My Ad Aware and SpySweeper picked up a trojan infection. AVG constantly is deleting this file after booting and during a work session. It refused to be completely removed. Thank you in advance for any help! (Just a note that I have been unsuccessful in updating this computer to SP3 for the last year. It crashes the system each time so I just gave up).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:32 PM, on 8/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program

Files\AGI\common\agcutils.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program

Files\AGI\common\agcutils.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

(file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program

Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program

Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program

Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} -

C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "C:\WINDOWS\ARPWRMSG.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster

2\RegistryBooster.exe /S
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program

Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no

file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

(file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

(file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?120389611

9703
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) -

http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program

Files\AGI\common\win32\PythonService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game

Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc.

(www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 11552 bytes

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

A few points before we get down to cleaning ....


AntiVirus
You appear to have AVG8 and Symantec ( Does Webroot have the Antivirus guard as well ? )
First you should know that you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.


Registry Cleaners + "Tweak" Tools

Re. Uniblue RegistryBooster

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html


----------------------------------------------------------------------------------------
Step 1

Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



----------------------------------------------------------------------------------------
Step 2

SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab. In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.



----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

RSIT Logs
Sysprot Log
Where does AVG find this problem file ?

Thank you for replying to my plea for help. Unfortunately I have to go out of town until Sunday so I will not be able to act on your instructions. When I return on Sunday I will do as you suggest and post the logs. Thank you so much again.

In regards to your questions:

1. I only use AVG Free anti-virus. Symantec was removed (or so I thought) many months ago. It evidently has left something behind. How do I get rid of it?

2. I don't use any of the registry cleaners, they are left over from someone before. How do I get rid of them?

3. AVG scan always finds the same file, over and over again. It seems to renew itself on each reboot. I remove it manually and it just comes back. AVG scan results:

"C:\WINDOWS\system32\drivers\c200ecd5c1f9cef1.sys";"Trojan horse Agent2.OQZ";"Moved to Virus Vault"

Here is the SysProtLog. The program could not run a scan on the root drive, the computer would shut down and restart each time:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1052
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PID: 1304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1352
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1596
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1704
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1948
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 352
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 408
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 768
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PID: 1516
Hidden: No
Window Visible: No

Name: C:\Program Files\AGI\common\win32\pythonservice.exe
PID: 1536
Hidden: No
Window Visible: No

Name: C:\WINDOWS\arservice.exe
PID: 1580
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 1652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 1684
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 1472
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 496
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 236
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PID: 600
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
PID: 2140
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PID: 2192
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 2252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2268
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2284
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PID: 2380
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 2904
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 3552
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 3596
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3996
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe
PID: 4088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\arpwrmsg.exe
PID: 308
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PID: 920
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PID: 2008
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\hp\KBD\kbd.exe
PID: 2176
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 2472
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2480
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PID: 2616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3728
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PID: 1016
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt.exe
PID: 2668
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\ALCXMNTR.EXE
PID: 3048
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PID: 4080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system\hpsysdrv.exe
PID: 3332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: EE056000
Module End: EE061000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E2000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E2000
Module End: 80702D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7B70000
Module End: F7B72000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7A80000
Module End: F7A83000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7541000
Module End: F756F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7B72000
Module End: F7B74000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7530000
Module End: F7541000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7670000
Module End: F7679000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7680000
Module End: F768F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7690000
Module End: F769D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SSHRMD.SYS
Service Name: SSHRMD
Module Base: F76A0000
Module End: F76A9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SSIDRV.SYS
Service Name: SSIDRV
Module Base: F7502000
Module End: F7530000
Hidden: No

Module Name: \WINDOWS\SYSTEM32\Drivers\NDIS.SYS
Service Name: NDIS
Module Base: F74D5000
Module End: F7502000
Hidden: No

Module Name: \WINDOWS\SYSTEM32\Drivers\TDI.SYS
Service Name: ---
Module Base: F78F0000
Module End: F78F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssfs0bbc.sys
Service Name: ssfs0bbc
Module Base: F76B0000
Module End: F76BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7C38000
Module End: F7C39000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F78F8000
Module End: F78FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F7B74000
Module End: F7B76000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F7B76000
Module End: F7B78000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F76C0000
Module End: F76CB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F74B6000
Module End: F74D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7B78000
Module End: F7B7A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7490000
Module End: F74B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7900000
Module End: F7905000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F76D0000
Module End: F76DD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F73BB000
Module End: F7490000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73A3000
Module End: F73BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F76E0000
Module End: F76E9000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F76F0000
Module End: F76FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F7383000
Module End: F73A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7371000
Module End: F7383000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F7700000
Module End: F770F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7710000
Module End: F7719000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F735A000
Module End: F7371000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72CD000
Module End: F735A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\timntr.sys
Service Name: timounter
Module Base: F7299000
Module End: F72CD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\snapman.sys
Service Name: snapman
Module Base: F7284000
Module End: F7299000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7269000
Module End: F7284000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: F77F0000
Module End: F77FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\aracpi.sys
Service Name: aracpi
Module Base: F7A78000
Module End: F7A7E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F6760000
Module End: F68AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F674C000
Module End: F6760000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F7910000
Module End: F7915000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6729000
Module End: F674C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7938000
Module End: F793F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F693E000
Module End: F6949000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: F692E000
Module End: F6937000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F691E000
Module End: F692B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F690E000
Module End: F691D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6706000
Module End: F6729000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Service Name: AgereSoftModem
Module Base: F65FA000
Module End: F6706000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7940000
Module End: F7948000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
Service Name: hcwPP2
Module Base: F65D3000
Module End: F65FA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Service Name: RTL8023xp
Module Base: F65BF000
Module End: F65D3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F68FE000
Module End: F690E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Service Name: ALCXWDM
Module Base: F6245000
Module End: F65BF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F6223000
Module End: F6245000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F68EE000
Module End: F68FD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F620F000
Module End: F6223000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F68DE000
Module End: F68EB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7948000
Module End: F794E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
Service Name: armoucfltr
Module Base: F7BEA000
Module End: F7BEC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\PS2.sys
Service Name: Ps2
Module Base: F7950000
Module End: F7955000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7958000
Module End: F795E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
Service Name: arkbcfltr
Module Base: F7BEC000
Module End: F7BEE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arpolicy.sys
Service Name: ARPolicy
Module Base: F7B38000
Module End: F7B3B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7D7D000
Module End: F7D7E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F68CE000
Module End: F68DB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7B3C000
Module End: F7B3F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F61F8000
Module End: F620F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F68BE000
Module End: F68C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F68AE000
Module End: F68BA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F61E7000
Module End: F61F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F78B0000
Module End: F78B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7960000
Module End: F7965000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7968000
Module End: F796D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F61B6000
Module End: F61E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F78C0000
Module End: F78CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SymIM.sys
Service Name: SymIM
Module Base: F7970000
Module End: F7976000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7BEE000
Module End: F7BF0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6182000
Module End: F61B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F6CD4000
Module End: F6CD8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7800000
Module End: F780A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7830000
Module End: F783F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7BF0000
Module End: F7BF2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F7988000
Module End: F798F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\usbbc.sys
Service Name: Wdm1
Module Base: F7235000
Module End: F7238000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7BF4000
Module End: F7BF6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7CFF000
Module End: F7D00000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7BF6000
Module End: F7BF8000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F79A0000
Module End: F79A6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7BF8000
Module End: F7BFA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7BFA000
Module End: F7BFC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F79A8000
Module End: F79AD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F79B0000
Module End: F79B8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7231000
Module End: F7234000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F1768000
Module End: F177B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F1710000
Module End: F1768000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: F16F7000
Module End: F1710000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F16CF000
Module End: F16F7000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: F167E000
Module End: F16A3000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F165C000
Module End: F167E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7850000
Module End: F7859000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SRTSPX.SYS
Service Name: SRTSPX
Module Base: F7870000
Module End: F787A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F1631000
Module End: F165C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F15C2000
Module End: F1631000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7880000
Module End: F7889000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F15A1000
Module End: F15C2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: F79B8000
Module End: F79BF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7890000
Module End: F7899000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F78A0000
Module End: F78AF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F79D8000
Module End: F79DE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: F1500000
Module End: F1551000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: F14DD000
Module End: F1500000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F14C5000
Module End: F14DD000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B88000
Module End: F7B8A000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F7239000
Module End: F723C000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7A00000
Module End: F7A05000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7CAD000
Module End: F7CAE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Service Name: tifsfilter
Module Base: F7A10000
Module End: F7A18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EF289000
Module End: EF28D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: EEE38000
Module End: EEE4D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EF37D000
Module End: EF38C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EEC04000
Module End: EEC30000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: EEAD3000
Module End: EEB14000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: EEA59000
Module End: EEAAB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MSPQM.sys
Service Name: MSPQM
Module Base: F7C30000
Module End: F7C32000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Service Name: symlcbrd
Module Base: F7980000
Module End: F7986000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: EE49E000
Module End: EE4AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: EDEEB000
Module End: EDF16000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: 8657EDC8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F770087E
Driver Base: F7700000
Driver End: F770F000
Driver Name: Lbd.sys

Function Name: ZwCreateProcess
Address: 8654BB28
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcessEx
Address: 8654BAB0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 8654B8D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: 8654D0A8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: 8654BBA0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueueApcThread
Address: 8657EE40
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReadVirtualMemory
Address: 8657ECD8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: 8654BD08
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 8657EF30
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationKey
Address: 8654BC90
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 8654B9C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationThread
Address: 8657EFA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7700BFE
Driver Base: F7700000
Driver End: F770F000
Driver Name: Lbd.sys

Function Name: ZwSuspendProcess
Address: 8654B948
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 8657EEB8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8654BA38
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 8657E020
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 8657ED50
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8638CA80
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 865423C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86534D08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8635B9F0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8636BE28
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8642F918
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 862CA7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 863ADA48
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 86343BA8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86388770
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 864A3B70
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 862C9C80
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 862BA4E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 86075140
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8649FB08
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 860950C8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8630EA88
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8632ACB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8633A838
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 863314A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 863A6108
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8634D778
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8634AF00
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 864DC200
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 860FE130
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 86360628
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 862A5DE8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: LINDA2006.MYHOME.WESTELL.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LINDA2006:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: LINDA2006:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: LINDA2006:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: LINDA2006:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: LINDA2006:1051
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: LINDA2006:1241
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
State: LISTENING

Local Address: LINDA2006:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LINDA2006:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: LINDA2006.MYHOME.WESTELL.COM:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LINDA2006.MYHOME.WESTELL.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LINDA2006.MYHOME.WESTELL.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LINDA2006.MYHOME.WESTELL.COM:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LINDA2006:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LINDA2006:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LINDA2006:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LINDA2006:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: LINDA2006:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: LINDA2006:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LINDA2006:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************

info.txt logfile of random's system information tool 1.06 2009-08-09 14:58:55

======Uninstall list======

-->"C:\Program Files\HP Games\Wik and The Fable of Souls\Uninstall.exe"
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->"C:\Program Files\WildGames\FATE Undiscovered Realms\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{566E3DF3-A14B-4322-926A-C30D42959951}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32-BIT BDE-->C:\PROGRA~1\Borland\COMMON~1\UNWISE.EXE C:\PROGRA~1\Borland\COMMON~1\INSTALL.LOG
Acronis*True*Image-->C:\Program Files\Acronis\TrueImage\uninstall.exe
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Agere Systems PCI Soft Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\Setup.exe" -l0x9 -uninst
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Bounce Symphony-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
Canasta for Windows-->C:\PROGRA~1\Canasta\UNWISE.EXE C:\PROGRA~1\Canasta\INSTALL.LOG
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RAW Image Converter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crystal Maze from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DYMO Label Software-->C:\PROGRA~1\DYMOLA~1\UNINSTAL.EXE /U C:\PROGRA~1\DYMOLA~1\INSTALL.LOG
EmailStripper 2.2-->"C:\Program Files\EmailStripper\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON PERF 2400 Guide-->C:\Program Files\epson\guide\perf_2400p_e\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22901BB7-2C57-409E-AF2F-56FFFEA41116}\setup.exe" -l0x9 MyUninstall
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FATE from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\01929F2A-2200-4042-8EFD-EEF933E9195C\Uninstall.exe"
FATE from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
FateUtilities-->MsiExec.exe /I{8A1A3690-824F-49ED-BB15-9B0C6E118624}
FDBS Direct E-Claims - Medicare NoCal-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\NHNCFULL.INF, DefaultUninstall.ntx86
Fitznik 1.00-->"C:\Program Files\Fitznik\unins000.exe"
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Harry Potter and the Goblet of Fire™-->C:\Program Files\Electronic Arts\Harry Potter and the Goblet of Fire\EAUninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hoyle Casino 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{224C47F4-CB95-406C-8AD6-81002FEED0CF}
Hoyle Games Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
hp CQLK mini labels-->MsiExec.exe /X{712DB270-D86C-4EEB-87BF-497C82C679CF}
hp CQLK square labels-->MsiExec.exe /X{704706EB-35D1-43D8-B0FF-785FBF6F5C92}
hp custom quilt label kit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{043AFB25-7CB2-48D3-B0AF-9F4580EDF319}\Setup.exe" -l0x9
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java Web Start-->"C:\Program Files\Java\jre1.5.0_05\bin\uninst-javaws.exe"
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Just Claims HCFA-1500 5.11-->C:\PROGRA~1\MediSoft\JUSTCL~1\UNWISE.EXE C:\PROGRA~1\MediSoft\JUSTCL~1\JCHCFA.LOG
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
MediSoft Patient Accounting 5.66-->C:\Program Files\MediSoft\Bin\UNWISE.EXE C:\PROGRA~1\MediSoft\Bin\impasu.log
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Express Edition (MVE_INSTANCE)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
My Vision Express-->C:\Program Files\InstallShield Installation Information\{6AABAE03-343D-46D3-80C7-57F6896FCB42}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PC-Linq-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808FAA20-4C3A-11D4-8A57-00201853C903}\Setup.exe"
PE Builder 3.1.10a-->"C:\Program Files\pebuilder3110a\unins000.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken Deluxe 99-->C:\WINDOWS\IsUninst.exe -fC:\QUICKENW\Uninst.isu
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Quilting Designs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A489F1E3-DBB7-4D44-AE9E-B45DC807DD38}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Screen Shot Deluxe 8-->C:\Program Files\Broderbund\Screen Shot Deluxe 8\HprUnInst.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Simple Sudoku 4.0-->"C:\Program Files\Simple Sudoku\unins000.exe"
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
Snoodoku for Windows Version 1.0-->"C:\Program Files\Snoodoku\unins000.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins003.exe" /Log="C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Uninstall.txt"
The Hobbit(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{023FFB0A-C5DB-4930-B3E4-D48266C21738}
The Print Shop Premier Edition 5.0-->C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\psfinst.dll"
The Print Shop PressWriter 1.5-->C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop PressWriter 1.5\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop PressWriter 1.5\psfinst.dll"
The Print Shop® 6.0-->C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~2.0\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~2.0\psfinst.dll"
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar-->C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\twcINSTALL.LOG
Turbocharge Your Photos HP Idea Kit-->C:\HP-TUR~1\UNWISE.EXE C:\HP-TUR~1\INSTALL.LOG
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Weather Services-->C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~2\FRAMEW~1\wxfw.cpl,4
Webshots Desktop-->"C:\Program Files\AGI\common\bootstrapper.exe" -uninstall"\"C:/Program Files/AGI/Python25\pythonw.exe\" \"C:\Program Files\AGI\common\pyagcore\installer.pyc\" -u WebshotsDesktop"
Webshots Toolbar-->"C:\Program Files\AGI\common\bootstrapper.exe" -uninstall"\"C:/Program Files/AGI/Python25\pythonw.exe\" \"C:\Program Files\AGI\common\pyagcore\installer.pyc\" -u WebshotsToolbar"
WildTangent Games-->"C:\Program Files\WildGames\Uninstall.exe"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
WinDates-->C:\PROGRA~1\WinDates\unwise.exe C:\PROGRA~1\WinDates\install.log
Window Washer-->C:\WINDOWS\Unwash6.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AVG Anti-Virus Free
AV:
FW:
FW: ZoneAlarm Firewall (disabled)

======System event log======

Computer Name: LINDA2006
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 54889
Source Name: Service Control Manager
Time Written: 20090426081331.000000-420
Event Type: error
User:

Computer Name: LINDA2006
Event Code: 7000
Message: The Symantec Core LC service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 54888
Source Name: Service Control Manager
Time Written: 20090426081331.000000-420
Event Type: error
User:

Computer Name: LINDA2006
Event Code: 5
Message: Error loading Symantec real time Anti-Virus driver.

Record Number: 54885
Source Name: SRTSP
Time Written: 20090426081210.000000-420
Event Type: error
User:

Computer Name: LINDA2006
Event Code: 4
Message: Error loading virus definitions.

Record Number: 54884
Source Name: SRTSP
Time Written: 20090426081210.000000-420
Event Type: error
User:

Computer Name: LINDA2006
Event Code: 1005
Message: Unable to load settings file. Using default settings for real time protection.

Record Number: 54883
Source Name: SRTSP
Time Written: 20090426081210.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: LINDA2006
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MVE_INSTANCE is not valid.

Record Number: 68716
Source Name: SQLBrowser
Time Written: 20090602172410.000000-420
Event Type: warning
User:

Computer Name: LINDA2006
Event Code: 1517
Message: Windows saved user LINDA2006\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 68701
Source Name: Userenv
Time Written: 20090601220830.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LINDA2006
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MVE_INSTANCE is not valid.

Record Number: 68663
Source Name: SQLBrowser
Time Written: 20090601171510.000000-420
Event Type: warning
User:

Computer Name: LINDA2006
Event Code: 1517
Message: Windows saved user LINDA2006\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 68659
Source Name: Userenv
Time Written: 20090531222043.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LINDA2006
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MVE_INSTANCE is not valid.

Record Number: 68632
Source Name: SQLBrowser
Time Written: 20090531073801.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"VERSION"=3.0.5.001
"SESSIONID"=1147375801487htx606015d4f45:10b422c2884:5c42
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\radF7F40.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-09 14:58:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 188 GB (82%) free of 230 GB
Total RAM: 958 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:52 PM, on 8/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "C:\WINDOWS\ARPWRMSG.EXE"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203896119703
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 11333 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\wrSpySweeper_LAD2BD3EA63974ACFA30B8F1899F96699.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
AGSearchHook Class - C:\Program Files\AGI\common\agcutils.dll [2009-08-09 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-25 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C17590D2-ECB4-4b15-8820-F58798DCC118} - Webshots Toolbar - C:\Program Files\Webshots\WSToolbar4IE.dll [2008-12-08 184320]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\WINDOWS\system32\TwcToolbarIe7.dll [2008-07-22 327680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-06 180269]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2004-08-09 10752]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-11 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-05-13 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-09 15360]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe [2005-11-11 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe [2005-11-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe [2005-11-01 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Metrics]
C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe [2003-06-24 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2003-05-04 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2003-05-04 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe [2007-08-09 1261384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-03-07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
C:\PROGRA~1\Webshots\Launcher.exe [2008-12-08 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3
"RemoteRegistry"=2
"RDSessMgr"=3
"Netlogon"=3
"mnmsrvc"=3
"Fax"=3
"FastUserSwitchingCompatibility"=3
"ERSvc"=2
"CiSvc"=3
"CCALib8"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-08 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\system32\srrstr.dl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\c200ecd5c1f9cef1.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\c200ecd5c1f9cef1.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

30044-07-10 03:13:59 ----A---- C:\WINDOWS\system32\JJ59.DLL
2009-08-09 14:38:47 ----D---- C:\rsit
2009-08-06 21:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-06 21:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-06 18:52:14 ----D---- C:\Program Files\ERUNT
2009-08-06 09:14:06 ----D---- C:\Program Files\Trend Micro
2009-08-05 19:33:30 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-05 19:33:26 ----D---- C:\Program Files\MSBuild
2009-08-05 19:33:18 ----D---- C:\Program Files\Reference Assemblies
2009-08-05 19:32:32 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-05 19:32:31 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-05 19:32:31 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-05 19:32:30 ----D---- C:\d525fd5878f5e118a9e1d518496e
2009-08-05 19:32:13 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-05 19:28:42 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-05 19:20:51 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-05 17:29:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-05 17:28:57 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-05 17:28:30 ----D---- C:\Program Files\Lavasoft
2009-08-05 17:28:30 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-05 10:28:15 ----D---- C:\Program Files\Enigma Software Group
2009-08-03 20:47:10 ----D---- C:\Program Files\Electric Quilt Company
2009-08-01 17:22:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Canon
2009-08-01 17:22:03 ----D---- C:\Documents and Settings\All Users\Application Data\PhotoStitch
2009-07-24 13:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-24 13:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-24 13:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-09 14:58:44 ----HD---- C:\$AVG8.VAULT$
2009-08-09 14:58:44 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 14:56:31 ----D---- C:\Program Files\Mozilla Firefox
2009-08-09 14:54:53 ----D---- C:\WINDOWS\Temp
2009-08-09 14:51:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 14:50:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-09 14:20:35 ----D---- C:\My Download Files
2009-08-09 13:53:11 ----HD---- C:\Config.Msi
2009-08-09 13:53:05 ----SHD---- C:\WINDOWS\Installer
2009-08-09 13:52:42 ----D---- C:\WINDOWS\system32
2009-08-09 13:52:42 ----D---- C:\Program Files\Motherboard Monitor 5
2009-08-09 13:52:05 ----D---- C:\Program Files\Microsoft Works
2009-08-09 13:52:01 ----D---- C:\Program Files\Microsoft Office
2009-08-09 13:46:38 ----D---- C:\Program Files
2009-08-09 13:46:23 ----D---- C:\WINDOWS\Prefetch
2009-08-09 13:39:25 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-07 09:00:48 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2009-08-07 08:54:44 ----AD---- C:\WINDOWS
2009-08-06 21:19:58 ----HD---- C:\WINDOWS\inf
2009-08-06 21:19:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-06 21:19:38 ----D---- C:\WINDOWS\system32\dllcache
2009-08-06 21:19:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-06 21:19:21 ----A---- C:\WINDOWS\imsins.BAK
2009-08-05 20:36:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-05 20:36:04 ----RSD---- C:\WINDOWS\assembly
2009-08-05 19:37:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-05 19:36:59 ----D---- C:\WINDOWS\WinSxS
2009-08-05 19:33:25 ----D---- C:\WINDOWS\system32\en-US
2009-08-05 19:33:23 ----SD---- C:\WINDOWS\Fonts
2009-08-05 19:33:03 ----D---- C:\WINDOWS\system32\spool
2009-08-05 19:29:57 ----D---- C:\Program Files\Internet Explorer
2009-08-05 17:30:06 ----SD---- C:\WINDOWS\Tasks
2009-08-04 20:13:27 ----A---- C:\WINDOWS\Quicken.ini
2009-08-04 16:05:04 ----D---- C:\Program Files\DesignPro
2009-08-03 10:59:15 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\U3
2009-08-02 14:52:37 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2009-08-02 14:50:57 ----A---- C:\WINDOWS\ais.ini
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-08 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-05 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-06-05 28928]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-10-20 1095009]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-09 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-13 1313792]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2005-07-28 156800]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-09 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-30 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
R3 Wdm1;USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc.sys [2001-01-08 15576]
S1 3d1dcc16cfc2205;3d1dcc16cfc2205; C:\WINDOWS\system32\DRIVERS\3d1dcc16cfc2205.sys []
S1 c200ecd5c1f9cef1;c200ecd5c1f9cef1; C:\WINDOWS\system32\DRIVERS\c200ecd5c1f9cef1.sys [2009-08-09 81920]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 efipsk;efipsk; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090215.002\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090215.002\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090212.001\SymIDSCo.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480]
S3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-06-05 155648]
R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-12-08 10240]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13 376832]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-08 298776]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2009-04-21 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-06-13 1205760]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe []
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 388936]

-----------------EOF-----------------

1. I only use AVG Free anti-virus. Symantec was removed (or so I thought) many months ago. It evidently has left something behind. How do I get rid of it?

2. I don't use any of the registry cleaners, they are left over from someone before. How do I get rid of them?

Let's get you clean, and then we'll look at removing those.


----------------------------------------------------------------------------------------
Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
Combofix Log
How are things running now ?

I hope the logs show success. AVG scan just done was clear, no signs of the recurring infection. Here are the other logs.

Malwarebytes' Anti-Malware 1.40
Database version: 2590
Windows 5.1.2600 Service Pack 2

8/10/2009 10:08:11 AM
mbam-log-2009-08-10 (10-08-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278422
Time elapsed: 1 hour(s), 28 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\c200ecd5c1f9cef1 (Rootkit.Omexo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\c200ecd5c1f9cef1 (Rootkit.Omexo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\c200ecd5c1f9cef1 (Rootkit.Omexo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\c200ecd5c1f9cef1 (Rootkit.Omexo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0029967.sys (Rootkit.Omexo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0030013.sys (Rootkit.Omexo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0032010.sys (Rootkit.Omexo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\c200ecd5c1f9cef1.sys (Rootkit.Omexo) -> Quarantined and deleted successfully.


ComboFix 09-08-10.01 - HP_Administrator 08/10/2009 15:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.404 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\recycler\S-1-5-21-527237240-179605362-725345543-500

.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 15:15 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-04 23:05 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-03 17:59 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:10 . 2006-03-07 06:12 -------- d-----w- c:\program files\Java
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 03:42 . 2009-06-12 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 03:42 . 2009-06-12 03:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 22:39 . 2007-07-13 16:55 1563008 ----a-w- c:\windows\WRSetup.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-10 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-10 22:57 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S1 3d1dcc16cfc2205;3d1dcc16cfc2205;c:\windows\system32\DRIVERS\3d1dcc16cfc2205.sys --> c:\windows\system32\DRIVERS\3d1dcc16cfc2205.sys [?]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
S3 efipsk;efipsk;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-09 c:\windows\Tasks\wrSpySweeper_LAD2BD3EA63974ACFA30B8F1899F96699.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-03 22:40]

2009-08-09 c:\windows\Tasks\wrSpySweeper_LAD2BD3EA63974ACFA30B8F1899F96699.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-03 22:40]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-PCDrProfiler - (no file)
Notify-dimsntfy - (no file)
SafeBoot-c200ecd5c1f9cef1.sys
SafeBoot-svcWRSSSDK


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 15:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-08-10 16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 23:13

Pre-Run: 196,850,659,328 bytes free
Post-Run: 196,801,794,048 bytes free

274 --- E O F --- 2009-08-07 04:19

Information

It looks like Uniblue has already been uninstalled :)

----------------------------------------------------------------------------------------
Step 1
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below

ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


Driver::
3d1dcc16cfc2205
LiveUpdate Notice
efipsk
SysProtDrv.sys
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------------------------------------
Step 2

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
ActiveScan Log
How are things running now ?




---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs.
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.

J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Web Start
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Now close the Control Panel.


Remove Norton

Please click HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=) and follow the instructions to download and run the norton removal tool

I downloaded the updated Combofix.exe as instructed. It ran well and made a log. However, I now cannot connect with the Internet and using the instructions for manually fixing it are not working. The error states it cannot repair the connection because it cannot renew the IP address. So how do I fix this? I can't send any logs to you until it is fixed. (I am using my husband's computer to send this.) Thank you so much for what you have done so far.

Click Start>>Run.
In the Run box copy/paste:

devmgmt.msc


then click OK.

Click the +/- symbol next to Network Adapters.
This should show you a list of installed network adapters, controllers etc.
Do any have question marks/exclamation marks etc. next to them?

No, no exclamation marks or questions marks.

1394 Net Adapter.........properties states working properly
Realteck RTL8139.........properties states working properly
Wireless LAN PCI 802.11 b/g..........disabled (I don't use wireless anyway)

Next????

Please run Combofix again

ComboFix 09-08-10.06 - HP_Administrator 08/12/2009 8:49.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.480 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\NetworkService\AppData\Local\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\LocalService\AppData\Local\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\HP_Administrator\AppData\Local\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\temp
2009-08-12 16:02 . 2009-08-12 16:02 -------- d-----w- c:\documents and settings\Administrator\AppData\Local\temp
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\NetworkService\AppData
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\LocalService\AppData
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\HP_Administrator\AppData
2009-08-11 16:14 . 2009-08-11 16:14 -------- d-----w- c:\documents and settings\Administrator\AppData
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 04:35 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-11 16:56 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-03 17:59 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_22.59.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 15:46 . 2009-08-12 15:46 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2009-08-12 15:46 . 2009-08-12 15:46 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2005-08-30 21:02 . 2009-08-12 14:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 21:02 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-12 14:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 13:51 . 2009-08-12 14:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 180224 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 180224 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-10 22:55 . 2009-08-10 22:55 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-10 22:55 . 2009-08-10 22:55 6053888 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 6053888 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-11 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-11 15:02 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 09:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-12 9:07
ComboFix-quarantined-files.txt 2009-08-12 16:07
ComboFix2.txt 2009-08-11 16:14
ComboFix3.txt 2009-08-10 23:14

Pre-Run: 196,874,809,344 bytes free
Post-Run: 196,844,212,224 bytes free

264 --- E O F --- 2009-08-07 04:19

Do you have the Active Scan log ?
How are things running now ?

I still cannot connect to the internet, therefore I cannot download and run any of the other things you wanted me to. I was able to send the combofix.exe log only because I could put it on a flash drive and send it via my husband's computer. How do I get my internet connection back? "One step forward, two steps back" LOL!

Combofix created a fresh restore point before it ran.

Please open System Restore and find the most recent restore point and then move back one. ( you've run combofix since, so we need the second to last)
Restore that and see if that sorts the connection problem.

Restoring worked, I am back online. Now, do you want me to do all the things you suggested in post #9? Or something new? Thanks so much for hanging in there with me.

do you want me to do all the things you suggested in post #9? Or something new?
Something new I think, it didn't work out so well last time :D:


Thanks so much for hanging in there with me.
Thank you for sticking with me :bigthumb:

Let's do this step by step.

Download a fresh copy of Combofix and run that. Then do the following

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.

Can you send me the link for the fresh copy of combofix.exe, or should I use the one in post #9?

The ones in post #9 are fine, it has been updated on those links :bigthumb:

Man! The Active scan took 5 hours!! See enclosed logs as requested.

ComboFix 09-08-10.06 - HP_Administrator 08/13/2009 16:07.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.400 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-13 05:11 . 2009-08-13 05:11 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 02:08 . 2009-08-13 02:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 02:06 . 2009-08-13 02:06 -------- d-----w- c:\program files\Common Files\Java
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 14:27 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-12 23:12 . 2006-03-07 06:12 -------- d-----w- c:\program files\Java
2009-08-12 23:08 . 2006-03-07 06:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 19:10 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-08-12 04:35 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 09:11 . 2004-08-09 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-08-09 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-09 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-09 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-09 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-09 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-09 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-09 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-09 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-09 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-09 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-09 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-09 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2004-08-09 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-09 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-09 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-09 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 11:50 . 2004-08-09 21:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-09 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2008-05-10 17:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-09 21:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_22.59.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 23:02 . 2009-08-13 23:02 16384 c:\windows\Temp\Perflib_Perfdata_8bc.dat
- 2006-03-07 06:09 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2006-03-07 06:09 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-05-25 05:40 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2007-05-25 05:40 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-05-10 17:57 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2008-05-10 17:56 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2008-05-10 17:57 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2008-05-10 17:57 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2008-05-10 17:57 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2008-05-10 17:57 . 2004-08-09 21:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-05-10 17:57 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-05-10 17:57 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 58880 c:\windows\system32\dllcache\atl.dll
- 2005-08-30 21:02 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 21:02 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-10 22:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-05-03 03:12 . 2009-08-13 05:16 23040 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 23040 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 27136 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 27136 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 11264 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 11264 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 12288 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 12288 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-10 17:57 . 2004-08-09 21:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2008-05-10 17:57 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 4096 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 4096 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2004-08-09 21:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-09 21:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-05-10 17:56 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-05-10 17:56 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-05-10 17:57 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2008-05-10 17:57 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2008-05-10 17:57 . 2004-08-09 21:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2008-05-10 17:57 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2008-05-10 17:57 . 2004-08-09 21:00 225280 c:\windows\system32\dllcache\mqoa.dll
- 2008-05-10 17:57 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2008-05-10 17:57 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2006-05-03 03:12 . 2009-07-24 20:54 409600 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 409600 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 286720 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 286720 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 249856 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 249856 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 794624 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 794624 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-05-03 03:12 . 2009-07-24 20:54 135168 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-05-03 03:12 . 2009-08-13 05:16 135168 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-11 15:49 . 2008-05-11 15:49 464272 c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-11 15:49 . 2009-08-11 15:49 180224 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\ntuser.dat
+ 2009-08-11 15:49 . 2009-08-11 15:49 241664 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2009-08-13 05:15 . 2009-08-13 05:15 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-02-18 05:10 . 2009-08-13 02:09 4433484 c:\windows\system32\Restore\rstrlog.dat
+ 2008-05-10 17:57 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 5518848 c:\windows\Installer\aa68b9.msp
+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\aa68a5.msp
+ 2007-05-10 20:45 . 2007-05-10 20:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2009-08-11 15:49 . 2009-08-11 15:49 6053888 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
+ 2004-08-09 21:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2006-04-19 04:50 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2004-08-09 21:00 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\aa68a6.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-13 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-13 23:02 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S1 3d1dcc16cfc2205;3d1dcc16cfc2205;c:\windows\system32\DRIVERS\3d1dcc16cfc2205.sys --> c:\windows\system32\DRIVERS\3d1dcc16cfc2205.sys [?]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
S3 efipsk;efipsk;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 16:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-13 16:22
ComboFix-quarantined-files.txt 2009-08-13 23:22
ComboFix2.txt 2009-08-12 16:07
ComboFix3.txt 2009-08-11 16:14
ComboFix4.txt 2009-08-10 23:14

Pre-Run: 196,236,001,280 bytes free
Post-Run: 196,221,538,304 bytes free

361 --- E O F --- 2009-08-13 05:16


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-13 21:08:15
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00024402 Exploit/iFrame HackTools No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\Mail\Local Folders\Trash[~0000006.~]
00024402 Exploit/iFrame HackTools No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\Mail\Local Folders\Trash[~0000006.~]
00029926 Dialer.Gen Dialers No 0 No No C:\Program Files\PaperPort 9 Deluxe CD\Other\PagisConverter\ENGLISH\data1.cab[convproc.exe]
00051983 adware/sbsoft Adware No 0 Yes No hkey_classes_root\toolband.toolbandobj.1
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[servedby.advertising.com/]
00155988 adware/fastlook Adware No 0 Yes No hkey_local_machine\software\classes\toolband.toolbandobj.1
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\cookies.txt[.com.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[counter.hitslink.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[server.iad.liveperson.net/hc/63235071]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[server.iad.liveperson.net/hc/63235071]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\HP_Administrator\My Documents\Uploads\misc\stress~11.exe
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.bravenet.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.did-it.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Bob's Backup2\Owner\Application Data\Mozilla\Profiles\default\ka7wcxhu.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Bob's Backup\Profiles\default\ka7wcxhu.slt\cookies.txt[.atwola.com/]
00373274 W32/Nurech.A.worm Virus No 1 Yes No C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Profiles\default\a0q6hzm4.slt\Mail\incoming.verizon.net\Inbox[Postcard.exe]
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00487624 Trj/Banker.LNO Virus/Trojan No 1 Yes No C:\hp\recovery\wizard\SWR_Wizard.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0032050.sys
00967264 Trj/Agent.MFH Virus/Trojan No 0 Yes No C:\My Download Files\Games\penguinpuzzlesetup.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0032108.sys
03983016 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Updates from HP\9972322\Program\Interop.SHDocVw.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\My Download Files\Screensavers\flower scrsvr.exe
No C:\My Download Files\Utilities\LeakTest.exe
No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP183\A0029974.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
108738 HIGH MS06-004
;===================================================================================================================================================================================

There is nothing much to worry about in that Active Scan log, just some leftovers we can remove in the final clear up.
You should empty you E-mail client folders though, there look to be some infected items in there.


----------------------------------------------------------------------------------------
Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
c:\windows\system32\JJ59.DLL
Click Submit/Send File

When the scan has finished, you can copy the URL from the browser address window and paste it in your reply.

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)


----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware
Let's have a fresh scan with MBAM since it's been a couple of days

Start MalwareBytes AntiMalware

Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update

When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Step 3

Download and Run Registry Search
Download (LINK >>>) Registry Search (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip) (<<< LINK) to your desktop.

Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
Open the new folder, and double click on regsearch.exe
In the top window copy/paste the following line/s
3d1dcc16cfc2205
efipsk
Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
Please save the text file at you desktop and call it found-entries.

Paste the results in your reply

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Virus Total Log
MalwareBytes Log
Registry Search Log
How are things running now ?

Sorry for the delay, school has started and I am teaching all day. I can only follow up in the evenings.

http://www.virustotal.com/analisis/3dbde80070adbf0585d208562718101fc67231cd01b9379f160d0616209c067c-1250301820


Malwarebytes' Anti-Malware 1.40
Database version: 2628
Windows 5.1.2600 Service Pack 2

8/14/2009 9:21:29 PM
mbam-log-2009-08-14 (21-21-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 279133
Time elapsed: 1 hour(s), 36 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 8/14/2009 9:28:34 PM for strings:
; '3d1dcc16cfc2205'
; 'efipsk'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EFIPSK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00
"DisplayName"="3d1dcc16cfc2205"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3d1dcc16cfc2205\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\efipsk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\efipsk]
; Contents of value:
; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,4f,00,43,00,\
55,00,4d,00,45,00,7e,00,31,00,5c,00,48,00,50,00,5f,00,41,00,44,00,4d,00,7e,\
00,31,00,5c,00,4c,00,4f,00,43,00,41,00,4c,00,53,00,7e,00,31,00,5c,00,54,00,\
65,00,6d,00,70,00,5c,00,65,00,66,00,69,00,70,00,73,00,6b,00,2e,00,73,00,79,\
00,73,00,00,00
"DisplayName"="efipsk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\efipsk\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_EFIPSK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00
"DisplayName"="3d1dcc16cfc2205"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\3d1dcc16cfc2205\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\efipsk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\efipsk]
; Contents of value:
; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,4f,00,43,00,\
55,00,4d,00,45,00,7e,00,31,00,5c,00,48,00,50,00,5f,00,41,00,44,00,4d,00,7e,\
00,31,00,5c,00,4c,00,4f,00,43,00,41,00,4c,00,53,00,7e,00,31,00,5c,00,54,00,\
65,00,6d,00,70,00,5c,00,65,00,66,00,69,00,70,00,73,00,6b,00,2e,00,73,00,79,\
00,73,00,00,00
"DisplayName"="efipsk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\efipsk\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EFIPSK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3d1dcc16cfc2205]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3d1dcc16cfc2205]
; Contents of value:
; system32\DRIVERS\3d1dcc16cfc2205.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,33,00,64,00,31,00,64,00,63,00,63,\
00,31,00,36,00,63,00,66,00,63,00,32,00,32,00,30,00,35,00,2e,00,73,00,79,00,\
73,00,00,00
"DisplayName"="3d1dcc16cfc2205"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3d1dcc16cfc2205\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efipsk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efipsk]
; Contents of value:
; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\efipsk.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,44,00,4f,00,43,00,\
55,00,4d,00,45,00,7e,00,31,00,5c,00,48,00,50,00,5f,00,41,00,44,00,4d,00,7e,\
00,31,00,5c,00,4c,00,4f,00,43,00,41,00,4c,00,53,00,7e,00,31,00,5c,00,54,00,\
65,00,6d,00,70,00,5c,00,65,00,66,00,69,00,70,00,73,00,6b,00,2e,00,73,00,79,\
00,73,00,00,00
"DisplayName"="efipsk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\efipsk\Security]

; End Of The Log...


Am I looking better? Things seem to be working OK, although still slow.

Am I looking better? Things seem to be working OK, although still slow.

There are still a few items that shouldn't be there, but it doesn't look like anything is active.




Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



KillAll::
Driver::
3d1dcc16cfc2205
efipsk
Registry::
[-hkey _classes_root\toolband.toolbandobj.1]
[-hkey_local_machine\software\classes\toolband.toolbandobj.1]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\3d1dcc16cfc2205.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\3d1dcc16cfc2205.sys]
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Question:

Am I safe enough to pay bills and do patient insurance billing for my husband yet?


ComboFix 09-08-10.06 - HP_Administrator 08/15/2009 9:28.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.432 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EFIPSK
-------\Service_3d1dcc16cfc2205
-------\Service_efipsk


((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

30044-07-10 10:13 . 30044-07-10 10:13 3120 ----a-w- c:\windows\system32\JJ59.DLL
2009-08-13 23:40 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-13 23:40 . 2009-08-13 23:40 -------- d-----w- c:\program files\Panda Security
2009-08-13 05:11 . 2009-08-13 05:11 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 02:08 . 2009-08-13 02:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 02:06 . 2009-08-13 02:06 -------- d-----w- c:\program files\Common Files\Java
2009-08-10 15:25 . 2009-08-10 15:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 15:24 . 2009-08-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 15:24 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:38 . 2009-08-09 21:58 -------- d-----w- C:\rsit
2009-08-07 01:52 . 2009-08-07 01:52 -------- d-----w- c:\program files\ERUNT
2009-08-06 16:14 . 2009-08-06 16:14 -------- d-----w- c:\program files\Trend Micro
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\MSBuild
2009-08-06 02:33 . 2009-08-06 02:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 02:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 02:32 . 2009-08-06 02:33 -------- d-----w- C:\d525fd5878f5e118a9e1d518496e
2009-08-06 02:32 . 2009-08-06 02:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-06 02:20 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 00:29 . 2009-08-06 00:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 00:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 00:28 . 2009-08-06 00:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 00:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 00:28 . 2009-08-06 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-06 00:28 . 2009-08-06 00:28 -------- d-----w- c:\program files\Lavasoft
2009-08-05 17:28 . 2009-08-06 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-08-04 03:47 . 2009-08-04 03:47 -------- d-----w- c:\program files\Electric Quilt Company
2009-08-02 00:22 . 2009-08-02 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-08-02 00:22 . 2009-08-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 04:51 . 2008-01-10 03:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-12 23:12 . 2006-03-07 06:12 -------- d-----w- c:\program files\Java
2009-08-12 23:08 . 2006-03-07 06:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 19:10 . 2006-06-17 02:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-08-12 04:35 . 2006-05-09 01:37 -------- d-----w- c:\program files\DesignPro
2009-08-10 22:42 . 2006-03-07 06:44 154120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 20:52 . 2007-06-14 02:40 -------- d-----w- c:\program files\Motherboard Monitor 5
2009-08-09 20:52 . 2006-03-07 06:54 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 09:11 . 2004-08-09 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 04:32 . 2009-02-20 04:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 22:40 . 2009-02-20 04:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-08-09 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-09 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-09 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-09 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-09 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-09 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-09 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-09 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-09 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-09 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-09 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-09 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2004-08-09 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-09 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-09 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-09 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-09 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:30 . 2009-05-10 16:59 164 ----a-w- c:\windows\install.dat
2009-06-13 05:09 . 2009-06-13 05:09 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 11:50 . 2004-08-09 21:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-09 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2008-05-10 17:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-09 21:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2008-11-23 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2006-04-12 01:47 . 2006-04-12 01:47 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-08-13_23.17.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-30 21:02 . 2009-08-15 16:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 21:02 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-15 16:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-08-15 16:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 13:51 . 2009-08-13 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 180224 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-15 16:41 . 2009-08-15 16:41 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-04-17 15:59 . 2009-04-17 15:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2009-08-15 16:41 . 2009-08-15 16:41 6053888 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2009-08-15 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2009-08-15 16:43 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 20:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"UserFaultCheck"="c:\windows\system32\dumprep.exe" [2004-08-09 10752]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"CCALib8"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/5/2009 5:29 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/13/2009 4:40 PM 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/19/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/19/2009 9:57 PM 108552]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [12/8/2008 9:38 PM 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 9:57 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/26/2008 5:17 PM 1205760]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/12/2006 3:58 PM 15576]
S2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 10:27 AM 21120]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\HP_Administrator\Desktop\SysProt\SysProtDrv.sys [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 9:33 PM 388936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.3.7504&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ul5m7iml.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-08-15 9:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-15 16:59
ComboFix2.txt 2009-08-13 23:22
ComboFix3.txt 2009-08-12 16:07
ComboFix4.txt 2009-08-11 16:14
ComboFix5.txt 2009-08-15 16:26

Pre-Run: 195,918,823,424 bytes free
Post-Run: 195,831,529,472 bytes free

312 --- E O F --- 2009-08-13 05:16
:)

Am I safe enough to pay bills and do patient insurance billing for my husband yet?

As safe as you ever will be :)


Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Thank you, thank you, thank you! I will follow your instructions for keeping safe. However, I noticed you have no recommendations for which anti-virus or firewall to install. Is my AVG Free OK or should I pay for one? Is the Windows firewall OK or should I go back to Zone Alarm? I do online banking and confidential patient medical insurance for my husband's practice. One more question: at the beginning I told you I was never successful at installing SP3 over a year ago, do you have any suggestions where I can go to get help with that?

Now I will be visiting the donation station..............

Keep well and keep saving all us web crawlers out there

Is my AVG Free OK or should I pay for one?
A paid AV is wise if you need the computer, because you normally get support in the price.
However, the free AV's I list below are very good

Paid AV list
Kaspersky (http://www.kaspersky.co.uk/)
ESET NOD32 (http://www.eset.co.uk/)

Free AV list ( Home users only)
Avast (http://www.avast.com/eng/products.html)
Avira AntiVir (http://www.free-av.com/)



Is the Windows firewall OK or should I go back to Zone Alarm?

Firewall
I try to avoid recommending firewalls, I feel they are a very personal choice ( amount of alerts versus level of security )
But here is some info for you
A third party firewall is much safer than the Windows basic firewall , as it stops malware that does get on your PC from contacting "home"
Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
It is recommended to have only one Firewall active.
Online Armor (http://www.tallemu.com/free-firewall-protection-software.html)
Outpost Firewall (http://www.agnitum.com/products/outpostfree/index.php)
Kerio Personal Firewall (http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/)



One more question: at the beginning I told you I was never successful at installing SP3 over a year ago, do you have any suggestions where I can go to get help with that?
Give it another try now, and if you still have problems visit one of the following "Tech" sites.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.
They all know me, so tell them I've given you the "All Clean"