View Full Version : Win32.TDSS.rtk Help! (Resolved)
Please help!
My home computer has been attacked by Win32.TDSS.rtk and I do not have the know-how to get rid of it. I have run Spybot S&D several times and it picks up 5 or 6 TrojansC entries that always come back when I try to fix the selected problems. I have only average computer knowledge and need a professional to help me through this. I have read many of the other posts regarding this same issue, each saying do not try this at home, this issue requires individual attention, so here I am, asking for individual attention. Spybot shows the following set up in a drop down fashion after I scan:
Win32.TDSS.rtk
(SBI $1473B578) File
C:\WINDOWS\system32\drivers\geyekrsscupuve.sys
(SBI $5CC20873) File
C:\WINDOWS\system32\geyekrpwlgmaeo.dll
(SBI $5CC200873) File
C:\WINDOWS\system32\geyekrwqdgxgnm.dll
(SBI $E9F5D25E) File
C:\WINDOWS\temp\geyekrwdqppxgban.tmp
(SBI $0419F0A4) File
C:\WINDOWS\system32\geyekrwittgyus.dat
(SBI $0419F0A4) File
C:\WINDOWS\system32\geyekrxunbjivh.dat
I don't know much about what kind of logs you might need or how to aquire them, so I appreciate your patience in helping me out. One question I have about the eradication process is should I attempt to back up my documents, photos, and music before downloading any programs to kill this virus or would that just endanger my computer again, after its fixed? Will the process even affect these types of files, does it involve a complete wipe? Thanks for your answers and help in advance, I wish I was as techno-savvy as all you, but since I'm clearly not, Thanks Again!
Kylie
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
1) I don't know much about what kind of logs you might need or how to aquire them,
2) One question I have about the eradication process is should I attempt to back up my documents, photos, and music
3) Will the process even affect these types of files, ~ does it involve a complete wipe?
1) Don't worry, I'll let you know what is needed :)
2) It is recommended that you backup any data that you don't want to lose, before any removal or update process
3) It depends on what infection is present
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
SysProt Antirootkit
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).
http://sites.google.com/site/sysprotantirootkit/
Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab. In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-07 11:47:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 274 GB (59%) free of 468 GB
Total RAM: 2046 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:43 AM, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\JF8LJ026\RSIT[1].exe
C:\Program Files\trend micro\HP_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7984] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5656] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9241] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC502] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1693] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6687] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3902] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9993] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7459] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3244] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6884] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3408] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6733] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8971] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8979] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4414] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9616] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC49] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2652] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3319] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1395] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2614] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8335] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6322] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9728] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5710] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2674] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6709] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2514] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5081] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3230] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1510] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2915] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4070] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4221] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2934] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6784] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7861] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA858] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6898] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1711] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4950] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6178] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6738] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2721] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7626] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3364] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8926] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9021] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7767] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4635] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3757] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9844] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1033] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7491] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3955] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7880] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1983] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1399] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9093] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8791] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7135] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5144] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2510] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA276] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8638] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5838] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6879] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [SpybotDeletingB7226] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7361] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7242] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5996] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3825] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1461] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8402] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3958] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8292] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5535] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3502] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5495] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6877] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6881] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB109] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6797] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4934] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9118] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9469] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7490] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB943] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9319] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6444] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9807] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7501] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8817] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6612] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4443] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5624] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD975] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7882] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8781] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3298] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1582] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7994] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8553] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1335] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7954] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3843] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4059] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5838] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9347] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7034] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6984] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8831] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7375] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8149] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9748] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9712] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2457] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7768] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7910] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9922] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7986] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2886] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5892] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5868] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2045] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6918] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2316] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB278] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6853] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6093] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5421] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9000] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2067] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7235] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7943] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB428] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://deere.webex.com/client/T26L10NSP49EP15-deere/webex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5699/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 26236 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-02 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-02 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"HostManager"=C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe [2008-11-06 41264]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-01 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-02 148888]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA7984"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC5656"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA9241"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC502"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA1693"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC6687"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA3902"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC9993"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA7459"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC3244"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingA6884"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC3408"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA6733"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC8971"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA8979"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC4414"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA9616"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC49"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA2652"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC3319"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingA1395"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC2614"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA8335"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC6322"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA7032"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC9728"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA5710"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC2674"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA6709"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC2514"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingA5081"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC3230"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA1510"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC2915"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA4070"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC2198"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA4221"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC2934"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA6784"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC7861"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingA858"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC6898"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA1711"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC4950"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA6178"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC6738"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA2721"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC7626"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA3364"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC8926"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingA9021"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC7767"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA4635"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC3757"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA9844"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC1033"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA7491"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC3955"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA7880"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC1983"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingA1399"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingC9093"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingA8791"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingC7135"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingA5144"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingC2510"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingA276"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingC8638"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingA5838"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingC6879"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-11-06 50472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB7226"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD7361"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB7242"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD5996"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB3825"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD1461"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB8402"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD3958"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB8292"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD5535"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingB3502"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD5495"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB6877"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD6881"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB109"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD6797"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB4934"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD9118"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB9469"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD7490"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingB943"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD9319"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB6444"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD9807"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB7501"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD8817"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB6612"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD4443"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB5624"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD975"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingB7882"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD8781"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB3298"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD1582"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB7994"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD8553"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB1335"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD7954"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB3843"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD4059"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingB5838"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD9347"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB7034"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD6984"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB8831"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD7375"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB8149"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD9748"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB9712"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD2457"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingB7768"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD7910"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB9922"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD7986"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB2886"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD5892"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB5868"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD2045"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB6918"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD2316"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingB278"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingD6853"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
"SpybotDeletingB6093"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingD5421"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
"SpybotDeletingB9000"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingD2067"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
"SpybotDeletingB7235"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingD7943"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
"SpybotDeletingB428"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
"SpybotDeletingD7287"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe [2006-04-07 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdMgr.exe [2006-04-07 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
ftutil2.dll,SetWriteCacheMode []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2005-02-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\temp\HP_WebRelease\Setup\HPZnet01.exe"="C:\temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.5\waol.exe"="C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe"="C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"F:\setup\HPZnet01.exe"="F:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"F:\setup\hponicifs01.exe"="F:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e672820-0050-11de-a6c1-806d6172696f}]
shell\AutoRun\command - F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37424ba-1d5b-11de-a6d8-00038a000015}]
shell\AutoRun\command - N:\setupSNK.exe
======List of files/folders created in the last 1 months======
2009-08-07 11:47:30 ----D---- C:\rsit
2009-08-07 11:47:30 ----D---- C:\Program Files\trend micro
2009-08-06 13:17:08 ----D---- C:\WINDOWS\McAfee.com
2009-08-06 13:17:06 ----D---- C:\WINDOWS\LastGood
2009-08-05 13:14:01 ----D---- C:\Program Files\iPod
2009-08-05 13:13:58 ----D---- C:\Program Files\iTunes
2009-08-05 13:13:00 ----D---- C:\Program Files\QuickTime
2009-08-03 09:08:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-30 19:49:11 ----D---- C:\Program Files\Infogrames Interactive
2009-07-19 20:38:25 ----D---- C:\Barbie(TM)
2009-07-19 20:38:05 ----A---- C:\WINDOWS\ka.ini
2009-07-19 20:36:48 ----D---- C:\Program Files\Barbie(TM)
2009-07-19 20:36:46 ----D---- C:\Program Files\Common Files\Knowledge Adventure
2009-07-19 20:31:03 ----A---- C:\WINDOWS\SIERRA.INI
2009-07-16 17:37:44 ----D---- C:\Program Files\AOL Toolbar
2009-07-16 17:36:59 ----D---- C:\WINDOWS\aolshare
2009-07-16 17:36:56 ----D---- C:\Program Files\Common Files\aolshare
2009-07-16 17:36:56 ----D---- C:\Program Files\AOL 9.1
2009-07-16 17:29:06 ----A---- C:\WINDOWS\msoffice.ini
2009-07-15 09:51:16 ----D---- C:\WINDOWS\ie8updates
2009-07-15 09:50:28 ----HDC---- C:\WINDOWS\ie8
2009-07-15 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 16:40:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-14 16:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
======List of files/folders modified in the last 1 months======
2009-08-07 11:47:30 ----D---- C:\Program Files
2009-08-07 11:29:18 ----D---- C:\WINDOWS\Temp
2009-08-07 11:29:18 ----D---- C:\WINDOWS\system32
2009-08-07 10:21:40 ----D---- C:\WINDOWS\Prefetch
2009-08-07 05:14:53 ----AD---- C:\WINDOWS
2009-08-06 20:38:29 ----A---- C:\WINDOWS\win.ini
2009-08-06 18:45:11 ----A---- C:\WINDOWS\WININIT.INI
2009-08-06 13:17:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-06 13:17:07 ----HD---- C:\WINDOWS\inf
2009-08-05 15:03:54 ----D---- C:\WINDOWS\Registration
2009-08-05 15:03:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-05 15:02:48 ----HD---- C:\Config.Msi
2009-08-05 15:01:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-05 13:14:17 ----SHD---- C:\WINDOWS\Installer
2009-08-05 13:14:00 ----D---- C:\Program Files\Common Files\Apple
2009-08-05 13:12:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-03 21:03:48 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2009-07-31 20:57:54 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-30 19:49:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-30 13:27:55 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-30 12:05:51 ----D---- C:\WINDOWS\Minidump
2009-07-30 03:00:32 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-30 03:00:31 ----D---- C:\Program Files\Internet Explorer
2009-07-30 03:00:22 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-30 03:00:17 ----D---- C:\WINDOWS\WinSxS
2009-07-28 21:32:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2009-07-26 17:09:18 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 20:36:46 ----D---- C:\Program Files\Common Files
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 17:39:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AOL
2009-07-16 17:38:27 ----D---- C:\Program Files\Common Files\aol
2009-07-16 17:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-07-16 17:29:46 ----D---- C:\Program Files\AOL
2009-07-16 17:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-16 16:34:25 ----SD---- C:\WINDOWS\Tasks
2009-07-15 09:53:02 ----D---- C:\WINDOWS\system32\en-us
2009-07-15 09:53:02 ----D---- C:\WINDOWS\Media
2009-07-15 09:53:02 ----D---- C:\WINDOWS\Help
2009-07-15 09:51:27 ----A---- C:\WINDOWS\imsins.BAK
2009-07-14 17:27:51 ----D---- C:\WINDOWS\network diagnostic
2009-07-14 12:48:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-11 16:40:03 ----D---- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2009-07-11 16:25:20 ----D---- C:\Program Files\Firefly Studios
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\DVDPlay\000.fcl []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-10 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-14 19200]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-14 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-19 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-19 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-19 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-02 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-14 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-30 189072]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-07 11:47:45
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AOL Toolbar -->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Barbie(TM) Explorer(TM)-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\BrbExpPCUn.exe
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BlackBerry Media Sync-->C:\WINDOWS\Installer\BBMediaSyncUninstall.exe
BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dogz (remove only)-->"C:\Program Files\Ubisoft\Dogz\uninstall.exe" 1033
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Harry Potter and the Order of the Phoenix™-->C:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
HP DVD Play HD DVD 2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet Pro All-In-One Series-->C:\Program Files\HP\Digital Imaging\{7729A02E-D1AD-4830-8FC5-11853500D90D}\setup\hpzscr01.exe -datfile hpwscr05.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software-->MsiExec.exe /X{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MPM-->MsiExec.exe /X{D48AD533-BAD5-469B-A9AA-272C6D80E70B}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RollerCoaster Tycoon Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Stronghold Legends-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66A405D2-BA14-4594-BF36-B3B544F0754E}\setup.exe" -l0x9 -removeonly
TomTom HOME 2.6.2.1586-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Transformers(TM) - The Game-->C:\Program Files\InstallShield Installation Information\{5645BA4F-2BF3-4F31-B3F7-710700C92456}\setup.exe -runfromtemp -l0x0409
Uninstall AOL Emergency Connect Utility 1.0-->C:\Program Files\Common Files\AOL\ECU\uninst.exe
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
192.168.0.197 HP00156047F315
192.168.0.193 HP00215AA3D615
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
======System event log======
Computer Name: YOUR-4DACD0EA75
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 13038
Source Name: Service Control Manager
Time Written: 20090801030503.000000-300
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 12811
Source Name: Service Control Manager
Time Written: 20090801023633.000000-300
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 12584
Source Name: Service Control Manager
Time Written: 20090731215629.000000-300
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 11758
Source Name: Service Control Manager
Time Written: 20090731205856.000000-300
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 9
Message: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Record Number: 11734
Source Name: iaStor
Time Written: 20090731193609.000000-300
Event Type: error
User:
=====Application event log=====
Computer Name: YOUR-4DACD0EA75
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 1617
Source Name: MsiInstaller
Time Written: 20090407142556.000000-300
Event Type: warning
User: YOUR-4DACD0EA75\HP_Administrator
Computer Name: YOUR-4DACD0EA75
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 1616
Source Name: MsiInstaller
Time Written: 20090407142556.000000-300
Event Type: warning
User: YOUR-4DACD0EA75\HP_Administrator
Computer Name: YOUR-4DACD0EA75
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 1615
Source Name: MsiInstaller
Time Written: 20090407142554.000000-300
Event Type: warning
User: YOUR-4DACD0EA75\HP_Administrator
Computer Name: YOUR-4DACD0EA75
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 1614
Source Name: MsiInstaller
Time Written: 20090407142554.000000-300
Event Type: warning
User: YOUR-4DACD0EA75\HP_Administrator
Computer Name: YOUR-4DACD0EA75
Event Code: 1000
Message: Faulting application hpdj00.exe, version 2.335.5.0, faulting module unknown, version 0.0.0.0, fault address 0x0012e731.
Record Number: 1562
Source Name: Application Error
Time Written: 20090407135115.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Sorry I had to post in so many pieces, my computer kept giving me an error message about exceeding 30 seconds and wouldn't upload the bigger chunks. Sysprot log to come next.
keddie7 :)
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 712
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 768
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 792
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 848
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 860
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1036
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1136
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1264
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1436
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1568
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1676
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1772
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PID: 1812
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1848
Hidden: No
Window Visible: No
Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1884
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 1992
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\ehSched.exe
PID: 368
Hidden: No
Window Visible: No
Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 536
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 576
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 632
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1204
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 1212
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 1240
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1300
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 1336
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\PnkBstrB.exe
PID: 1352
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1428
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 316
Hidden: No
Window Visible: No
Name: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PID: 1984
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 308
Hidden: No
Window Visible: No
Name: C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
PID: 2036
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 2092
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PID: 2176
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\searchindexer.exe
PID: 2356
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 2812
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\dllhost.exe
PID: 4040
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\ehtray.exe
PID: 4088
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe
PID: 1528
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 2720
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\ehmsas.exe
PID: 2724
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2908
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PID: 2952
Hidden: No
Window Visible: No
Name: C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PID: 3112
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 3300
Hidden: No
Window Visible: No
Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3564
Hidden: No
Window Visible: No
Name: C:\Program Files\Messenger\msmsgs.exe
PID: 3576
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 3996
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 2404
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
PID: 3524
Hidden: No
Window Visible: No
Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3856
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 3244
Hidden: No
Window Visible: No
Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1724
Hidden: No
Window Visible: No
Name: C:\Program Files\AOL 9.1\waol.exe
PID: 5696
Hidden: No
Window Visible: No
Name: C:\Program Files\AOL 9.1\shellmon.exe
PID: 4588
Hidden: No
Window Visible: No
Name: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PID: 2260
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4308
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2436
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2144
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\searchprotocolhost.exe
PID: 4320
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\searchfilterhost.exe
PID: 1692
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProt.exe
PID: 4508
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\geyekrsscupuve.sys
Service Name: geyekrumhnvnwg
Module Base: ---
Module End: ---
Hidden: Yes
Module Name: \??\C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AFD2D000
Module End: AFD38000
Hidden: No
Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BADA8000
Module End: BADAA000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BACB8000
Module End: BACBB000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: BA779000
Module End: BA7A7000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BADAA000
Module End: BADAC000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: BA768000
Module End: BA779000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA8A8000
Module End: BA8B2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA8B8000
Module End: BA8C8000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA8C8000
Module End: BA8D6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BAE70000
Module End: BAE71000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BAB28000
Module End: BAB2F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: BADAC000
Module End: BADAE000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: BADAE000
Module End: BADB0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA8D8000
Module End: BA8E3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: BA749000
Module End: BA768000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BADB0000
Module End: BADB2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: BA723000
Module End: BA749000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BAB30000
Module End: BAB35000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA8E8000
Module End: BA8F5000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\iastor.sys
Service Name: iaStor
Module Base: BA66C000
Module End: BA723000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: BA654000
Module End: BA66C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA8F8000
Module End: BA901000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA908000
Module End: BA915000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: BA634000
Module End: BA654000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: BA622000
Module End: BA634000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA918000
Module End: BA924000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: BA60B000
Module End: BA622000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: BA57E000
Module End: BA60B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: BA551000
Module End: BA57E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: BA537000
Module End: BA551000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: BA948000
Module End: BA958000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BAA28000
Module End: BAA31000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ELacpi.sys
Service Name: ELacpi
Module Base: BAC30000
Module End: BAC38000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: BA0F7000
Module End: BA4C7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: BA0E3000
Module End: BA0F7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: BA0A5000
Module End: BA0E3000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BAC50000
Module End: BAC56000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: BA081000
Module End: BA0A5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BAC80000
Module End: BAC88000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: BA059000
Module End: BA081000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\cxfalcon.sys
Service Name: CXFALCON
Module Base: BA044000
Module End: BA059000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: BA021000
Module End: BA044000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
Service Name: HSXHWBS2
Module Base: B9FDC000
Module End: BA021000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
Service Name: HSX_DP
Module Base: B9EE5000
Module End: B9FDC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsx
Module Base: B9E2F000
Module End: B9EE5000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: BAC10000
Module End: BAC18000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BAA38000
Module End: BAA43000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BAA48000
Module End: BAA58000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BAA58000
Module End: BAA67000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BAA68000
Module End: BAA72000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\serscan.sys
Service Name: StillCam
Module Base: BADCC000
Module End: BADCE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BAFFD000
Module End: BAFFE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BAA78000
Module End: BAA85000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BAD64000
Module End: BAD67000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B9E18000
Module End: B9E2F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BAA88000
Module End: BAA93000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BAA98000
Module End: BAAA4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BACA0000
Module End: BACA5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B9E07000
Module End: B9E18000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BAAA8000
Module End: BAAB1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BAB58000
Module End: BAB5D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BAB68000
Module End: BAB6D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: BAB78000
Module End: BAB7E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B9DD7000
Module End: B9E07000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BAAB8000
Module End: BAAC2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BABC8000
Module End: BABCE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BABD8000
Module End: BABDE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BADD2000
Module End: BADD4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B9CB1000
Module End: B9D0F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BAD8C000
Module End: BAD90000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BAAD8000
Module End: BAAE2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BAAE8000
Module End: BAAF7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BADDA000
Module End: BADDC000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: B36D5000
Module End: B3B69000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B36B1000
Module End: B36D5000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BAAF8000
Module End: BAB07000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BADE8000
Module End: BADEA000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BAEFA000
Module End: BAEFB000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BADEC000
Module End: BADEE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BABF0000
Module End: BABF7000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: BAC00000
Module End: BAC06000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BADF0000
Module End: BADF2000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BADF4000
Module End: BADF6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: BABB0000
Module End: BABB7000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BABC0000
Module End: BABC5000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BABE0000
Module End: BABE8000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: B3B71000
Module End: B3B74000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: B362E000
Module End: B3641000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: B35D5000
Module End: B362E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: B3587000
Module End: B35AD000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: B355F000
Module End: B3587000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: BAB18000
Module End: BAB21000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: B353D000
Module End: B355F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: BA958000
Module End: BA967000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: BABE8000
Module End: BABF0000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: BA968000
Module End: BA971000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: B3512000
Module End: B353D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: B34A2000
Module End: B3512000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: BA4EF000
Module End: BA4F2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: BA978000
Module End: BA981000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: BA988000
Module End: BA993000
Hidden: No
Module Name: \??\C:\WINDOWS\System32\Drivers\Elhid.sys
Service Name: ELhid
Module Base: B36A9000
Module End: B36AC000
Hidden: No
Module Name: \??\C:\WINDOWS\System32\Drivers\Elmou.sys
Service Name: ELmou
Module Base: BAE08000
Module End: BAE0A000
Hidden: No
Module Name: \??\C:\WINDOWS\System32\Drivers\Elmon.sys
Service Name: ELmon
Module Base: BAE0C000
Module End: BAE0E000
Hidden: No
Module Name: \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
Service Name: ELkbd
Module Base: BAE10000
Module End: BAE12000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B3699000
Module End: B369C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: BA9B8000
Module End: BA9C8000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B33F2000
Module End: B33F6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\IrBus.sys
Service Name: IrBus
Module Base: BA9C8000
Module End: BA9D4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\hidir.sys
Service Name: HidIr
Module Base: BAC68000
Module End: BAC6D000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: B3323000
Module End: B33DA000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: BAD88000
Module End: BAD8B000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BABD0000
Module End: BABD5000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BAFF1000
Module End: BAFF2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B2AE6000
Module End: B2AEA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\pnarp.sys
Service Name: pnarp
Module Base: BAB80000
Module End: BAB85000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\purendis.sys
Service Name: purendis
Module Base: BAC38000
Module End: BAC3D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B157B000
Module End: B15A8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B144E000
Module End: B1463000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B1FC8000
Module End: B1FD7000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B1205000
Module End: B1246000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B10C3000
Module End: B1115000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: B11F9000
Module End: B11FD000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MSPQM.sys
Service Name: MSPQM
Module Base: BADC4000
Module End: BADC6000
Hidden: No
Module Name: \??\C:\Program Files\HP\DVDPlay\000.fcl
Service Name: {22D78859-9CE9-4b77-BF18-AC83E81A9263}
Module Base: BAE5A000
Module End: BAE5C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Service Name: MSPCLOCK
Module Base: BADE6000
Module End: BADE8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A53BF000
Module End: A53EA000
Hidden: No
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwSaveKeyEx
At Address: 8062534A
Jump To: 8A2BBD4A
Module Name: _unknown_
Hooked Function: ZwSaveKey
At Address: 80625264
Jump To: 8A2BC5F2
Module Name: _unknown_
Hooked Function: ZwFlushInstructionCache
At Address: 805B6812
Jump To: 8A2B8894
Module Name: _unknown_
Hooked Function: ZwEnumerateKey
At Address: 80623FF0
Jump To: 8A2BB6DC
Module Name: _unknown_
Hooked Function: IofCompleteRequest
At Address: 804EF236
Jump To: 8A2BC46B
Module Name: _unknown_
Hooked Function: IofCallDriver
At Address: 804EF1A6
Jump To: 89EA190B
Module Name: _unknown_
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: HP00156047F315:4830
Remote Address: CDCE.WDC007.INTERNAP.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: HP00156047F315:3956
Remote Address: STATIC.91.213.46.78.CLIENTS.YOUR-SERVER.DE:HTTPS
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: CLOSE_WAIT
Local Address: HP00156047F315:3295
Remote Address: HP00215AA3D615:NETBIOS-SSN
Type: TCP
Process: System
State: ESTABLISHED
Local Address: HP00156047F315:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: YOUR-4DACD0EA75:27015
Remote Address: LOCALHOST:1100
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED
Local Address: YOUR-4DACD0EA75:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING
Local Address: YOUR-4DACD0EA75:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING
Local Address: YOUR-4DACD0EA75:5152
Remote Address: LOCALHOST:4811
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT
Local Address: YOUR-4DACD0EA75:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: YOUR-4DACD0EA75:4811
Remote Address: LOCALHOST:5152
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: FIN_WAIT2
Local Address: YOUR-4DACD0EA75:1100
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED
Local Address: YOUR-4DACD0EA75:1056
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: YOUR-4DACD0EA75:1196
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: LISTENING
Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: YOUR-4DACD0EA75:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: HP00156047F315:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: HP00156047F315:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: HP00156047F315:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: HP00156047F315:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: HP00156047F315:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-4DACD0EA75:45301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrB.exe
State: NA
Local Address: YOUR-4DACD0EA75:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrA.exe
State: NA
Local Address: YOUR-4DACD0EA75:4812
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA
Local Address: YOUR-4DACD0EA75:2962
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe
State: NA
Local Address: YOUR-4DACD0EA75:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-4DACD0EA75:1797
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\aol\acs\AOLacsd.exe
State: NA
Local Address: YOUR-4DACD0EA75:1766
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA
Local Address: YOUR-4DACD0EA75:1074
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-4DACD0EA75:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-4DACD0EA75:62928
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:61730
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:59810
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:59675
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:58088
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:54627
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: YOUR-4DACD0EA75:4459
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: YOUR-4DACD0EA75:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA
Local Address: YOUR-4DACD0EA75:1900
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: YOUR-4DACD0EA75:1196
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: YOUR-4DACD0EA75:1130
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\spoolsv.exe
State: NA
Local Address: YOUR-4DACD0EA75:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: YOUR-4DACD0EA75:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: YOUR-4DACD0EA75:138
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: YOUR-4DACD0EA75:68
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: YOUR-4DACD0EA75:67
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}
Status: Access denied
Object: C:\WINDOWS\system32\drivers\geyekrsscupuve.sys
Status: Hidden
Object: C:\WINDOWS\system32\geyekrpwlgmaeo.dll
Status: Hidden
Object: C:\WINDOWS\system32\geyekrwittgyus.dat
Status: Hidden
Object: C:\WINDOWS\system32\geyekrwqdgxgnm.dll
Status: Hidden
Object: C:\WINDOWS\system32\geyekrxunbjivh.dat
Status: Hidden
Object: C:\WINDOWS\Temp\geyekrbvbrccotsb.tmp
Status: Hidden
Object: C:\WINDOWS\Temp\geyekrclnpfayulh.tmp
Status: Hidden
Object: C:\WINDOWS\Temp\geyekrimndnkrkjb.tmp
Status: Hidden
Object: C:\WINDOWS\Temp\geyekrntjvextvem.tmp
Status: Hidden
Object: C:\WINDOWS\Temp\geyekrnurhnvfrvb.tmp
Status: Hidden
Information
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire 5.1.2
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link (http://www.neoshine.co.uk/mina/Downloads/TTWipe.bat) and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.
----------------------------------------------------------------------------------------
Step 1
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Combofix Log
MalwareBytes Log
How are things running now ?
Here's the Combofix log, Malwarebytes Log to follow:
ComboFix 09-08-07.04 - HP_Administrator 08/07/2009 15:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1641 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\f5923.msi
c:\windows\system32\drivers\geyekrsscupuve.sys
c:\windows\system32\geyekrpwlgmaeo.dll
c:\windows\system32\geyekrwittgyus.dat
c:\windows\system32\geyekrwqdgxgnm.dll
c:\windows\system32\geyekrxunbjivh.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekrumhnvnwg
-------\Legacy_geyekrumhnvnwg
((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.
2009-08-07 16:47 . 2009-08-07 16:47 -------- d-----w- C:\rsit
2009-08-07 16:47 . 2009-08-07 16:47 -------- d-----w- c:\program files\trend micro
2009-08-06 18:17 . 2009-08-06 18:17 -------- d-----w- c:\windows\McAfee.com
2009-08-05 18:14 . 2009-08-05 18:14 -------- d-----w- c:\program files\iPod
2009-08-05 18:13 . 2009-08-05 18:14 -------- d-----w- c:\program files\iTunes
2009-08-05 18:13 . 2009-08-05 18:13 -------- d-----w- c:\program files\QuickTime
2009-08-03 14:08 . 2009-08-03 14:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-31 00:49 . 2009-07-31 00:49 -------- d-----w- c:\program files\Infogrames Interactive
2009-07-26 22:09 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-07-26 22:09 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-07-20 01:38 . 2009-07-20 01:38 -------- d-----w- C:\Barbie(TM)
2009-07-20 01:36 . 2009-07-20 01:36 -------- d-----w- c:\program files\Barbie(TM)
2009-07-20 01:36 . 2009-07-20 01:36 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
2009-07-16 22:37 . 2009-07-16 22:37 -------- d-----w- c:\program files\AOL Toolbar
2009-07-16 22:36 . 2009-07-16 22:36 -------- d-----w- c:\windows\aolshare
2009-07-16 22:36 . 2009-07-20 18:21 -------- d-----w- c:\program files\AOL 9.1
2009-07-16 22:36 . 2009-07-16 22:38 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-16 12:25 . 2009-07-16 12:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-15 15:03 . 2009-07-15 15:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 14:56 . 2009-07-15 14:56 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2009-07-15 14:54 . 2009-07-15 14:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-15 14:53 . 2009-07-15 14:53 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2009-07-15 14:51 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 14:51 . 2009-07-30 08:00 -------- d-----w- c:\windows\ie8updates
2009-07-15 14:51 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 14:51 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 14:50 . 2009-07-15 14:50 -------- dc-h--w- c:\windows\ie8
2009-07-14 21:40 . 2009-08-07 19:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-14 21:40 . 2009-08-06 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 03:06 . 2009-02-23 23:27 34 ----a-w- c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2009-08-05 18:14 . 2009-03-04 16:38 -------- d-----w- c:\program files\Common Files\Apple
2009-08-04 02:03 . 2009-04-11 18:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-08-01 01:57 . 2009-02-25 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 00:49 . 2006-11-01 22:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 18:27 . 2009-04-08 02:00 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-30 17:37 . 2009-04-08 02:00 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-29 02:32 . 2009-02-24 00:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Move Networks
2009-07-16 22:39 . 2009-02-23 00:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-07-16 22:38 . 2009-02-23 00:55 -------- d-----w- c:\program files\Common Files\aol
2009-07-16 22:38 . 2009-02-23 00:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL
2009-07-16 22:15 . 2009-02-23 01:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-14 17:48 . 2009-02-23 01:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-07-11 21:40 . 2009-04-04 21:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Firefly Studios
2009-07-11 21:25 . 2009-04-04 21:44 -------- d-----w- c:\program files\Firefly Studios
2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Research In Motion
2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\program files\Research In Motion
2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Research In Motion
2009-07-04 22:16 . 2009-07-04 22:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Viewpoint
2009-07-03 17:09 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 22:51 . 2009-04-08 01:39 -------- d-----w- c:\program files\Activision
2009-06-16 14:36 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-15 19:59 . 2009-06-07 01:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ubisoft
2009-06-15 19:54 . 2009-06-07 01:04 -------- d-----w- c:\program files\Ubisoft
2009-06-10 08:10 . 2009-02-21 17:42 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-04 23:25 . 2009-06-04 16:53 227 ----a-w- c:\windows\PowerReg.dat
2009-06-03 19:09 . 2004-08-10 04:00 1291264 ------w- c:\windows\system32\quartz.dll
2009-06-02 00:09 . 2009-06-02 00:09 1910315 ----a-w- c:\program files\oregon_trail_deluxe.zip
2009-05-27 23:00 . 2009-05-27 23:00 96800 ----a-w- c:\windows\Fonts\anvers black.ttf
2009-05-27 23:00 . 2009-05-27 23:00 110460 ----a-w- c:\windows\Fonts\anvers regular.ttf
2009-05-27 23:00 . 2009-05-27 23:00 100676 ----a-w- c:\windows\Fonts\anvers bold.ttf
2009-05-25 05:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-23 14:57 . 2009-05-23 14:57 10920 ----a-w- C:\aolconnfix.exe
2009-05-19 15:59 . 2009-05-19 15:59 127877 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\uninstall.exe
2009-05-19 15:59 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-19 15:59 . 2009-05-19 15:59 1685856 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"HostManager"="c:\program files\Common Files\AOL\1235350536\ee\AOLSoftware.exe" [2008-11-06 41264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-01 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-03 148888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1235350536\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [11/1/2006 6:02 PM 6656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [11/1/2006 5:49 PM 82048]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [11/1/2006 5:48 PM 468768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 15:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{22D78859-9CE9-4b77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
Completion time: 2009-08-07 15:16
ComboFix-quarantined-files.txt 2009-08-07 20:16
Pre-Run: 287,626,993,664 bytes free
Post-Run: 287,749,087,232 bytes free
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,1,2,3,4
204 --- E O F --- 2009-07-31 08:00
Malwarebytes' Anti-Malware 1.40
Database version: 2575
Windows 5.1.2600 Service Pack 3
8/7/2009 5:05:11 PM
mbam-log-2009-08-07 (17-05-11).txt
Scan type: Full Scan (C:\|D:\|G:\|L:\|M:\|)
Objects scanned: 262274
Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrpwlgmaeo.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrwqdgxgnm.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028481.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028482.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Computer seems to be doing better, it didn't show all of the crazy disappearing command boxes when it first starts windows like it usually does. I'll keep playing with the programs and functions I had been having trouble with and let you know. Thank You SO MUCH! Let me know what follow up information you might need and when I can restart Spybot TeaTimer (i think that was the major thing you said to wait for clearance before restarting)
Let's have one more scan to make sure nothing is lurking
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
I have tried repeatedly to scan with the Kaspersky Scanner you recommended but I keep getting the same error message:
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]
I have confirmed my internet connection, halted my anti-virus scanner (to my knowledge) and closed and reopened the KOS 7.0 window a dozen times to try and make it work. Any advice on resolving or getting around this issue?
Hmm a lot of people are having problems with it at the moment ???
Try this instead ...
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
Heres the ActiveScan 2.0 Log, looks like there's more :( I [U]really[U] appreciate your help!
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-09 23:29:05
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 15
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090808-0] 4.8.1335 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@247realmedia[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@7search[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@uol.com[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@target[2].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00433807 Bck/Radmin.AN Virus/Trojan No 1 Yes No C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32
00450614 Adware/2Search Adware No 0 No No C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe[PPCToolbar.dll]
00487624 Trj/Banker.LNO Virus/Trojan No 1 Yes No C:\hp\recovery\wizard\SWR_Wizard.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028578.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028497.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_geyekrsscupuve_.sys.zip[geyekrsscupuve.sys]
;===================================================================================================================================================================================
SUSPECTS
Sent Location #
;===================================================================================================================================================================================
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\airstrike2gulfthunder-setup.exe[AirStrike3D II - Gulf.exe]
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\alienshooter-setup.exe[AlienShooter.exe]
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\bejeweled2deluxe-setup.exe[WinBej2.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\bistrostars-setup.exe[BistroStars.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\bookwormdeluxe-setup.exe[BookWorm.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\cakemania-setup.exe[CakeMania.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\chuzzledeluxe-setup.exe[Chuzzle.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\dinerdash-setup.exe[Diner Dash.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\familyfeud-setup.exe[FamilyFeud.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\insaniquariumdeluxe-setup.exe[InsaniquariumDeluxe.exe]
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\jewelquest-setup.exe[JewelQuest.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\mahjongquest-setup.exe[mahjong.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\scrabble-setup.exe[Scrabble.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\slingodeluxe-setup.exe[Slingo.exe] #
No D:\I386\APPS\APP08191\SRC\INSTALL\Worldwide-MediaCenter\GAMES\wheeloffortune-setup.exe[Wheel of Fortune.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description #
;===================================================================================================================================================================================
;===================================================================================================================================================================================
No problems there, a few cookies and false positives :)
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt
You can also delete any logs we have produced, and empty your Recycle bin.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Thank You so much for all of your help! The computer seems to be running fine, I have put it through all of my regular errands and it is perfoming without a hitch! I am so sorry for not following up in a timely fashion, I dont want to appear ungrateful, because I truly couldn't have fixed this without you and I hugely appreciate all of your time and attention! So I want to apologize for the delay and thank you again!
Sincerely,
Keddie7