View Full Version : Gamevance and entourage Malware party in my Registry. Please help! (Resolved)
HJT Logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:09 PM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {436ba4ed-a0bb-43de-9c61-cac48c8d4297} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72A0B210-AAB5-4910-9022-9B959E20D3C1} - C:\WINDOWS\system32\ssqRJYQg.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (file missing)
O2 - BHO: (no name) - {D4ADEB33-E7A8-4DC7-8A47-EC93580D0C98} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [jijuzozebe] Rundll32.exe "C:\WINDOWS\system32\midamuhi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jijuzozebe] Rundll32.exe "C:\WINDOWS\system32\midamuhi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: inomhs.dll rvesfr.dll skxauz.dll wrxbze.dll vwwxei.dll khrxna.dll oyfmsd.dll c:\windows\system32\jopuwive.dll sggupe.dll ulvhrp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: yayvVPFw - yayvVPFw.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9351 bytes
Thanks in advance for your time and help!
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
eMule
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
----------------------------------------------------------------------------------------
Step 1
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
----------------------------------------------------------------------------------------
Step 2
SysProt Antirootkit
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).
http://sites.google.com/site/sysprotantirootkit/
Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab. In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
RSIT Logs
SysProt Log
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-07 15:41:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (18%) free of 229 GB
Total RAM: 1982 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:08 PM, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iTunes\iTunesSongkickHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {436ba4ed-a0bb-43de-9c61-cac48c8d4297} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72A0B210-AAB5-4910-9022-9B959E20D3C1} - C:\WINDOWS\system32\ssqRJYQg.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (file missing)
O2 - BHO: (no name) - {D4ADEB33-E7A8-4DC7-8A47-EC93580D0C98} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [jijuzozebe] Rundll32.exe "C:\WINDOWS\system32\midamuhi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jijuzozebe] Rundll32.exe "C:\WINDOWS\system32\midamuhi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: inomhs.dll rvesfr.dll skxauz.dll wrxbze.dll vwwxei.dll khrxna.dll oyfmsd.dll c:\windows\system32\jopuwive.dll sggupe.dll ulvhrp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: yayvVPFw - yayvVPFw.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9456 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2366486218-1920246484-2581568852-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2366486218-1920246484-2581568852-1007UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}]
Gamevance - C:\Program Files\Gamevance\gamevancelib32.dll [2009-07-07 108032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{436ba4ed-a0bb-43de-9c61-cac48c8d4297}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A0B210-AAB5-4910-9022-9B959E20D3C1}]
C:\WINDOWS\system32\ssqRJYQg.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}]
Gamevance Text - C:\Program Files\Gamevance\gvtl.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4ADEB33-E7A8-4DC7-8A47-EC93580D0C98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2008-11-02 548864]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-27 1948440]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-09-30 485208]
"Monitor"=C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2009-02-04 356352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Gamevance"=C:\Program Files\Gamevance\gamevance32.exe a []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-16 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe nogui []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
ftutil2.dll,SetWriteCacheMode []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2004-01-05 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2005-02-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-26 185872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2007-01-10 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2
"SPBBCSvc"=3
"SNDSrvc"=3
"SAVScan"=3
"NSCService"=3
"navapsvc"=2
"LightScribeService"=2
"iPod Service"=3
"ccSetMgr"=2
"ccProxy"=2
"ccISPwdSvc"=3
"ccEvtMgr"=2
"Apple Mobile Device"=2
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="inomhs.dll rvesfr.dll skxauz.dll wrxbze.dll vwwxei.dll khrxna.dll oyfmsd.dll c:\windows\system32\jopuwive.dll sggupe.dll ulvhrp.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-27 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvVPFw]
yayvVPFw.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqRJYQg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\HP_Administrator\Desktop\Matt\mIRC\mirc.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Matt\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5e15694-2cf3-11de-b24d-806d6172696f}]
shell\AutoRun\command - E:\autoplay.exe
======List of files/folders created in the last 1 months======
2009-08-07 15:41:48 ----D---- C:\rsit
2009-08-07 15:16:42 ----D---- C:\WINDOWS\ERDNT
2009-08-06 15:50:19 ----D---- C:\Program Files\ERUNT
2009-08-06 00:03:18 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-06 00:03:18 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-06 00:03:17 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-06 00:03:17 ----D---- C:\9d9fd353fdba3dfbc59736335b47
2009-08-05 23:42:20 ----D---- C:\91412183513c547a9014
2009-08-05 23:42:16 ----D---- C:\83404f999f6f9115091c4fe7
2009-08-05 15:43:15 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-08-05 15:43:14 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-08-05 15:43:12 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-08-05 15:43:12 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-08-05 15:43:10 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-08-05 15:43:10 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-08-05 15:43:07 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-08-05 15:36:52 ----A---- C:\WINDOWS\lgfwup.txt
2009-08-04 15:48:11 ----D---- C:\Program Files\Myth II
2009-08-04 15:30:05 ----A---- C:\WINDOWS\system32\WING.DLL
2009-08-02 13:31:07 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-08-02 13:31:02 ----D---- C:\Program Files\WinZip
2009-07-22 10:53:20 ----D---- C:\Program Files\CONEXANT
2009-07-19 14:05:10 ----A---- C:\Program Files\sh30w32.dll
2009-07-19 14:05:08 ----A---- C:\Program Files\readme.txt
2009-07-15 11:25:49 ----D---- C:\WINDOWS\system32\backup
2009-07-15 11:25:49 ----D---- C:\Program Files\DKXP
2009-07-15 11:19:04 ----A---- C:\WINDOWS\system32\Unstall.exe
2009-07-15 10:55:49 ----D---- C:\Program Files\DK Interactive Learning
2009-07-15 10:46:29 ----D---- C:\Program Files\DK Multimedia
2009-07-15 10:45:28 ----D---- C:\~QTWTMP.TMP
2009-07-15 10:45:25 ----A---- C:\WINDOWS\qtw.ini
2009-07-15 10:37:41 ----A---- C:\WINDOWS\mbjr.ini
2009-07-15 10:37:37 ----D---- C:\MBJR
2009-07-15 10:37:37 ----A---- C:\WINDOWS\system32\SH30W16.DLL
2009-07-15 00:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 00:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 00:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-10 12:55:45 ----D---- C:\Program Files\iPod
2009-07-10 12:52:16 ----D---- C:\Program Files\QuickTime
======List of files/folders modified in the last 1 months======
2009-08-07 15:41:43 ----D---- C:\WINDOWS\Prefetch
2009-08-07 15:37:36 ----D---- C:\Program Files\eMule
2009-08-07 15:19:08 ----D---- C:\WINDOWS\Temp
2009-08-07 15:18:22 ----D---- C:\WINDOWS\Registration
2009-08-07 15:18:19 ----D---- C:\Program Files\Mozilla Firefox
2009-08-07 15:17:02 ----AD---- C:\WINDOWS
2009-08-07 15:16:35 ----D---- C:\Program Files\lg_fwupdate
2009-08-07 15:16:34 ----A---- C:\WINDOWS\lgfwup.ini
2009-08-07 00:00:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-06 16:01:08 ----RSD---- C:\WINDOWS\assembly
2009-08-06 15:58:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-06 15:52:48 ----D---- C:\Program Files\Trend Micro
2009-08-06 15:50:19 ----RD---- C:\Program Files
2009-08-06 15:24:49 ----D---- C:\WINDOWS\system32
2009-08-06 00:09:48 ----SHD---- C:\Config.Msi
2009-08-06 00:09:32 ----D---- C:\WINDOWS\WinSxS
2009-08-06 00:05:14 ----D---- C:\Program Files\Internet Explorer
2009-08-06 00:03:40 ----SHD---- C:\WINDOWS\Installer
2009-08-06 00:03:37 ----HD---- C:\WINDOWS\inf
2009-08-06 00:03:34 ----D---- C:\WINDOWS\system32\spool
2009-08-06 00:03:32 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-06 00:03:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-05 23:44:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-05 23:32:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 21:33:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-05 21:19:19 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2009-08-05 21:04:53 ----D---- C:\Program Files\Warcraft III
2009-08-05 15:43:16 ----D---- C:\WINDOWS\system32\DirectX
2009-08-05 12:13:11 ----HD---- C:\$AVG8.VAULT$
2009-08-04 15:30:05 ----D---- C:\WINDOWS\system
2009-07-29 23:39:42 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:56:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-28 15:53:36 ----D---- C:\Program Files\Gamevance
2009-07-22 10:53:20 ----D---- C:\WINDOWS\system32\drivers
2009-07-21 11:31:52 ----D---- C:\WSDemo
2009-07-21 11:30:38 ----D---- C:\Program Files\Sonic
2009-07-21 11:30:32 ----RD---- C:\Program Files\Common Files
2009-07-21 11:29:32 ----D---- C:\Python22
2009-07-21 11:27:55 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\NBC Direct
2009-07-21 11:27:55 ----D---- C:\Documents and Settings\All Users\Application Data\NBC Direct
2009-07-21 11:27:53 ----AD---- C:\Program Files\NBC Direct
2009-07-21 11:27:06 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-21 11:19:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-21 11:19:05 ----D---- C:\Program Files\muvee Technologies
2009-07-21 11:18:51 ----D---- C:\Program Files\Common Files\muvee Technologies
2009-07-21 11:15:50 ----D---- C:\Program Files\GemMaster
2009-07-21 11:14:08 ----D---- C:\Program Files\Scholastic
2009-07-21 11:13:43 ----D---- C:\Program Files\Sony
2009-07-21 11:09:09 ----D---- C:\Program Files\WindSolutions
2009-07-20 20:49:23 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 12:29:07 ----RSD---- C:\WINDOWS\Fonts
2009-07-18 11:22:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-18 11:22:17 ----D---- C:\Program Files\Common Files\Apple
2009-07-18 11:19:39 ----D---- C:\Program Files\Common Files\AOL
2009-07-18 11:19:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 11:17:56 ----A---- C:\WINDOWS\disney.ini
2009-07-17 21:05:57 ----D---- C:\Program Files\Pando Networks
2009-07-15 11:25:53 ----D---- C:\WINDOWS\AppPatch
2009-07-15 11:25:53 ----A---- C:\WINDOWS\WININIT.INI
2009-07-15 10:55:54 ----A---- C:\WINDOWS\SYSTEM.INI
2009-07-15 10:40:49 ----D---- C:\WINDOWS\Help
2009-07-15 00:25:34 ----A---- C:\WINDOWS\imsins.BAK
2009-07-10 12:56:23 ----D---- C:\Program Files\iTunes
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-27 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-17 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-27 298776]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2009-02-04 991232]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-13 272024]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-08-17 61440]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-07 15:42:11
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\1e1226f6ae744ea832300ff8ff4febe\Setup.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dorling Kindersley Application Database v1.4-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{abe7844e-4d49-4c7e-9d03-7329a6b9feac}.sdb"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
Gamevance-->C:\Program Files\Gamevance\gvun.exe
GBalph NDSMovie Converter V1.00-->MsiExec.exe /I{5B4F13B0-62C4-4F70-B9A6-3788196EC972}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{512A31DE-EA49-4AEC-AE64-AEF842DE8ABA}
LeapFrog Didj Plugin-->MsiExec.exe /X{6496A9D3-2693-4946-B5E4-11B7D92F8DD0}
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
M3 SAKURA V1.34 European Beta (GAME PATCH V4.2d)-->MsiExec.exe /I{5C3A1EBE-A856-49B7-A99C-05A596A306AB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Blaster Junior-->C:\WINDOWS\uninst.exe -f"C:\PROGRAM FILES\DeIsL1.isu"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIRC-->C:\Documents and Settings\HP_Administrator\Desktop\Matt\mIRC\uninstall.exe _?=C:\Documents and Settings\HP_Administrator\Desktop\Matt\mIRC
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Now I'm Reading!-->C:\WINDOWS\UNINST.EXE -r"DK Multimedia\Now I'm Reading!\0.01.00.0016" -n"Now I'm Reading!" -fC:\PROGRA~1\DKMULT~1\NOWI'M~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\NOWI'M~1\uninst.dll -oNT
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Songkicker iTunes Plug-in-->C:\Program Files\iTunes\iTunes_Songkicker_Uninstall.exe
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
USA Explorer-->C:\WINDOWS\UNINST.EXE -r"DK Interactive Learning\USA Explorer\1.0.01" -n"USA Explorer" -fC:\PROGRA~1\DKINTE~1\USAEXP~1\DeIsL1.isu -cC:\PROGRA~1\DKINTE~1\USAEXP~1\uninst.dll -oNT
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Wise Registry Cleaner 3 Free 3.92-->"C:\Program Files\Wise Registry Cleaner 3\unins000.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: LORICUS
Event Code: 1073
Message: The attempt to power off LORICUS failed
Record Number: 46345
Source Name: USER32
Time Written: 20090602135817.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: LORICUS
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 46325
Source Name: Service Control Manager
Time Written: 20090602112117.000000-420
Event Type: error
User:
Computer Name: LORICUS
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 46281
Source Name: Service Control Manager
Time Written: 20090601235237.000000-420
Event Type: error
User:
Computer Name: LORICUS
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 46252
Source Name: Service Control Manager
Time Written: 20090601152319.000000-420
Event Type: error
User:
Computer Name: LORICUS
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2
Record Number: 46231
Source Name: Service Control Manager
Time Written: 20090601102309.000000-420
Event Type: error
User:
=====Application event log=====
Computer Name: LORICUS
Event Code: 1000
Message: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module wuwogola.dll, version 0.0.0.0, fault address 0x00002642.
Record Number: 151
Source Name: Application Error
Time Written: 20090203163055.000000-480
Event Type: error
User:
Computer Name: LORICUS
Event Code: 1001
Message: Fault bucket 460526566.
Record Number: 148
Source Name: Application Error
Time Written: 20090203100119.000000-480
Event Type: error
User:
Computer Name: LORICUS
Event Code: 1004
Message: Faulting application winlogon.exe, version 0.0.0.0, faulting module yayvVPFw.dll, version 0.0.0.0, fault address 0x000056ec.
Record Number: 145
Source Name: Application Error
Time Written: 20090203100049.000000-480
Event Type: error
User:
Computer Name: LORICUS
Event Code: 1000
Message: Faulting application , version 0.0.0.0, faulting module yayvVPFw.dll, version 0.0.0.0, fault address 0x000056ec.
Record Number: 124
Source Name: Application Error
Time Written: 20090203011616.000000-480
Event Type: error
User:
Computer Name: LORICUS
Event Code: 1015
Message: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine
must now be restarted.
Record Number: 123
Source Name: Winlogon
Time Written: 20090203011611.000000-480
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 656
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 724
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 748
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 792
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 804
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 972
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1040
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1136
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1260
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1524
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 1820
Hidden: No
Window Visible: No
Name: C:\Program Files\lg_fwupdate\fwupdate.exe
PID: 1972
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PID: 1996
Hidden: No
Window Visible: No
Name: C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PID: 2004
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2012
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 216
Hidden: No
Window Visible: No
Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 316
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 468
Hidden: No
Window Visible: No
Name: C:\WINDOWS\arservice.exe
PID: 544
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 648
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\ehSched.exe
PID: 880
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1300
Hidden: No
Window Visible: No
Name: C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PID: 1780
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 1404
Hidden: No
Window Visible: No
Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 2148
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 2216
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 2228
Hidden: No
Window Visible: No
Name: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 2248
Hidden: No
Window Visible: No
Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2528
Hidden: No
Window Visible: No
Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 2648
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\dllhost.exe
PID: 3928
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 336
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 2568
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 2448
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 1324
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 208
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 3944
Hidden: No
Window Visible: No
Name: C:\Program Files\iTunes\iTunes.exe
PID: 1172
Hidden: No
Window Visible: No
Name: C:\Program Files\iTunes\iTunesSongkickHelper.exe
PID: 868
Hidden: No
Window Visible: No
Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3392
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\HP_Administrator\Desktop\SYSPROT\SysProt.exe
PID: 3740
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\HP_Administrator\Desktop\SYSPROT\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B28AC000
Module End: B28B7000
Hidden: No
Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BADA8000
Module End: BADAA000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BACB8000
Module End: BACBB000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: BA779000
Module End: BA7A7000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BADAA000
Module End: BADAC000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: BA768000
Module End: BA779000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA8A8000
Module End: BA8B2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA8B8000
Module End: BA8C8000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA8C8000
Module End: BA8D6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BAE70000
Module End: BAE71000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BAB28000
Module End: BAB2F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: BADAC000
Module End: BADAE000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: BADAE000
Module End: BADB0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA8D8000
Module End: BA8E3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: BA749000
Module End: BA768000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BADB0000
Module End: BADB2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: BA723000
Module End: BA749000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BAB30000
Module End: BAB35000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA8E8000
Module End: BA8F5000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: BA70B000
Module End: BA723000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA8F8000
Module End: BA901000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA908000
Module End: BA915000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: BA6EB000
Module End: BA70B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: BA6D9000
Module End: BA6EB000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA918000
Module End: BA921000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: BA6C2000
Module End: BA6D9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: BA635000
Module End: BA6C2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: BA608000
Module End: BA635000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: BA5EE000
Module End: BA608000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: BA9C8000
Module End: BA9D6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\aracpi.sys
Service Name: aracpi
Module Base: BAC40000
Module End: BAC46000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B96B8000
Module End: B9A18000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B96A4000
Module End: B96B8000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: BAC48000
Module End: BAC4D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B9680000
Module End: B96A4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BAC50000
Module End: BAC58000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA9D8000
Module End: BA9E3000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: BA9E8000
Module End: BA9F1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BA9F8000
Module End: BAA08000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BAA08000
Module End: BAA17000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B965D000
Module End: B9680000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BAA18000
Module End: BAA22000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: BAA28000
Module End: BAA38000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
Service Name: HSXHWBS2
Module Base: B9618000
Module End: B965D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
Service Name: HSX_DP
Module Base: B9521000
Module End: B9618000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsx
Module Base: B946B000
Module End: B9521000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: BAC58000
Module End: BAC60000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9443000
Module End: B946B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Service Name: nvnetbus
Module Base: BA5B6000
Module End: BA5BA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Service Name: ---
Module Base: B93F8000
Module End: B9443000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Service Name: ---
Module Base: B93C1000
Module End: B93F8000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\arpolicy.sys
Service Name: ARPolicy
Module Base: BA5B2000
Module End: BA5B5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BAEDE000
Module End: BAEDF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BAA38000
Module End: BAA45000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA5AE000
Module End: BA5B1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B93AA000
Module End: B93C1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BAA48000
Module End: BAA53000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: B9AA8000
Module End: B9AB4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BAC60000
Module End: BAC65000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B9399000
Module End: B93AA000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: B9A98000
Module End: B9AA1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BAC68000
Module End: BAC6D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BAC70000
Module End: BAC75000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B9369000
Module End: B9399000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B9A88000
Module End: B9A92000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BAC78000
Module End: BAC7E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BAC80000
Module End: BAC86000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BADEA000
Module End: BADEC000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B930B000
Module End: B9369000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA17A000
Module End: BA17E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Service Name: NVENETFD
Module Base: B9A78000
Module End: B9A81000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B9A68000
Module End: B9A72000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B9A48000
Module End: B9A57000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BADEE000
Module End: BADF0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: B60B2000
Module End: B64F3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B608E000
Module End: B60B2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B9A38000
Module End: B9A47000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BAE00000
Module End: BAE02000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BAF44000
Module End: BAF45000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BAE02000
Module End: BAE04000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BACA8000
Module End: BACAF000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: BACB0000
Module End: BACB6000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BAE04000
Module End: BAE06000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BAE06000
Module End: BAE08000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BAB40000
Module End: BAB45000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BAB80000
Module End: BAB88000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: BAD8C000
Module End: BAD8F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: B600B000
Module End: B601E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: B5FB2000
Module End: B600B000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: B5F99000
Module End: B5FB2000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: B5F73000
Module End: B5F99000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: B5F4B000
Module End: B5F73000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: BAA58000
Module End: BAA61000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: B5F29000
Module End: B5F4B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: BAA68000
Module End: BAA77000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: BAA78000
Module End: BAA81000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: B5E5E000
Module End: B5E89000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: B5DEE000
Module End: B5E5E000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: BAA98000
Module End: BAAA3000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: BAB88000
Module End: BAB8E000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: B5D9D000
Module End: B5DEE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: BAB90000
Module End: BAB98000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B9303000
Module End: B9306000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: BAAC8000
Module End: BAAD1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
Service Name: arhidfltr
Module Base: BAB98000
Module End: BAB9D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B92FF000
Module End: B9302000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
Service Name: armoucfltr
Module Base: BAE0C000
Module End: BAE0E000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B92F3000
Module End: B92F7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
Service Name: arkbcfltr
Module Base: BAE0E000
Module End: BAE10000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: BABA8000
Module End: BABAF000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: B5D51000
Module End: B5D75000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: BAAF8000
Module End: BAB08000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B5D39000
Module End: B5D51000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BAE32000
Module End: BAE34000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B6042000
Module End: B6045000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BABD0000
Module End: BABD5000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BAFF4000
Module End: BAFF5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B5315000
Module End: B5319000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B4064000
Module End: B4079000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B5229000
Module End: B5238000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B3D69000
Module End: B3D96000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B313C000
Module End: B317D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B3072000
Module End: B30C4000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: B311C000
Module End: B3120000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: B17C5000
Module End: B17F0000
Hidden: No
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: LORICUS:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING
Local Address: LORICUS:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING
Local Address: LORICUS:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1565
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1563
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1559
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1557
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1555
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1553
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1551
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1549
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1545
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: LORICUS:10080
Remote Address: LOCALHOST:1513
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING
Local Address: LORICUS:5152
Remote Address: LOCALHOST:1044
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT
Local Address: LORICUS:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: LORICUS:1563
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1559
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1557
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1555
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1553
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1551
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1549
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1513
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1374
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: CLOSE_WAIT
Local Address: LORICUS:1048
Remote Address: LOCALHOST:1047
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1047
Remote Address: LOCALHOST:1048
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1035
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: LORICUS:1027
Remote Address: LOCALHOST:1026
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1026
Remote Address: LOCALHOST:1027
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: LORICUS:1564
Remote Address: PW-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1560
Remote Address: 74.125.127.138:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1558
Remote Address: PW-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1556
Remote Address: PW-IN-F104.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1554
Remote Address: PW-IN-F104.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1552
Remote Address: PW-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1550
Remote Address: PW-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:1514
Remote Address: 63.135.88.78:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED
Local Address: LORICUS:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: LORICUS:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: LORICUS:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: LORICUS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: LORICUS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: LORICUS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: LORICUS:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: LORICUS:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: LORICUS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: LORICUS:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: LORICUS:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA
Local Address: LORICUS:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: LORICUS:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 01 - In the Flat Fie
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 02 - Rose Garden Fun
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 04 - The Man With X-
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 05 - Bela Lugosi is
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 06 - The Spy in the
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 12 - Terror Couple K
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 14 - In the Flat Fie
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 16 - Of Lillies and
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Bauhaus Discography - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 256K CBR MP3 [Kronstadt77]\Bauhaus - Press the Eject and Give Me the Tape - 17 - Waiting for the
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\01 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\02 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\03 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\04 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\05 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\06 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\07 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\08 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD1 [Live]\09 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\01 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\02 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\03 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\04 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\05 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\06 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\07 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\08 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Children Of Bodom[torrents.ru]\Children Of Bodom - Chaos Ridden Years Stockholm Knockout Live [live] (2006)\2006 - Chaos Ridden Years - Stockholm Knockout Live CD2 [Live]\09 - Children Of Bodom
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Die A¨rzte - 2003 - Gera¨usch V0
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Die A¨rzte - 2003 - Gera¨usch V0.1.torrent
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Ella Fitzgerald - The Complete Song Books [1993]\Ella Fitzgerald - The Complete Song Books (Disc 10) Gershwin Vol. 1\01 - Ambulatory Suite Promenade (Walking The Dog) March Of The Swiss Soldiers
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Desktop\Downloads\Ella Fitzgerald - The Complete Song Books [1993]\Ella Fitzgerald - The Complete Song Books (Disc 7) Duke Ellington Vol. 3\07 - Portrait Of Ella Fitzgerald Royal Ancestry All Heart Beyond Categor
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Favorites\craft stuff\amazon.co.jp ???????????? no.2 (2) (?????·??? No. 678) ?? ?? ?.url
Status: Hidden
Object: C:\Documents and Settings\HP_Administrator\Favorites\craft stuff\?????????????????? ??????????-???????????.url
Status: Hidden
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}
Status: Access denied
----------------------------------------------------------------------------------------
Step 1
Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link (http://www.neoshine.co.uk/mina/Downloads/TTWipe.bat) and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.
----------------------------------------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Step 3
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
MalwareBytes Log
ComboFix Log
How are things running now ?
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3
8/8/2009 11:37:16 AM
mbam-log-2009-08-08 (11-37-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 231377
Time elapsed: 58 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.
Files Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
ComboFix 09-08-07.09 - HP_Administrator 08/08/2009 11:53.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1498 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\Installer\105799.msp
c:\windows\Installer\10579a.msp
c:\windows\Installer\10579b.msp
c:\windows\Installer\10579c.msp
c:\windows\Installer\10579d.msp
c:\windows\Installer\10579e.msp
c:\windows\Installer\10579f.msp
c:\windows\Installer\1057a0.msp
c:\windows\Installer\1057a1.msp
c:\windows\Installer\1057a2.msp
c:\windows\Installer\1f789f71.msi
c:\windows\Installer\1f789f72.msp
c:\windows\Installer\1f789f73.msp
c:\windows\Installer\1f789f74.msp
c:\windows\Installer\1f789f75.msp
c:\windows\Installer\1f789f76.msp
c:\windows\Installer\1f789f77.msp
c:\windows\Installer\1f789f78.msp
c:\windows\Installer\1f789f79.msp
c:\windows\Installer\1f789f7a.msp
c:\windows\Installer\28b54.msi
c:\windows\kb913800.exe
c:\windows\system32\abefetah.ini
c:\windows\system32\abiwakem.ini
c:\windows\system32\adawojej.ini
c:\windows\system32\afesifav.ini
c:\windows\system32\alogowuw.ini
c:\windows\system32\alowotak.ini
c:\windows\system32\anuperep.ini
c:\windows\system32\anuzubog.ini
c:\windows\system32\apirakuw.ini
c:\windows\system32\avepufit.ini
c:\windows\system32\bcxkhpae.ini
c:\windows\system32\bxgpccnr.ini
c:\windows\system32\byoojvqh.ini
c:\windows\system32\cadrcyiy.ini
c:\windows\system32\dtehadem.ini
c:\windows\system32\ebihabom.ini
c:\windows\system32\ebojobod.ini
c:\windows\system32\eheduheg.ini
c:\windows\system32\ekafewut.ini
c:\windows\system32\elejugas.ini
c:\windows\system32\eluoupbx.ini
c:\windows\system32\emilipus.ini
c:\windows\system32\enupubil.ini
c:\windows\system32\epudusuz.ini
c:\windows\system32\evefapum.ini
c:\windows\system32\evipajeh.ini
c:\windows\system32\fmqbjiks.ini
c:\windows\system32\foraduli.dll
c:\windows\system32\fqipmghl.ini
c:\windows\system32\gfswaose.ini
c:\windows\system32\ghdwwptg.ini
c:\windows\system32\gndkffgr.ini
c:\windows\system32\gxyiivlc.ini
c:\windows\system32\ibekeyup.ini
c:\windows\system32\ifitejul.ini
c:\windows\system32\ingvfrhi.ini
c:\windows\system32\itewafar.ini
c:\windows\system32\ixpdnjnm.ini
c:\windows\system32\iyawunij.ini
c:\windows\system32\iyuhikop.ini
c:\windows\system32\jpsnopfg.ini
c:\windows\system32\juixssab.ini
c:\windows\system32\kfobcccj.ini
c:\windows\system32\kgjgjywn.ini
c:\windows\system32\lfoyjcpc.ini
c:\windows\system32\ljgibgiy.ini
c:\windows\system32\mmrrbkdp.ini
c:\windows\system32\mrmxsqfo.ini
c:\windows\system32\nqgkcgsr.ini
c:\windows\system32\ocmywuwm.ini
c:\windows\system32\ogoruweh.ini
c:\windows\system32\ohigedis.ini
c:\windows\system32\oiomthhy.ini
c:\windows\system32\pbnmpynm.ini
c:\windows\system32\sahlaeev.ini
c:\windows\system32\salocidu.ini
c:\windows\system32\teyobdrl.ini
c:\windows\system32\ufobobel.ini
c:\windows\system32\ujubipip.ini
c:\windows\system32\uziyezok.ini
c:\windows\system32\vqggfjpt.ini
c:\windows\system32\vxuohsxx.ini
c:\windows\system32\vyfemkxv.ini
c:\windows\system32\wqvqllwl.ini
c:\windows\system32\yehwvgnc.ini
c:\windows\system32\yeweyefa.dll.tmp
c:\windows\system32\ymstvrok.ini
c:\windows\system32\yugutoyi.dll
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.
2009-08-08 17:34 . 2009-08-08 17:34 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 04:42 . 2009-08-08 04:42 -------- d-----w- c:\program files\DOSBox-0.73
2009-08-07 22:41 . 2009-08-07 22:42 -------- d-----w- C:\rsit
2009-08-06 22:50 . 2009-08-06 22:50 -------- d-----w- c:\program files\ERUNT
2009-08-06 07:03 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 07:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 07:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 07:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 07:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 07:03 . 2009-08-06 07:03 -------- d-----w- C:\9d9fd353fdba3dfbc59736335b47
2009-08-06 07:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 07:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 06:42 . 2009-08-06 06:42 -------- d-----w- C:\91412183513c547a9014
2009-08-06 06:42 . 2009-08-06 06:42 -------- d-----w- C:\83404f999f6f9115091c4fe7
2009-08-05 22:43 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-08-05 22:43 . 2007-10-22 10:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-08-05 22:43 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-08-05 22:43 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-08-05 22:43 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-08-05 22:43 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-04 22:48 . 2009-08-04 22:51 -------- d-----w- c:\program files\Myth II
2009-08-04 22:30 . 1995-01-30 07:00 92208 ----a-w- c:\windows\system32\WING.DLL
2009-08-04 22:30 . 1994-09-21 01:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\WinZip
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-22 17:53 . 2009-07-22 17:53 -------- d-----w- c:\program files\CONEXANT
2009-07-19 21:05 . 1995-12-19 03:01 94720 ----a-w- c:\program files\sh30w32.dll
2009-07-17 18:21 . 2009-08-01 10:23 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Temp
2009-07-15 18:25 . 2009-07-15 18:25 -------- d-----w- c:\windows\system32\backup
2009-07-15 18:25 . 2009-07-15 18:25 -------- d-----w- c:\program files\DKXP
2009-07-15 18:19 . 1999-06-18 19:24 168207 ----a-w- c:\windows\system32\Unstall.exe
2009-07-15 17:55 . 1993-06-25 21:47 20272 ----a-w- c:\windows\system\CTL3D.DLL
2009-07-15 17:55 . 2009-07-15 17:55 -------- d-----w- c:\program files\DK Interactive Learning
2009-07-15 17:46 . 1995-01-30 07:00 92208 ----a-w- c:\windows\system\WING.DLL
2009-07-15 17:46 . 1995-01-30 07:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2009-07-15 17:46 . 1995-01-30 07:00 188960 ----a-w- c:\windows\system\WINGDE.DLL
2009-07-15 17:46 . 2009-07-15 17:46 -------- d-----w- c:\program files\DK Multimedia
2009-07-15 17:45 . 2009-07-15 17:45 -------- d-----w- C:\~QTWTMP.TMP
2009-07-15 17:37 . 2009-07-15 17:37 -------- d-----w- C:\MBJR
2009-07-15 17:37 . 1995-12-03 03:01 44544 ----a-w- c:\windows\system32\SH30W16.DLL
2009-07-15 17:37 . 1993-11-19 00:00 30544 ----a-w- c:\windows\system32\DIB.DRV
2009-07-10 19:55 . 2009-07-10 19:55 -------- d-----w- c:\program files\iPod
2009-07-10 19:52 . 2009-07-10 19:53 -------- d-----w- c:\program files\QuickTime
2009-07-10 19:36 . 2009-07-10 19:36 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 19:02 . 2008-09-18 03:17 -------- d-----w- c:\program files\lg_fwupdate
2009-08-08 18:35 . 2009-02-04 07:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 17:27 . 2008-12-25 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 08:11 . 2007-12-29 21:06 -------- d-----w- c:\program files\Warcraft III
2009-08-07 22:37 . 2009-03-18 23:41 -------- d-----w- c:\program files\eMule
2009-08-06 22:52 . 2008-12-27 05:43 -------- d-----w- c:\program files\Trend Micro
2009-08-06 04:33 . 2008-12-25 07:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 04:19 . 2007-10-14 04:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-08-03 20:36 . 2009-02-04 07:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-02-04 07:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 18:30 . 2007-01-10 14:56 -------- d-----w- c:\program files\Sonic
2009-07-21 18:27 . 2009-06-02 03:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NBC Direct
2009-07-21 18:27 . 2009-06-02 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NBC Direct
2009-07-21 18:27 . 2009-06-02 03:17 -------- d---a-w- c:\program files\NBC Direct
2009-07-21 18:27 . 2007-01-10 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-21 18:19 . 2007-01-10 15:06 -------- d-----w- c:\program files\muvee Technologies
2009-07-21 18:19 . 2007-01-10 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 18:18 . 2007-01-10 15:06 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-21 18:15 . 2007-01-10 14:26 -------- d-----w- c:\program files\GemMaster
2009-07-21 18:14 . 2007-09-29 18:30 -------- d-----w- c:\program files\Scholastic
2009-07-21 18:13 . 2008-07-07 07:13 -------- d-----w- c:\program files\Sony
2009-07-21 18:09 . 2007-10-21 22:08 -------- d-----w- c:\program files\WindSolutions
2009-07-21 03:36 . 2007-01-10 15:00 56896 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 21:05 . 2009-07-19 21:05 1777 ----a-w- c:\program files\DeIsL1.isu
2009-07-18 18:22 . 2007-10-14 03:06 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 18:19 . 2008-09-22 00:08 -------- d-----w- c:\program files\Common Files\AOL
2009-07-18 04:05 . 2009-06-02 03:17 -------- d-----w- c:\program files\Pando Networks
2009-07-10 19:56 . 2009-05-05 01:11 -------- d-----w- c:\program files\iTunes
2009-07-04 00:34 . 2007-05-03 22:22 8726 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-06-29 16:12 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 17:54 . 2009-02-25 20:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Nikon
2009-06-26 17:54 . 2009-02-24 23:12 -------- d-----w- c:\program files\Common Files\Nikon
2009-06-26 17:53 . 2009-02-24 23:11 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-06-24 16:03 . 2007-08-23 19:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 14:36 . 2004-08-09 21:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 23:50 . 2007-01-10 14:31 -------- d-----w- c:\program files\Java
2009-06-12 23:49 . 2009-06-12 23:49 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 21:18 . 2009-06-11 01:53 575488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ali05unp.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2009-06-03 19:09 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 18:33 . 2009-02-05 04:37 410984 ----a-w- c:\windows\system32\deploytk.dll
1996-05-28 07:23 . 2009-07-19 21:05 12910 ----a-w- c:\program files\readme.txt
1996-02-12 13:04 . 2009-07-19 21:05 766 ----a-w- c:\program files\mbjr.ico
1995-10-23 13:51 . 2009-07-19 21:05 766 ----a-w- c:\program files\book.ico
1995-10-11 13:02 . 2009-07-19 21:05 766 ----a-w- c:\program files\rbjr.ico
1995-03-15 10:12 . 2009-07-19 21:05 766 ----a-w- c:\program files\previews.ico
1995-02-08 01:00 . 2009-07-19 21:05 766 ----a-w- c:\program files\soundc.ico
1995-01-24 01:00 . 2009-07-19 21:05 766 ----a-w- c:\program files\parentt.ico
2009-02-05 13:52 . 2009-02-05 13:52 2713 --sh--w- c:\windows\system32\gobijadi.dll
2007-07-04 07:51 . 2007-07-04 07:51 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-02-05 01:47 . 2009-02-05 01:47 2713 --sh--w- c:\windows\system32\zesedovi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-03 548864]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-02-05 356352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2007-1-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2007-1-10 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\Matt\\mIRC\\mirc.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/21/2008 5:08 PM 24652]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\HP_Administrator\Desktop\SYSPROT\SysProtDrv.sys [8/7/2009 3:49 PM 44288]
.
Contents of the 'Scheduled Tasks' folder
2009-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2366486218-1920246484-2581568852-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 02:17]
2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2366486218-1920246484-2581568852-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 02:17]
.
- - - - ORPHANS REMOVED - - - -
BHO-{436ba4ed-a0bb-43de-9c61-cac48c8d4297} - (no file)
BHO-{72A0B210-AAB5-4910-9022-9B959E20D3C1} - c:\windows\system32\ssqRJYQg.dll
BHO-{D4ADEB33-E7A8-4DC7-8A47-EC93580D0C98} - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
Notify-avgrsstarter - (no file)
Notify-yayvVPFw - yayvVPFw.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ali05unp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ali05unp.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ali05unp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 12:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-08 12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-08 19:11
Pre-Run: 49,724,973,056 bytes free
Post-Run: 49,665,748,992 bytes free
383 --- E O F --- 2009-08-06 07:09
Point of note, when using MBAM, the log, if closed can be easily accessed from the "logs" tab in the program. Others might find it useful.
System seems to be running better than it was. Somehow, the "clear private data" from the "tools" dropdown in Firefox was removed, I'm assuming by some of this malware. Should I just reinstall it, or do you see persisting problems in these logs? One other thing, do you have any recommendations for walkthroughs to better a system's performance safely?
-M
Wait, wait.
S&D scan just finished, bringing up a bunch of malware.
Well, I guess you can see that in logs.
It doesn't look like there is any active infection there now, let's make sure we can clean up all the leftovers in one go
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
I started the Kaspersky update and, when it finished, it says the update failed and the program has failed to start. It tells me to close the IE window and open it again to install. When I did this, it gives me the same response when trying to finish the update procedure to move to scanning.
???
I failed to mention, the end of the error says: key expired.
?
Try this one instead
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
This seems to be a current issue for kaspersky, as I have checked their forums. A moderator has posted this as an alternative option:
"
In the mean time (I presume you dont want to install Kaspersky which is why you ware doing online scans), you can use Kaspersky's AVPtool to scan for and remove malware. Its an on-demand scanner which you can use with your realtime AV and then uninstall AVPtool after you've scanned the computer.
Download/info - http://www.kaspersky.com/support/viruses/avptool?level=2
Usage info - http://www.kaspersky.com/support/avptool/main?qid=208279887"
Do you recommend I do that, or something else?
Did you see my instructions for Active Scan ?
Sorry, I DID see it, and I've tried it continually; it gets stuck on 14% every attempt.
We really need to see an online scan to make sure nothing is left, please try the following ..
----------------------------------------------------------------------------------------
Step 1
OTMoveIt
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop
Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Files
c:\windows\system32\gobijadi.dll
c:\windows\system32\zesedovi.dll
:Commands
[Purity]
[EmptyTemp]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------------------------------------
Step 2
Eset Online AntiVirus
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
(You may need to disable your resident Anti-Virus (http://www.bleepingcomputer.com/forums/topic114351.html).)
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
OTMoveIt Log
NOD 32 Log
How are things running now ?
OTM Results:
All processes killed
========== PROCESSES ==========
========== FILES ==========
LoadLibrary failed for c:\windows\system32\gobijadi.dll
c:\windows\system32\gobijadi.dll NOT unregistered.
c:\windows\system32\gobijadi.dll moved successfully.
LoadLibrary failed for c:\windows\system32\zesedovi.dll
c:\windows\system32\zesedovi.dll NOT unregistered.
c:\windows\system32\zesedovi.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: HP_Administrator
->Temp folder emptied: 86104515 bytes
->Temporary Internet Files folder emptied: 335338 bytes
->Java cache emptied: 81282692 bytes
->FireFox cache emptied: 65671272 bytes
->Google Chrome cache emptied: 511450415 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
C:\~QTWTMP.TMP folder deleted successfully.
%systemdrive% .tmp files removed: 14648 bytes
C:\WINDOWS\512A31DEEA494AECAE64AEF842DE8ABA.TMP folder deleted successfully.
%systemroot% .tmp files removed: 149297 bytes
%systemroot%\System32 .tmp files removed: 5434897 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 551424 bytes
Total Files Cleaned = 716.27 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08112009_150701
Files moved on Reboot...
Registry entries deleted on Reboot...
ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=d66cf5b31344384bbce34ec1081a23b6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-12 12:18:53
# local_time=2009-08-11 05:18:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=118377
# found=69
# cleaned=0
# scan_time=6829
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\abefetah.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\abiwakem.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\adawojej.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\afesifav.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\alogowuw.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\alowotak.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\anuperep.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\anuzubog.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\apirakuw.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\avepufit.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\bcxkhpae.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\bxgpccnr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\byoojvqh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cadrcyiy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dtehadem.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ebihabom.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ebojobod.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eheduheg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ekafewut.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\elejugas.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eluoupbx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\emilipus.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\enupubil.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\epudusuz.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\evefapum.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\evipajeh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fmqbjiks.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fqipmghl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gfswaose.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghdwwptg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gndkffgr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxyiivlc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibekeyup.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ifitejul.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ingvfrhi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\itewafar.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ixpdnjnm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iyawunij.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iyuhikop.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jpsnopfg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\juixssab.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kfobcccj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kgjgjywn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lfoyjcpc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljgibgiy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mmrrbkdp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mrmxsqfo.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nqgkcgsr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ocmywuwm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogoruweh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ohigedis.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\oiomthhy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\pbnmpynm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sahlaeev.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\salocidu.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\teyobdrl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ufobobel.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujubipip.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\uziyezok.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vqggfjpt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vxuohsxx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vyfemkxv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wqvqllwl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yehwvgnc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ymstvrok.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\I386\APPS\APP25437\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
D:\I386\APPS\APP25437\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Uninstall OTMoveIt (OTM.exe)
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
You can also delete any logs we have produced, and empty your Recycle bin.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Well thank you so much for all of your help. I really appreciate it. I will definitely be donating as soon as I can get something together. What you and everyone at the Safer Networking Forums is an invaluable service to all of us that need it.
So I have chosen the following for Anti-spyware:
Spybot S&D for full-time protection,
MBAM for on-demand protection,
For prevention I will be using the following:
Winpatrol,
SpywareBlaster,
and MVPS HOSTS.
I have two last questions:
1) under prevention, is there anything I should not have running simultaneously, or can they all run together?
and 2) Do you have any recommendations for programs/wizards that cen help me optimize my system to run optimally?
Finally, thanks again for everything!
S&D last run & clean up finished, re-ran.....CLEAN!
Thank you again!
Cheers,
Matt
1) under prevention, is there anything I should not have running simultaneously, or can they all run together?
2) Do you have any recommendations for programs/wizards that can help me optimize my system to run optimally?
1) The list you posted is fine, they will all work happily :)
2) In short, NO.
In full ......
I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools
They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.
Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !
To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.
discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
Again, thank you. I appreciate the performance advice and the articles are in the process of being read.
Take Care,
<3:laugh: