one I need to see ... dds.txt

 

oops lol hopefully this is the right one srry abt that

DDS (Ver_09-01-18.01) - NTFSx86
Run by HP_Administrator at 1:08:09.54 on Wed 01/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.531 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\msiexec.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uWindow Title = Windows Internet Explorer provided by MySpace
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.myspace.com/
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [MobMapUpdater] "c:\program files\mobmapupdater\MobMapUpdater.exe" --silent
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe "
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: trymedia.com
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-1-16 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-1-16 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-1-16 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090115.001\IDSxpx86.sys [2009-1-16 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-15 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090120.024\naveng.sys [2009-1-20 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090120.024\navex15.sys [2009-1-20 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-1-16 115560]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2005-11-3 95832]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-6 1245064]

=============== Created Last 30 ================

2009-01-20 11:21 <DIR> --d----- c:\documents and settings\hp_administrator\DoctorWeb
2009-01-20 04:05 <DIR> --d----- c:\windows\Cache
2009-01-20 04:05 <DIR> --d----- c:\program files\Coupons
2009-01-16 10:50 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-01-16 10:49 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-01-16 10:49 <DIR> --d----- c:\program files\Norton Internet Security
2009-01-16 01:13 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-15 18:57 27 a------- c:\windows\sssTbarV2.ini
2009-01-15 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-01-15 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-01-15 14:46 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-15 14:46 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-15 14:35 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-15 14:14 <DIR> --d----- c:\program files\NortonInstaller
2009-01-15 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-01-15 02:36 <DIR> --d----- c:\windows\system32\scripting
2009-01-15 02:36 <DIR> --d----- c:\windows\l2schemas
2009-01-15 02:36 <DIR> --d----- c:\windows\system32\en
2009-01-15 02:36 <DIR> --d----- c:\windows\system32\bits
2009-01-15 02:29 33,656 a------- c:\windows\system32\sprecovr.exe
2009-01-15 02:25 3,166,208 a------- c:\windows\system32\dllcache\msgr3en.dll
2009-01-15 02:24 799,744 a------- c:\windows\system32\drivers\dmboot.sys
2009-01-15 02:14 74 a------- c:\windows\st_affiliate.ini
2009-01-14 19:55 1,024 a------- C:\$@sdntvt_optimize.tmp

==================== Find3M ====================

2009-01-16 10:50 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-16 10:50 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-16 10:50 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-16 10:50 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 11:34 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 06:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-04-23 03:29 1,872 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-12-23 12:26 251 a------- c:\program files\wt3d.ini
2007-01-20 14:19 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 1:08:26.42 ===============

 

Did you see this post above?

 

I thought that was the dds text srry ill do another one so which one do I post? the attach file or the other one?

 

ran the dds again and....

Ran dds again and this says its the txt file:

DDS (Ver_09-01-18.01) - NTFSx86
Run by HP_Administrator at 2:19:37.12 on Wed 01/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.513 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uWindow Title = Windows Internet Explorer provided by MySpace
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.myspace.com/
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!

\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0

\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7

\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet

security\engine\16.2.0.7\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-

packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7

\coIEPlg.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [MobMapUpdater] "c:\program files\mobmapupdater\MobMapUpdater.exe" --silent
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe "
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322

\program\Updates from HP.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-

packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06

\bin\ssv.dll
Trusted Zone: trymedia.com
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7

\CoIEPlg.dll
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-1-16 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-1-16 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-1-16 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\ipsdefs\20090115.001\IDSxpx86.sys [2009-1-16 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2009-1-15 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090120.024\naveng.sys [2009-1-20 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090120.024\navex15.sys [2009-1-20 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe

[2009-1-16 115560]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2005-11-3 95832]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-6 1245064]

=============== Created Last 30 ================

2009-01-20 11:21 <DIR> --d----- c:\documents and settings\hp_administrator\DoctorWeb
2009-01-20 04:05 <DIR> --d----- c:\windows\Cache
2009-01-20 04:05 <DIR> --d----- c:\program files\Coupons
2009-01-16 10:50 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-01-16 10:49 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-01-16 10:49 <DIR> --d----- c:\program files\Norton Internet Security
2009-01-16 01:13 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-15 18:57 27 a------- c:\windows\sssTbarV2.ini
2009-01-15 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-01-15 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-01-15 14:46 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-15 14:46 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-15 14:35 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-15 14:14 <DIR> --d----- c:\program files\NortonInstaller
2009-01-15 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-01-15 02:36 <DIR> --d----- c:\windows\system32\scripting
2009-01-15 02:36 <DIR> --d----- c:\windows\l2schemas
2009-01-15 02:36 <DIR> --d----- c:\windows\system32\en
2009-01-15 02:36 <DIR> --d----- c:\windows\system32\bits
2009-01-15 02:29 33,656 a------- c:\windows\system32\sprecovr.exe
2009-01-15 02:25 3,166,208 a------- c:\windows\system32\dllcache\msgr3en.dll
2009-01-15 02:24 799,744 a------- c:\windows\system32\drivers\dmboot.sys
2009-01-15 02:14 74 a------- c:\windows\st_affiliate.ini
2009-01-14 19:55 1,024 a------- C:\$@sdntvt_optimize.tmp

==================== Find3M ====================

2009-01-16 10:50 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-16 10:50 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-16 10:50 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-16 10:50 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 11:34 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 06:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-04-23 03:29 1,872 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-12-23 12:26 251 a------- c:\program files\wt3d.ini
2007-01-20 14:19 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 2:20:03.43 ===============

 

okay saw post and....

okay thought u meant the dds. text infor i posted. ok saw this post: abt the hp printer/fax/ scanner
I did remove that music folder. I will try to reinstall the printer scanner software. in the next 5 mins. thank you much

 

about the BPDSoftware..

cked my printer /fax/ scanner all is working ok there any other suggestions?

 

great news and much thanks

I uninstalled/reinstalled my hp printer/fax/ scanner software and that seemed to do the trick. no more problems with the bdpsoftware. Thanks so much for helping me clear that up Noah. Please note I have norton internet security 2009 but it didnt catch this last invasion of keyloggers, etc.

A quick question: Is there a program that can catch keyloggers, malware, hackers from entering my computer or remove them completely? My biggest problem is that they hacked into my account on the game "World of Warcraft" and I want to stop that. Also I have ordered an authenticator from WOW (Blizzard) to use when I log onto the game as an extra precaution. However, I am also willing to purchase a good protection softwares to prevent any more problems with malware, keyloggers, etc so any suggestions would be greatly appreciated. Thank you , J

 

Glad to hear you got the printer software issue sorted.

You can remove DDS and any of the saved logs, and the DrCureit log.
Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


I think the Blizzard is the best option for protecting your WoW account. All security apps are prone to breach. It's near impossible to protect against a new threat until sample have been collected, analyzed and added to the detection database. I personally have a preference for Kaspersky Internet Security Suite these days for my own machines. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

thanks much 2 questions abt your suggestions

Hi Noah,
I currently have Norton and I assume that if I go with Kaspersky Internet Security Suite, I should remove Norton completely. Also when I run ATF cleaner, do I disable the Kaspersky before running the ATF software? I am asking this because I think I read here in the forum abt not having two anti virus or any type of protection programs running at the same time or downloaded on the computer at the same time? opinion please abt this.
One more thing Blizzard stated that I am responsible for protecting my account against invasion of keyloggers or hackers so that is why I am getting the password authenticator and will take your advice and update my computer with ATF and Kaspersky.
2. About Dr. Curit. is it a good idea to keep that on my machine and run it at times? or is it unnescessary since I will be getting the kaspersky and ATF. One reason I am getting rid of the Norton is because it did not catch any of the keyloggers Dr. curit did. Okay that is it and I will continue to read up on the article you pointed out to me. Thanks so much for all your help and I owe you a batch of choco chip cookies. lol . J

 

Did I hear chocolate? And cookies? Yummy!!

Yes, you should uninstall your Symantec security products prior to installing another security suite. If you paid for a license, best to copy down that number first in case you decide to put it back in.

I would recommend you try out the 30 day trial of Kaspersky before buying, if you are intent on switching. If your email client has pretty good spam filtering, I would encourage you to do a custom installation of Kaspersky and deselect the Anti-spam module - it requires training. If parental controls is not something you would have need of, deselect that module as well. It's been my experience that installing any module you would end up disabling will only cause Kaspersky to continue alerting you that your system is not fully protected (disabled features = not fully protected), so best to just not install those modules from the start.


DrWeb Cureit is fine to keep and scan with periodically, just please rememebr that it is quite aggressive and not everything it reports is necessarily bad. Ask if you're ever unsure and unable to learn more about any particular item.