HJT Log Malware infection [Archive] - Safer-Networking Forums

mdayton09

2010-02-17, 17:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:24 AM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [showicon2k] "C:\Program Files\\eM\Bay Reader\Shwicon2k.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe"
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] "C:\WINDOWS\System32\hphmon05.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [realtray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [groovemonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Documents and Settings\KENNETH\Desktop\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com (http://www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8371 bytes
=================

[I]Previous topic: http://forums.spybot.info/showthread.php?p=330023#post330023

mdayton09

2010-02-22, 23:41

DDS (Ver_09-12-01.01) - NTFSx86
Run by KENNETH at 14:39:03.32 on Mon 02/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.71 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KENNETH\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.emachines.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [showicon2k] "c:\program files\\em\bay reader\Shwicon2k.exe"
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe"
mRun: [HPHUPD05] "c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] "c:\windows\system32\hphmon05.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [realtray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [groovemonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\erunta~1.lnk - c:\documents and settings\kenneth\desktop\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\kenneth\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kenneth\applic~1\mozilla\firefox\profiles\71e83xyh.mary\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\kenneth\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-2-19 582992]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-26 24652]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-2-19 206608]
S0 hjeltl;hjeltl;c:\windows\system32\drivers\xiofqo.sys --> c:\windows\system32\drivers\xiofqo.sys [?]
S0 hwvfmfsu;hwvfmfsu;c:\windows\system32\drivers\wfllxfjo.sys --> c:\windows\system32\drivers\wfllxfjo.sys [?]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-2-19 34760]
S1 3435fe69;3435fe69;c:\windows\system32\drivers\3435fe69.sys [2009-1-12 0]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-2-20 24416]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-2-19 206608]

=============== Created Last 30 ================

2010-02-20 23:34:37 157712 ----a-w- c:\windows\system32\drivers\TMCOMM.SYS.del
2010-02-20 08:17:16 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-02-20 07:10:44 2 --shatr- c:\windows\winstart.bat
2010-02-20 07:09:13 35040 ----a-w- c:\windows\system32\Partizan.exe
2010-02-20 07:09:13 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-02-20 07:08:59 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-02-20 07:08:56 0 d-----w- c:\program files\UnHackMe
2010-02-20 06:43:36 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-02-20 06:43:36 0 d-----w- c:\program files\Trend Micro
2010-02-18 08:06:43 0 d-sh--w- c:\documents and settings\kenneth\IECompatCache
2010-02-17 07:28:35 0 ----a-w- c:\windows\system32\27792.exe
2010-02-17 07:08:34 0 ----a-w- c:\windows\system32\26418.exe
2010-02-17 06:48:33 0 ----a-w- c:\windows\system32\29969.exe
2010-02-17 05:52:21 0 ----a-w- c:\windows\system32\6334.exe
2010-02-17 03:45:47 0 ----a-w- c:\windows\system32\2442.exe
2010-02-17 02:44:29 0 ----a-w- c:\windows\system32\17574.exe
2010-02-17 02:03:44 0 d-----w- c:\program files\Securityessentials2010
2010-02-10 17:36:02 0 d-----w- c:\program files\iTunes
2010-01-27 15:20:59 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-27 15:20:57 159232 ----a-w- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2010-02-17 02:03:33 97696 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-01-20 21:42:57 67952 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 14:40:10.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2009 8:07:05 PM
System Uptime: 2/20/2010 11:48:07 PM (39 hours ago)

Motherboard: MSI | | eMachines, Inc.
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket-A | 2000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 86.134 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP322: 11/21/2009 1:22:48 PM - System Checkpoint
RP323: 11/22/2009 1:45:15 PM - System Checkpoint
RP324: 11/23/2009 1:51:55 PM - System Checkpoint
RP325: 11/24/2009 1:58:42 PM - System Checkpoint
RP326: 11/25/2009 3:00:32 AM - Software Distribution Service 3.0
RP327: 11/26/2009 3:12:43 AM - System Checkpoint
RP328: 11/27/2009 3:19:27 AM - System Checkpoint
RP329: 11/28/2009 3:20:32 AM - System Checkpoint
RP330: 11/29/2009 8:39:19 AM - System Checkpoint
RP331: 11/30/2009 11:18:45 AM - System Checkpoint
RP332: 12/1/2009 11:36:35 AM - System Checkpoint
RP333: 12/2/2009 12:49:14 PM - System Checkpoint
RP334: 12/3/2009 1:42:29 PM - System Checkpoint
RP335: 12/4/2009 2:03:45 PM - System Checkpoint
RP336: 12/5/2009 2:45:16 PM - System Checkpoint
RP337: 12/6/2009 4:42:55 PM - System Checkpoint
RP338: 12/7/2009 5:36:55 PM - System Checkpoint
RP339: 12/8/2009 5:42:28 PM - System Checkpoint
RP340: 12/9/2009 3:00:33 AM - Software Distribution Service 3.0
RP341: 12/10/2009 3:42:49 AM - System Checkpoint
RP342: 12/11/2009 4:28:06 AM - System Checkpoint
RP343: 12/12/2009 9:11:57 AM - System Checkpoint
RP344: 12/13/2009 9:55:13 AM - System Checkpoint
RP345: 12/14/2009 10:28:02 AM - System Checkpoint
RP346: 12/15/2009 11:28:06 AM - System Checkpoint
RP347: 12/16/2009 12:29:06 PM - System Checkpoint
RP348: 12/18/2009 9:01:02 AM - System Checkpoint
RP349: 12/19/2009 9:28:06 AM - System Checkpoint
RP350: 12/20/2009 10:28:07 AM - System Checkpoint
RP351: 12/21/2009 11:28:01 AM - System Checkpoint
RP352: 12/22/2009 11:29:06 AM - System Checkpoint
RP353: 12/23/2009 12:28:48 PM - System Checkpoint
RP354: 12/24/2009 1:32:04 PM - System Checkpoint
RP355: 12/25/2009 2:07:19 PM - System Checkpoint
RP356: 12/26/2009 2:27:37 PM - System Checkpoint
RP357: 12/27/2009 2:49:36 PM - System Checkpoint
RP358: 12/30/2009 8:48:51 PM - System Checkpoint
RP359: 12/31/2009 9:07:33 PM - System Checkpoint
RP360: 1/1/2010 10:40:21 PM - System Checkpoint
RP361: 1/3/2010 1:21:59 AM - System Checkpoint
RP362: 1/4/2010 1:52:03 AM - System Checkpoint
RP363: 1/5/2010 2:07:36 AM - System Checkpoint
RP364: 1/6/2010 3:07:37 AM - System Checkpoint
RP365: 1/7/2010 3:45:57 AM - System Checkpoint
RP366: 1/8/2010 4:07:36 AM - System Checkpoint
RP367: 1/9/2010 5:07:36 AM - System Checkpoint
RP368: 1/10/2010 6:07:39 AM - System Checkpoint
RP369: 1/11/2010 7:07:30 AM - System Checkpoint
RP370: 1/12/2010 7:08:32 AM - System Checkpoint
RP371: 1/13/2010 3:00:42 AM - Software Distribution Service 3.0
RP372: 1/14/2010 3:25:54 AM - System Checkpoint
RP373: 1/15/2010 11:21:47 AM - System Checkpoint
RP374: 1/16/2010 11:25:52 AM - System Checkpoint
RP375: 1/17/2010 11:26:58 AM - System Checkpoint
RP376: 1/18/2010 1:45:34 PM - System Checkpoint
RP377: 1/19/2010 3:08:33 PM - System Checkpoint
RP378: 1/20/2010 3:00:20 AM - Software Distribution Service 3.0
RP379: 1/21/2010 3:52:20 AM - System Checkpoint
RP380: 1/22/2010 3:00:21 AM - Software Distribution Service 3.0
RP381: 1/23/2010 3:22:20 AM - System Checkpoint
RP382: 1/24/2010 9:19:04 AM - System Checkpoint
RP383: 1/25/2010 9:22:24 AM - System Checkpoint
RP384: 1/26/2010 10:22:20 AM - System Checkpoint
RP385: 1/27/2010 10:54:12 AM - System Checkpoint
RP386: 1/27/2010 10:44:37 PM - Configured Microsoft Office Enterprise 2007
RP387: 1/27/2010 10:47:45 PM - Configured Microsoft Office Enterprise 2007
RP388: 1/27/2010 10:49:31 PM - Configured Microsoft Office Enterprise 2007
RP389: 1/27/2010 10:51:56 PM - Configured Microsoft Office Enterprise 2007
RP390: 1/27/2010 10:52:13 PM - Configured Microsoft Office Enterprise 2007
RP391: 1/27/2010 10:53:00 PM - Configured Microsoft Office Enterprise 2007
RP392: 1/28/2010 11:57:46 PM - System Checkpoint
RP393: 1/30/2010 12:22:19 AM - System Checkpoint
RP394: 1/31/2010 12:38:30 AM - System Checkpoint
RP395: 2/1/2010 12:53:41 AM - System Checkpoint
RP396: 2/2/2010 12:59:46 AM - System Checkpoint
RP397: 2/3/2010 1:38:29 AM - System Checkpoint
RP398: 2/4/2010 2:39:57 AM - System Checkpoint
RP399: 2/5/2010 3:38:28 AM - System Checkpoint
RP400: 2/6/2010 4:11:34 AM - System Checkpoint
RP401: 2/7/2010 7:13:42 AM - System Checkpoint
RP402: 2/8/2010 9:51:34 AM - System Checkpoint
RP403: 2/9/2010 11:29:42 AM - System Checkpoint
RP404: 2/10/2010 3:00:41 AM - Software Distribution Service 3.0
RP405: 2/11/2010 4:43:58 AM - System Checkpoint
RP406: 2/12/2010 5:27:11 AM - System Checkpoint
RP407: 2/13/2010 6:27:10 AM - System Checkpoint
RP408: 2/14/2010 7:27:11 AM - System Checkpoint
RP409: 2/15/2010 7:28:18 AM - System Checkpoint
RP410: 2/16/2010 7:31:23 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.5
Adobe® Photoshop® Album Starter Edition 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AviSynth 2.5
AVRStudio4
Bonjour
CCleaner (remove only)
CompuServe
Conexant SoftK56 Modem(M)
Critical Update for Windows Media Player 11 (KB959772)
DNA
Download Updater (AOL LLC)
Driver Detective
DriverMax 4
eMachines Bay Reader V1.00
ERUNT 1.1j
Font_Setup
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Store
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Software Update
ICQ
ijji REACTOR
iPod Copy Expert 3.1.2
iPod for Windows 2005-03-23
iTunes
KB408682
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MediaWidget 4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
overland
Photosmart 140,240,7200,7600,7700,7900 Series
Platform
Pretty Good Solitaire version 12.0.1
PS7900
PSShortcutsP
PSUsage
QFolder
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
RegRun Reanimator
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SOAP Toolkit
Spy Sweeper Core
Spybot - Search & Destroy
TI Connect 1.6
Trend Micro RUBotted
UnHackMe 5.70 release
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Videora iPod touch Converter 5.03
Viewpoint Media Player
WebFldrs XP
WinAVR 20081205 (remove only)
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WingMan Software

==== Event Viewer Messages From Past Week ========

2/20/2010 8:12:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000C767E6D89 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/20/2010 7:56:52 PM, error: Print [19] - Sharing printer failed + 1722, Printer hp photosmart 7900 series share name Home_Printer.
2/20/2010 2:53:38 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 000C767E6D89 has been denied by the DHCP server 68.87.78.29 (The DHCP Server sent a DHCPNACK message).
2/20/2010 2:53:07 PM, error: Dhcp [1002] - The IP address lease 24.5.224.240 for the Network Card with network address 000C767E6D89 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/19/2010 7:02:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ViaIde
2/19/2010 7:02:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.
2/19/2010 7:02:04 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2010 7:02:04 PM, error: Service Control Manager [7000] - The ASCTRM service failed to start due to the following error: The parameter is incorrect.
2/19/2010 7:00:53 PM, error: ati2mtag [45062] - CRT invalid display type
2/18/2010 7:33:15 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
2/17/2010 12:22:50 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 000C767E6D89 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/17/2010 11:58:33 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/16/2010 6:04:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cdaudio.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
2/16/2010 6:04:16 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
2/15/2010 9:13:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 000C767E6D89 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================