Vista - Python/Koan apps. Normal?

[pippadeee]

I've Googled this to death on and off and can't find an answer so wondering if anyone here might have a clue who can help.

 

I use Windows Vista on my personal laptop - its the home edition and I do nothing fancy with it ie just use it like the average home user for browsing/email and the likes.

 

I've noticed some folders that I ain't happy about at all. I don't DO any programming (God forbid!) and can see no valid/legitimate reason for these apps to be even on this laptop. Does anyone know whether I can delete them? Am I right that these shouldn't be on my laptop?

 

I had some strange happenings on my laptop a while back - CPU going up the roof and explorer.exe related. I think someone was remotely accessing/hacking into my PC when it happened and I have a suspicion these apps are related to that because there was related activity (these apps showed up then in my temp folders)

 

 

Anyway, these files are all in - program files/HP/Quickplay/

 

And there are 23MB's worth of them all together. The two concerned are-

 

python24.zip

koan_3.0.zip

 

(loads of others inside those two zip folders)

 

Some others lurking within the zip files for those two above-

 

touchstone.exe (touchstone_1_.exe)

python24.dll

has_key.pyc

tvupdater.kc

CLTinyDB.dll

 

 

I've done numerous virus scans including online ones and online file checker (Jotti etc) and all of these come up clean. These seem to be duplicated inside a hidden temp internet files folder too. The properties for that show there are numerous files inside it but when I open the folder it opens up showing none.

 

Any advice anyone?

[SOD'EM]

They mean nothing at all to Vista (or any other OS). If you can't get rid using ADD/REMOVE programs, then install CCleaner (free), click on tools then find them and run uninstaller.

 

It would also be interesting to know which AV you do have installed.

 

The fact that they are zip files tells me that they are lying dormant anyway (unless they have been unzipped).

 

But I guarantee you, that there are at least 3 more peeps that regulary visit this forum that are (Just) slightly more techy than me.

[locutus]

From a quick google, HP quickplay is a DVD / Blu-Ray player that comes as standard on HP machines (and some Compaq). I don't think the files will be anything malicious.

[pippadeee]

Thanks both, for your replies.

 

I have Kaspersky (firewall and anti virus). It says these files are fine. I did a Kaspersky online scan too, and others, and ditto. I've uploaded them on both Jotti and Virustotal - again, clean on both.

 

The few times CPU went threw the roof (down to explorer.exe) a while back was when I was alerted to these apps when I saw the names psyco, python and koan appearing in the list of temp files to delete when I ran CCleaner soon after.

 

If they definitely don't come as standard on Windows Vista then I'll delete them or try to.

 

Locutus- I don't think these apps have anything to do with HP Quickplay- they just happen to be sitting in that folder. :-|

[kiptower]

python is standard in Vista you will normally see a directory called Python on the C drive , originally it was the old tape streamer software etc drivers, and the other bits relate to dvd player software etc

[pippadeee]

PS- the first couple of times I noticed the explorer.exe/CPU issue it coincided with someone hacking in to my hotmail account. A day or so afterwards I found that out when I checked my hotmail "sent" folder and found dozens of emails had been sent from my account (all ebay related) each time. The next time it happened (explorer.exe/CPU surge) I immediately cut my BB connection and sure enough, more emails in my sent folder. I changed my password then and it never happened again after that.

 

Obviously in some way I'd been compromised. With that coinciding with the only times those python/koan temp files showed up anywhere too is why I'm thinking the hack and those files are related.

[kiptower]

do a search for hijackthis , its free and very usefull, post the log and we can have a look @ it

 

it will show what is running and in the background etc etc

[pippadeee]

python is standard in Vista you will normally see a directory called Python on the C drive , originally it was the old tape streamer software etc drivers, and the other bits relate to dvd player software etc

 

 

 

Thanks...and is it?

 

Is this the correct path for it too then?

C:\Program Files\HP\QuickPlay\Koan

 

(there are a few dozen files under that, then it has two separate sub folders - the koan and python zip files.)

[pippadeee]

do a search for hijackthis , its free and very usefull, post the log and we can have a look @ it

 

it will show what is running and in the background etc etc

 

I've got HJT. Do I post a start-up log list, or do a system scan and post that logfile?

 

PS - in advance of that - there are a few (uninstalled old programs etc) things showing on it I've tried to fix, but I think Kaspersky overrides it because they don't get fixed.

[kiptower]

yep post the log

 

those that are under HP, as prob player files I mentioned above , I put a Vista HP PC back to XP pro the other day and those were in the C drive directory from the first install of Vista

[pippadeee]

(Ad-aware and Spy Doc I have disabled)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:14, on 18/04/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\User\Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O13 - Gopher Prefix:

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BBF40A6-0204-4ACF-850F-23D65873C288}: NameServer = 212.139.132.23 212.139.132.22

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 5002 bytes

 

 

And here's the start up logfile

 

StartupList report, 18/04/2010, 23:36:48

StartupList version: 1.52.2

Started from : C:\Users\User\Documents\My Received Files\HijackThis.EXE

Detected: Windows Vista (WinNT 6.00.1904)

Detected: Internet Explorer v7.00 (7.00.6000.16757)

* Using default options

* Showing rarely important sections

==================================================

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\User\Documents\My Received Files\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\Windows\system32\igfxtray.exe

QPService = "C:\Program Files\HP\QuickPlay\QPService.exe"

HP Health Check Scheduler = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSConfig = "C:\Windows\system32\msconfig.exe" /auto

AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=C:\Windows\system32\logon.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\Windows\Explorer\Explorer.exe: not present

C:\Windows\System\Explorer.exe: not present

C:\Windows\System32\Explorer.exe: not present

C:\Windows\Command\Explorer.exe: not present

C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: *Registry key not found*

.shb: *Registry key not found*

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename NOT OK: 'REGEDIT.EXE.MUI'

- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

IEVkbdBHO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}

(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Download Program Files:

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll

NameSpace #4: C:\Windows\system32\napinsp.dll

NameSpace #5: C:\Windows\system32\pnrpnsp.dll

NameSpace #6: C:\Windows\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)

@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

Kaspersky Internet Security: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (autostart)

Base Filtering Engine: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)

@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)

@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

ReadyBoost: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)

UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)

mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)

Multimedia Class Scheduler: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)

PEAUTH: system32\drivers\peauth.sys (autostart)

@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)

@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)

Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)

@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)

@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Software Licensing: %SystemRoot%\system32\SLsvc.exe (autostart)

@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)

@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

XAudio: system32\DRIVERS\xaudio.sys (autostart)

 

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\Users\User\Desktop\TEMPOR~1\Content.IE5\index.dat||C:\Users\User\AppData\Roaming\MICROS~1\Windows\Cookies\index.dat||C:\Users\User\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat||C:\Users\User\AppData\Local\MICROS~1\Windows\History\History.IE5\desktop.ini||C:\Users\User\AppData\Local\MICROS~1\Windows\History\History.IE5\index.dat||C:\Users\User\AppData\Local\MICROS~1\Windows\History\Low\History.IE5\desktop.ini||C:\Program Files\Spyware Doctor\Update.exe.old||C:\Users\User\Desktop\TEMPOR~1\Low\Content.IE5\index.dat||C:\Users\User\AppData\Local\MICROS~1\Windows\History\Low\History.IE5\index.dat

 

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------

End of report, 11,795 bytes

[kiptower]

will get back to you shortly with what to remove , just having snack and a cup of Tea

[pippadeee]

Lol ok. No rush -its taken me over a year to stop just wondering about it and finally to get round to ask someone.

[kiptower]

those in red and underlined you can remove, when you do the scan in HJT you will have small boxes on the left of each entry , click each box of these in red, may help if you print this lot first etc,

 

andther little util to get its free ATFcleaner.exe find it with google no prob etc, that cleans a lot of the temp rubbish and recycle bin in one go , easy to use , option to clean single items or all @ once

 

R1 - HKCU\Software\Microsoft\I nternet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\I nternet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\I nternet Explorer\Main,Default_Sea rch_URL = Bing

R1 - HKLM\Software\Microsoft\I nternet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\I nternet Explorer\Search,SearchAss istant =

R0 - HKLM\Software\Microsoft\I nternet Explorer\Search,Customize Search =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\Activ eX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\s sv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxt ray.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPServ ice.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msco nfig.exe" /auto

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\s sv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\s sv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O13 - Gopher Prefix:

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O17 - HKLM\System\CCS\Services\ Tcpip\..\{3BBF40A6-0204-4ACF-850F-23D65873C288}: NameServer = 212.139.132.23 212.139.132.22

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASP ER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\adi alhk.dll,C:\PROGRA~1\KASP ER~1\KASPER~1\kloehk.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.e xe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1 050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\iol oServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\iol oServiceManager.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

also in Internet explorer set history to 0 days

Edited April 18, 2010 by kiptower

[pippadeee]

Thanks very much. I really appreciate your help