Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Win32.TDSS.rtk Help! (Resolved)

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Unhappy Win32.TDSS.rtk Help! (Resolved)

    Please help!
    My home computer has been attacked by Win32.TDSS.rtk and I do not have the know-how to get rid of it. I have run Spybot S&D several times and it picks up 5 or 6 TrojansC entries that always come back when I try to fix the selected problems. I have only average computer knowledge and need a professional to help me through this. I have read many of the other posts regarding this same issue, each saying do not try this at home, this issue requires individual attention, so here I am, asking for individual attention. Spybot shows the following set up in a drop down fashion after I scan:

    Win32.TDSS.rtk
    (SBI $1473B578) File
    C:\WINDOWS\system32\drivers\geyekrsscupuve.sys
    (SBI $5CC20873) File
    C:\WINDOWS\system32\geyekrpwlgmaeo.dll
    (SBI $5CC200873) File
    C:\WINDOWS\system32\geyekrwqdgxgnm.dll
    (SBI $E9F5D25E) File
    C:\WINDOWS\temp\geyekrwdqppxgban.tmp
    (SBI $0419F0A4) File
    C:\WINDOWS\system32\geyekrwittgyus.dat
    (SBI $0419F0A4) File
    C:\WINDOWS\system32\geyekrxunbjivh.dat
    I don't know much about what kind of logs you might need or how to aquire them, so I appreciate your patience in helping me out. One question I have about the eradication process is should I attempt to back up my documents, photos, and music before downloading any programs to kill this virus or would that just endanger my computer again, after its fixed? Will the process even affect these types of files, does it involve a complete wipe? Thanks for your answers and help in advance, I wish I was as techno-savvy as all you, but since I'm clearly not, Thanks Again!
    Kylie


    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Last edited by tashi; 2009-08-07 at 01:37. Reason: moved from Spybot-S&D support to malware removal, added link to FAQ so you are aware of who will be helping ;-)

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    ----------------------------------------------------------------------------------------

    1) I don't know much about what kind of logs you might need or how to aquire them,
    2) One question I have about the eradication process is should I attempt to back up my documents, photos, and music
    3) Will the process even affect these types of files, ~ does it involve a complete wipe?
    1) Don't worry, I'll let you know what is needed
    2) It is recommended that you backup any data that you don't want to lose, before any removal or update process
    3) It depends on what infection is present


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
      ( They can also be found in the C:\RSIT folder )



    SysProt Antirootkit

    Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

    http://sites.google.com/site/sysprotantirootkit/

    Unzip it into a folder on your desktop.
    • Double click Sysprot.exe to start the program.
    • Click on the Log tab.
    • In the Write to log box select all items.
    • Click on the Create Log button on the bottom right.
    • After a few seconds a new window should appear.
    • Select Scan Root Drive. Click on the Start button.
    • When it is complete a new window will appear to indicate that the scan is finished.
    • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default Requested RSIT Logs

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by HP_Administrator at 2009-08-07 11:47:30
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 274 GB (59%) free of 468 GB
    Total RAM: 2046 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:47:43 AM, on 8/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\JF8LJ026\RSIT[1].exe
    C:\Program Files\trend micro\HP_Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7984] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5656] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9241] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC502] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1693] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6687] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3902] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9993] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7459] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3244] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6884] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3408] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6733] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8971] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8979] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4414] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9616] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC49] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2652] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3319] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1395] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2614] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8335] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6322] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9728] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5710] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2674] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6709] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2514] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5081] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3230] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1510] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2915] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4070] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4221] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2934] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6784] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7861] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA858] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6898] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1711] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4950] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6178] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6738] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2721] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7626] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3364] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8926] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9021] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7767] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4635] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3757] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9844] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1033] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7491] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3955] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7880] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1983] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1399] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9093] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8791] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7135] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5144] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2510] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA276] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8638] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5838] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6879] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7226] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7361] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7242] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5996] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3825] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1461] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8402] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3958] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8292] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5535] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3502] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5495] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6877] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6881] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB109] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6797] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4934] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9118] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9469] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7490] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB943] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9319] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6444] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9807] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7501] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8817] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6612] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4443] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5624] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD975] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7882] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8781] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3298] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1582] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7994] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8553] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1335] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7954] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3843] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4059] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5838] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9347] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7034] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6984] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8831] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7375] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8149] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9748] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9712] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2457] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7768] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7910] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9922] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7986] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2886] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5892] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5868] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2045] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6918] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2316] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB278] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6853] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6093] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5421] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9000] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2067] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7235] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7943] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB428] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://deere.webex.com/client/T26L1...ex/ieatgpc.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...99/mcfscan.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 26236 bytes

  4. #4
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default RSIT logs

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
    AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-02 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-02 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
    "HostManager"=C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe [2008-11-06 41264]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-01 180269]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-02 148888]
    "nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
    "nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingA7984"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC5656"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA9241"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC502"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA1693"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC6687"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA3902"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC9993"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA7459"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC3244"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA6884"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC3408"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA6733"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC8971"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA8979"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC4414"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA9616"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC49"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA2652"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC3319"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA1395"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC2614"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA8335"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC6322"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA7032"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC9728"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA5710"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC2674"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA6709"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC2514"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA5081"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC3230"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA1510"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC2915"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA4070"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC2198"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA4221"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC2934"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA6784"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC7861"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA858"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC6898"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA1711"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC4950"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA6178"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC6738"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA2721"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC7626"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA3364"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC8926"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA9021"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC7767"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA4635"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC3757"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA9844"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC1033"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA7491"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC3955"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA7880"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC1983"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA1399"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC9093"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA8791"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC7135"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA5144"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC2510"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA276"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC8638"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA5838"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC6879"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]
    "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
    "AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-11-06 50472]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB7226"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD7361"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB7242"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD5996"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB3825"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD1461"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB8402"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD3958"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB8292"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD5535"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB3502"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD5495"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB6877"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD6881"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB109"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD6797"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB4934"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD9118"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB9469"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD7490"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB943"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD9319"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB6444"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD9807"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB7501"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD8817"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB6612"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD4443"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB5624"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD975"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB7882"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD8781"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB3298"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD1582"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB7994"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD8553"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB1335"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD7954"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB3843"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD4059"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB5838"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD9347"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB7034"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD6984"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB8831"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD7375"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB8149"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD9748"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB9712"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD2457"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB7768"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD7910"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB9922"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD7986"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB2886"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD5892"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB5868"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD2045"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB6918"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD2316"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB278"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD6853"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB6093"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD5421"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB9000"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD2067"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB7235"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD7943"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB428"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD7287"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
    C:\Program Files\DISC\DISCover.exe [2006-04-07 1073152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
    C:\Program Files\DISC\DiscUpdMgr.exe [2006-04-07 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
    ftutil2.dll,SetWriteCacheMode []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KBD.EXE [2005-02-02 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default RSIT end of log.txt

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
    "C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
    "C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\temp\HP_WebRelease\Setup\HPZnet01.exe"="C:\temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
    "C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
    "C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
    "C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
    "C:\Program Files\AOL 9.5\waol.exe"="C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
    "C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe"="C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends"
    "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "F:\setup\HPZnet01.exe"="F:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
    "F:\setup\hponicifs01.exe"="F:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
    "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
    "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
    "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
    "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
    "C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e672820-0050-11de-a6c1-806d6172696f}]
    shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37424ba-1d5b-11de-a6d8-00038a000015}]
    shell\AutoRun\command - N:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2009-08-07 11:47:30 ----D---- C:\rsit
    2009-08-07 11:47:30 ----D---- C:\Program Files\trend micro
    2009-08-06 13:17:08 ----D---- C:\WINDOWS\McAfee.com
    2009-08-06 13:17:06 ----D---- C:\WINDOWS\LastGood
    2009-08-05 13:14:01 ----D---- C:\Program Files\iPod
    2009-08-05 13:13:58 ----D---- C:\Program Files\iTunes
    2009-08-05 13:13:00 ----D---- C:\Program Files\QuickTime
    2009-08-03 09:08:08 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-07-30 19:49:11 ----D---- C:\Program Files\Infogrames Interactive
    2009-07-19 20:38:25 ----D---- C:\Barbie(TM)
    2009-07-19 20:38:05 ----A---- C:\WINDOWS\ka.ini
    2009-07-19 20:36:48 ----D---- C:\Program Files\Barbie(TM)
    2009-07-19 20:36:46 ----D---- C:\Program Files\Common Files\Knowledge Adventure
    2009-07-19 20:31:03 ----A---- C:\WINDOWS\SIERRA.INI
    2009-07-16 17:37:44 ----D---- C:\Program Files\AOL Toolbar
    2009-07-16 17:36:59 ----D---- C:\WINDOWS\aolshare
    2009-07-16 17:36:56 ----D---- C:\Program Files\Common Files\aolshare
    2009-07-16 17:36:56 ----D---- C:\Program Files\AOL 9.1
    2009-07-16 17:29:06 ----A---- C:\WINDOWS\msoffice.ini
    2009-07-15 09:51:16 ----D---- C:\WINDOWS\ie8updates
    2009-07-15 09:50:28 ----HDC---- C:\WINDOWS\ie8
    2009-07-15 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-15 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-15 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
    2009-07-14 16:40:24 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-14 16:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    ======List of files/folders modified in the last 1 months======

    2009-08-07 11:47:30 ----D---- C:\Program Files
    2009-08-07 11:29:18 ----D---- C:\WINDOWS\Temp
    2009-08-07 11:29:18 ----D---- C:\WINDOWS\system32
    2009-08-07 10:21:40 ----D---- C:\WINDOWS\Prefetch
    2009-08-07 05:14:53 ----AD---- C:\WINDOWS
    2009-08-06 20:38:29 ----A---- C:\WINDOWS\win.ini
    2009-08-06 18:45:11 ----A---- C:\WINDOWS\WININIT.INI
    2009-08-06 13:17:15 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-08-06 13:17:07 ----HD---- C:\WINDOWS\inf
    2009-08-05 15:03:54 ----D---- C:\WINDOWS\Registration
    2009-08-05 15:03:39 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-05 15:02:48 ----HD---- C:\Config.Msi
    2009-08-05 15:01:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-05 13:14:17 ----SHD---- C:\WINDOWS\Installer
    2009-08-05 13:14:00 ----D---- C:\Program Files\Common Files\Apple
    2009-08-05 13:12:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-08-03 21:03:48 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
    2009-07-31 20:57:54 ----D---- C:\Program Files\Microsoft Silverlight
    2009-07-30 19:49:11 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-30 13:27:55 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-30 12:05:51 ----D---- C:\WINDOWS\Minidump
    2009-07-30 03:00:32 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-07-30 03:00:31 ----D---- C:\Program Files\Internet Explorer
    2009-07-30 03:00:22 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-30 03:00:17 ----D---- C:\WINDOWS\WinSxS
    2009-07-28 21:32:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
    2009-07-26 17:09:18 ----D---- C:\WINDOWS\system32\drivers
    2009-07-19 20:36:46 ----D---- C:\Program Files\Common Files
    2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-16 17:39:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AOL
    2009-07-16 17:38:27 ----D---- C:\Program Files\Common Files\aol
    2009-07-16 17:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
    2009-07-16 17:29:46 ----D---- C:\Program Files\AOL
    2009-07-16 17:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
    2009-07-16 16:34:25 ----SD---- C:\WINDOWS\Tasks
    2009-07-15 09:53:02 ----D---- C:\WINDOWS\system32\en-us
    2009-07-15 09:53:02 ----D---- C:\WINDOWS\Media
    2009-07-15 09:53:02 ----D---- C:\WINDOWS\Help
    2009-07-15 09:51:27 ----A---- C:\WINDOWS\imsins.BAK
    2009-07-14 17:27:51 ----D---- C:\WINDOWS\network diagnostic
    2009-07-14 12:48:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-07-11 16:40:03 ----D---- C:\Documents and Settings\All Users\Application Data\Firefly Studios
    2009-07-11 16:25:20 ----D---- C:\Program Files\Firefly Studios

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
    R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
    R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
    R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\DVDPlay\000.fcl []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
    R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
    R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
    R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-10 9728]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-14 19200]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
    R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
    R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-14 46592]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
    R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
    S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
    S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-19 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-19 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-19 21568]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
    S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-02 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-14 75064]
    R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-30 189072]
    R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  6. #6
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default RSIT info.txt

    info.txt logfile of random's system information tool 1.06 2009-08-07 11:47:45

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
    -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
    AOL Toolbar -->"C:\Program Files\AOL Toolbar\uninstall.exe"
    AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
    Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
    Barbie(TM) Explorer(TM)-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\BrbExpPCUn.exe
    Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
    BlackBerry Media Sync-->C:\WINDOWS\Installer\BBMediaSyncUninstall.exe
    BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
    Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
    DISCover-->"C:\Program Files\DISC\uninstall.exe"
    DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    Dogz (remove only)-->"C:\Program Files\Ubisoft\Dogz\uninstall.exe" 1033
    Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
    Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    Harry Potter and the Order of the Phoenix™-->C:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
    HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
    HP DVD Play HD DVD 2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Officejet Pro All-In-One Series-->C:\Program Files\HP\Digital Imaging\{7729A02E-D1AD-4830-8FC5-11853500D90D}\setup\hpzscr01.exe -datfile hpwscr05.dat
    HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
    HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
    Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
    Intel(R) Network Connections Drivers-->Prounstl.exe
    Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
    Intel® Viiv™ Software-->MsiExec.exe /X{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}
    iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
    MPM-->MsiExec.exe /X{D48AD533-BAD5-469B-A9AA-272C6D80E70B}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
    Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
    Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
    RollerCoaster Tycoon Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
    Stronghold Legends-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66A405D2-BA14-4594-BF36-B3B544F0754E}\setup.exe" -l0x9 -removeonly
    TomTom HOME 2.6.2.1586-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
    TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
    Transformers(TM) - The Game-->C:\Program Files\InstallShield Installation Information\{5645BA4F-2BF3-4F31-B3F7-710700C92456}\setup.exe -runfromtemp -l0x0409
    Uninstall AOL Emergency Connect Utility 1.0-->C:\Program Files\Common Files\AOL\ECU\uninst.exe
    Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======


    192.168.0.197 HP00156047F315
    192.168.0.193 HP00215AA3D615
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com

    ======System event log======

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 13038
    Source Name: Service Control Manager
    Time Written: 20090801030503.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 12811
    Source Name: Service Control Manager
    Time Written: 20090801023633.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 12584
    Source Name: Service Control Manager
    Time Written: 20090731215629.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 11758
    Source Name: Service Control Manager
    Time Written: 20090731205856.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 9
    Message: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Record Number: 11734
    Source Name: iaStor
    Time Written: 20090731193609.000000-300
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1617
    Source Name: MsiInstaller
    Time Written: 20090407142556.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1616
    Source Name: MsiInstaller
    Time Written: 20090407142556.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1615
    Source Name: MsiInstaller
    Time Written: 20090407142554.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1614
    Source Name: MsiInstaller
    Time Written: 20090407142554.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1000
    Message: Faulting application hpdj00.exe, version 2.335.5.0, faulting module unknown, version 0.0.0.0, fault address 0x0012e731.

    Record Number: 1562
    Source Name: Application Error
    Time Written: 20090407135115.000000-300
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    Sorry I had to post in so many pieces, my computer kept giving me an error message about exceeding 30 seconds and wouldn't upload the bigger chunks. Sysprot log to come next.
    keddie7

  7. #7
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default SysProt Log

    SysProt AntiRootkit v1.0.1.0
    by swatkat

    ******************************************************************************************
    ******************************************************************************************

    Process:
    Name: [System Idle Process]
    PID: 0
    Hidden: No
    Window Visible: No

    Name: System
    PID: 4
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\smss.exe
    PID: 712
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\csrss.exe
    PID: 768
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\winlogon.exe
    PID: 792
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\services.exe
    PID: 848
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\lsass.exe
    PID: 860
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1036
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1136
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1264
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1436
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1568
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\spoolsv.exe
    PID: 1676
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1772
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    PID: 1812
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PID: 1848
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Bonjour\mDNSResponder.exe
    PID: 1884
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\ehome\ehrecvr.exe
    PID: 1992
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\ehome\ehSched.exe
    PID: 368
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PID: 536
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Java\jre6\bin\jqs.exe
    PID: 576
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    PID: 632
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1204
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\explorer.exe
    PID: 1212
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\nvsvc32.exe
    PID: 1240
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1300
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\PnkBstrA.exe
    PID: 1336
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\PnkBstrB.exe
    PID: 1352
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 1428
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 316
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PID: 1984
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 308
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
    PID: 2036
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\ehome\mcrdsvc.exe
    PID: 2092
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PID: 2176
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\searchindexer.exe
    PID: 2356
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\wscntfy.exe
    PID: 2812
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\dllhost.exe
    PID: 4040
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\ehome\ehtray.exe
    PID: 4088
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe
    PID: 1528
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\alg.exe
    PID: 2720
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\ehome\ehmsas.exe
    PID: 2724
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Java\jre6\bin\jusched.exe
    PID: 2908
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PID: 2952
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PID: 3112
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    PID: 3300
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\iTunes\iTunesHelper.exe
    PID: 3564
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Messenger\msmsgs.exe
    PID: 3576
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\svchost.exe
    PID: 3996
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    PID: 2404
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    PID: 3524
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\iPod\bin\iPodService.exe
    PID: 3856
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PID: 3244
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PID: 1724
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\AOL 9.1\waol.exe
    PID: 5696
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\AOL 9.1\shellmon.exe
    PID: 4588
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    PID: 2260
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Internet Explorer\iexplore.exe
    PID: 4308
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Internet Explorer\iexplore.exe
    PID: 2436
    Hidden: No
    Window Visible: No

    Name: C:\Program Files\Internet Explorer\iexplore.exe
    PID: 2144
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\searchprotocolhost.exe
    PID: 4320
    Hidden: No
    Window Visible: No

    Name: C:\WINDOWS\system32\searchfilterhost.exe
    PID: 1692
    Hidden: No
    Window Visible: No

    Name: C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProt.exe
    PID: 4508
    Hidden: No
    Window Visible: Yes

    ******************************************************************************************
    ******************************************************************************************
    Kernel Modules:
    Module Name: \systemroot\system32\drivers\geyekrsscupuve.sys
    Service Name: geyekrumhnvnwg
    Module Base: ---
    Module End: ---
    Hidden: Yes

    Module Name: \??\C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProtDrv.sys
    Service Name: SysProtDrv.sys
    Module Base: AFD2D000
    Module End: AFD38000
    Hidden: No

    Module Name: \WINDOWS\system32\ntkrnlpa.exe
    Service Name: ---
    Module Base: 804D7000
    Module End: 806E4000
    Hidden: No

    Module Name: \WINDOWS\system32\hal.dll
    Service Name: ---
    Module Base: 806E4000
    Module End: 80704D00
    Hidden: No

    Module Name: \WINDOWS\system32\KDCOM.DLL
    Service Name: ---
    Module Base: BADA8000
    Module End: BADAA000
    Hidden: No

    Module Name: \WINDOWS\system32\BOOTVID.dll
    Service Name: ---
    Module Base: BACB8000
    Module End: BACBB000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
    Service Name: ACPI
    Module Base: BA779000
    Module End: BA7A7000
    Hidden: No

    Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
    Service Name: ---
    Module Base: BADAA000
    Module End: BADAC000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\pci.sys
    Service Name: PCI
    Module Base: BA768000
    Module End: BA779000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
    Service Name: isapnp
    Module Base: BA8A8000
    Module End: BA8B2000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
    Service Name: ohci1394
    Module Base: BA8B8000
    Module End: BA8C8000
    Hidden: No

    Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
    Service Name: ---
    Module Base: BA8C8000
    Module End: BA8D6000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\pciide.sys
    Service Name: PCIIde
    Module Base: BAE70000
    Module End: BAE71000
    Hidden: No

    Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    Service Name: ---
    Module Base: BAB28000
    Module End: BAB2F000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\viaide.sys
    Service Name: ViaIde
    Module Base: BADAC000
    Module End: BADAE000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\intelide.sys
    Service Name: IntelIde
    Module Base: BADAE000
    Module End: BADB0000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
    Service Name: MountMgr
    Module Base: BA8D8000
    Module End: BA8E3000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
    Service Name: Disk
    Module Base: BA749000
    Module End: BA768000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\dmload.sys
    Service Name: dmload
    Module Base: BADB0000
    Module End: BADB2000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\dmio.sys
    Service Name: dmio
    Module Base: BA723000
    Module End: BA749000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
    Service Name: PartMgr
    Module Base: BAB30000
    Module End: BAB35000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
    Service Name: VolSnap
    Module Base: BA8E8000
    Module End: BA8F5000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\iastor.sys
    Service Name: iaStor
    Module Base: BA66C000
    Module End: BA723000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\atapi.sys
    Service Name: atapi
    Module Base: BA654000
    Module End: BA66C000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\disk.sys
    Service Name: ---
    Module Base: BA8F8000
    Module End: BA901000
    Hidden: No

    Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    Service Name: ---
    Module Base: BA908000
    Module End: BA915000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
    Service Name: FltMgr
    Module Base: BA634000
    Module End: BA654000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\sr.sys
    Service Name: sr
    Module Base: BA622000
    Module End: BA634000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
    Service Name: PxHelp20
    Module Base: BA918000
    Module End: BA924000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
    Service Name: KSecDD
    Module Base: BA60B000
    Module End: BA622000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
    Service Name: Ntfs
    Module Base: BA57E000
    Module End: BA60B000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
    Service Name: NDIS
    Module Base: BA551000
    Module End: BA57E000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\Mup.sys
    Service Name: Mup
    Module Base: BA537000
    Module End: BA551000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
    Service Name: NIC1394
    Module Base: BA948000
    Module End: BA958000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
    Service Name: intelppm
    Module Base: BAA28000
    Module End: BAA31000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ELacpi.sys
    Service Name: ELacpi
    Module Base: BAC30000
    Module End: BAC38000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    Service Name: nv
    Module Base: BA0F7000
    Module End: BA4C7000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
    Service Name: ---
    Module Base: BA0E3000
    Module End: BA0F7000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    Service Name: e1express
    Module Base: BA0A5000
    Module End: BA0E3000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    Service Name: usbuhci
    Module Base: BAC50000
    Module End: BAC56000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
    Service Name: ---
    Module Base: BA081000
    Module End: BA0A5000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
    Service Name: usbehci
    Module Base: BAC80000
    Module End: BAC88000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    Service Name: HDAudBus
    Module Base: BA059000
    Module End: BA081000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\cxfalcon.sys
    Service Name: CXFALCON
    Module Base: BA044000
    Module End: BA059000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\ks.sys
    Service Name: ---
    Module Base: BA021000
    Module End: BA044000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
    Service Name: HSXHWBS2
    Module Base: B9FDC000
    Module End: BA021000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
    Service Name: HSX_DP
    Module Base: B9EE5000
    Module End: B9FDC000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    Service Name: winachsx
    Module Base: B9E2F000
    Module End: B9EE5000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
    Service Name: Modem
    Module Base: BAC10000
    Module End: BAC18000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
    Service Name: Imapi
    Module Base: BAA38000
    Module End: BAA43000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Service Name: Cdrom
    Module Base: BAA48000
    Module End: BAA58000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
    Service Name: redbook
    Module Base: BAA58000
    Module End: BAA67000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    Service Name: GEARAspiWDM
    Module Base: BAA68000
    Module End: BAA72000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\serscan.sys
    Service Name: StillCam
    Module Base: BADCC000
    Module End: BADCE000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
    Service Name: audstub
    Module Base: BAFFD000
    Module End: BAFFE000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Service Name: Rasl2tp
    Module Base: BAA78000
    Module End: BAA85000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Service Name: NdisTapi
    Module Base: BAD64000
    Module End: BAD67000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Service Name: NdisWan
    Module Base: B9E18000
    Module End: B9E2F000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Service Name: RasPppoe
    Module Base: BAA88000
    Module End: BAA93000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Service Name: PptpMiniport
    Module Base: BAA98000
    Module End: BAAA4000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
    Service Name: ---
    Module Base: BACA0000
    Module End: BACA5000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
    Service Name: PSched
    Module Base: B9E07000
    Module End: B9E18000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Service Name: Gpc
    Module Base: BAAA8000
    Module End: BAAB1000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Service Name: Ptilink
    Module Base: BAB58000
    Module End: BAB5D000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
    Service Name: Raspti
    Module Base: BAB68000
    Module End: BAB6D000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    Service Name: wanatw
    Module Base: BAB78000
    Module End: BAB7E000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    Service Name: rdpdr
    Module Base: B9DD7000
    Module End: B9E07000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
    Service Name: TermDD
    Module Base: BAAB8000
    Module End: BAAC2000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Service Name: Kbdclass
    Module Base: BABC8000
    Module End: BABCE000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Service Name: Mouclass
    Module Base: BABD8000
    Module End: BABDE000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
    Service Name: swenum
    Module Base: BADD2000
    Module End: BADD4000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
    Service Name: Update
    Module Base: B9CB1000
    Module End: B9D0F000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Service Name: mssmbios
    Module Base: BAD8C000
    Module End: BAD90000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
    Service Name: NDProxy
    Module Base: BAAD8000
    Module End: BAAE2000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Service Name: usbhub
    Module Base: BAAE8000
    Module End: BAAF7000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
    Service Name: ---
    Module Base: BADDA000
    Module End: BADDC000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
    Service Name: IntcAzAudAddService
    Module Base: B36D5000
    Module End: B3B69000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\portcls.sys
    Service Name: ---
    Module Base: B36B1000
    Module End: B36D5000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\drmk.sys
    Service Name: ---
    Module Base: BAAF8000
    Module End: BAB07000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
    Service Name: Fs_Rec
    Module Base: BADE8000
    Module End: BADEA000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
    Service Name: Null
    Module Base: BAEFA000
    Module End: BAEFB000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
    Service Name: Beep
    Module Base: BADEC000
    Module End: BADEE000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
    Service Name: ---
    Module Base: BABF0000
    Module End: BABF7000
    Hidden: No

    Module Name: C:\WINDOWS\System32\drivers\vga.sys
    Service Name: VgaSave
    Module Base: BAC00000
    Module End: BAC06000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
    Service Name: mnmdd
    Module Base: BADF0000
    Module End: BADF2000
    Hidden: No

    Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    Service Name: RDPCDD
    Module Base: BADF4000
    Module End: BADF6000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    Service Name: usbstor
    Module Base: BABB0000
    Module End: BABB7000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
    Service Name: Msfs
    Module Base: BABC0000
    Module End: BABC5000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
    Service Name: Npfs
    Module Base: BABE0000
    Module End: BABE8000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Service Name: RasAcd
    Module Base: B3B71000
    Module End: B3B74000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Service Name: IPSec
    Module Base: B362E000
    Module End: B3641000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Service Name: Tcpip
    Module Base: B35D5000
    Module End: B362E000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Service Name: IpNat
    Module Base: B3587000
    Module End: B35AD000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
    Service Name: NetBT
    Module Base: B355F000
    Module End: B3587000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Service Name: Wanarp
    Module Base: BAB18000
    Module End: BAB21000
    Hidden: No

    Module Name: C:\WINDOWS\System32\drivers\afd.sys
    Service Name: AFD
    Module Base: B353D000
    Module End: B355F000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
    Service Name: Arp1394
    Module Base: BA958000
    Module End: BA967000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    Service Name: usbccgp
    Module Base: BABE8000
    Module End: BABF0000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
    Service Name: NetBIOS
    Module Base: BA968000
    Module End: BA971000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
    Service Name: Rdbss
    Module Base: B3512000
    Module End: B353D000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    Service Name: MRxSmb
    Module Base: B34A2000
    Module End: B3512000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Service Name: HidUsb
    Module Base: BA4EF000
    Module End: BA4F2000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
    Service Name: ---
    Module Base: BA978000
    Module End: BA981000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
    Service Name: Fips
    Module Base: BA988000
    Module End: BA993000
    Hidden: No

    Module Name: \??\C:\WINDOWS\System32\Drivers\Elhid.sys
    Service Name: ELhid
    Module Base: B36A9000
    Module End: B36AC000
    Hidden: No

    Module Name: \??\C:\WINDOWS\System32\Drivers\Elmou.sys
    Service Name: ELmou
    Module Base: BAE08000
    Module End: BAE0A000
    Hidden: No

    Module Name: \??\C:\WINDOWS\System32\Drivers\Elmon.sys
    Service Name: ELmon
    Module Base: BAE0C000
    Module End: BAE0E000
    Hidden: No

    Module Name: \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
    Service Name: ELkbd
    Module Base: BAE10000
    Module End: BAE12000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
    Service Name: mouhid
    Module Base: B3699000
    Module End: B369C000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
    Service Name: Cdfs
    Module Base: BA9B8000
    Module End: BA9C8000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    Service Name: kbdhid
    Module Base: B33F2000
    Module End: B33F6000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\IrBus.sys
    Service Name: IrBus
    Module Base: BA9C8000
    Module End: BA9D4000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\hidir.sys
    Service Name: HidIr
    Module Base: BAC68000
    Module End: BAC6D000
    Hidden: No

    Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
    Service Name: ---
    Module Base: B3323000
    Module End: B33DA000
    Hidden: Yes

    Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
    Service Name: ---
    Module Base: BAD88000
    Module End: BAD8B000
    Hidden: No

    Module Name: C:\WINDOWS\System32\watchdog.sys
    Service Name: ---
    Module Base: BABD0000
    Module End: BABD5000
    Hidden: No

    Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
    Service Name: ---
    Module Base: BAFF1000
    Module End: BAFF2000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Service Name: Ndisuio
    Module Base: B2AE6000
    Module End: B2AEA000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\pnarp.sys
    Service Name: pnarp
    Module Base: BAB80000
    Module End: BAB85000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\purendis.sys
    Service Name: purendis
    Module Base: BAC38000
    Module End: BAC3D000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    Service Name: MRxDAV
    Module Base: B157B000
    Module End: B15A8000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
    Service Name: wdmaud
    Module Base: B144E000
    Module End: B1463000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
    Service Name: sysaudio
    Module Base: B1FC8000
    Module End: B1FD7000
    Hidden: No

    Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
    Service Name: HTTP
    Module Base: B1205000
    Module End: B1246000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
    Service Name: Srv
    Module Base: B10C3000
    Module End: B1115000
    Hidden: No

    Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    Service Name: mdmxsdk
    Module Base: B11F9000
    Module End: B11FD000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\MSPQM.sys
    Service Name: MSPQM
    Module Base: BADC4000
    Module End: BADC6000
    Hidden: No

    Module Name: \??\C:\Program Files\HP\DVDPlay\000.fcl
    Service Name: {22D78859-9CE9-4b77-BF18-AC83E81A9263}
    Module Base: BAE5A000
    Module End: BAE5C000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    Service Name: MSPCLOCK
    Module Base: BADE6000
    Module End: BADE8000
    Hidden: No

    Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
    Service Name: kmixer
    Module Base: A53BF000
    Module End: A53EA000
    Hidden: No

    ******************************************************************************************
    ******************************************************************************************
    No SSDT Hooks found

    ******************************************************************************************
    ******************************************************************************************
    Kernel Hooks:
    Hooked Function: ZwSaveKeyEx
    At Address: 8062534A
    Jump To: 8A2BBD4A
    Module Name: _unknown_

    Hooked Function: ZwSaveKey
    At Address: 80625264
    Jump To: 8A2BC5F2
    Module Name: _unknown_

    Hooked Function: ZwFlushInstructionCache
    At Address: 805B6812
    Jump To: 8A2B8894
    Module Name: _unknown_

    Hooked Function: ZwEnumerateKey
    At Address: 80623FF0
    Jump To: 8A2BB6DC
    Module Name: _unknown_

    Hooked Function: IofCompleteRequest
    At Address: 804EF236
    Jump To: 8A2BC46B
    Module Name: _unknown_

    Hooked Function: IofCallDriver
    At Address: 804EF1A6
    Jump To: 89EA190B
    Module Name: _unknown_

    ******************************************************************************************
    ******************************************************************************************
    No IRP Hooks found

    ******************************************************************************************
    ******************************************************************************************
    Ports:
    Local Address: HP00156047F315:4830
    Remote Address: CDCE.WDC007.INTERNAP.COM:HTTP
    Type: TCP
    Process: [System Idle Process]
    State: TIME_WAIT

    Local Address: HP00156047F315:3956
    Remote Address: STATIC.91.213.46.78.CLIENTS.YOUR-SERVER.DE:HTTPS
    Type: TCP
    Process: C:\WINDOWS\system32\svchost.exe
    State: CLOSE_WAIT

    Local Address: HP00156047F315:3295
    Remote Address: HP00215AA3D615:NETBIOS-SSN
    Type: TCP
    Process: System
    State: ESTABLISHED

    Local Address: HP00156047F315:NETBIOS-SSN
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: System
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:27015
    Remote Address: LOCALHOST:1100
    Type: TCP
    Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    State: ESTABLISHED

    Local Address: YOUR-4DACD0EA75:27015
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:5354
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:5152
    Remote Address: LOCALHOST:4811
    Type: TCP
    Process: C:\Program Files\Java\jre6\bin\jqs.exe
    State: CLOSE_WAIT

    Local Address: YOUR-4DACD0EA75:5152
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: C:\Program Files\Java\jre6\bin\jqs.exe
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:4811
    Remote Address: LOCALHOST:5152
    Type: TCP
    Process: C:\Program Files\Internet Explorer\iexplore.exe
    State: FIN_WAIT2

    Local Address: YOUR-4DACD0EA75:1100
    Remote Address: LOCALHOST:27015
    Type: TCP
    Process: C:\Program Files\iTunes\iTunesHelper.exe
    State: ESTABLISHED

    Local Address: YOUR-4DACD0EA75:1056
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: C:\WINDOWS\system32\alg.exe
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:1196
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: System
    State: LISTENING

    Local Address: YOUR-4DACD0EA75:EPMAP
    Remote Address: 0.0.0.0:0
    Type: TCP
    Process: C:\WINDOWS\system32\svchost.exe
    State: LISTENING

    Local Address: HP00156047F315:5353
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: HP00156047F315:1900
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\svchost.exe
    State: NA

    Local Address: HP00156047F315:138
    Remote Address: NA
    Type: UDP
    Process: System
    State: NA

    Local Address: HP00156047F315:NETBIOS-NS
    Remote Address: NA
    Type: UDP
    Process: System
    State: NA

    Local Address: HP00156047F315:123
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\svchost.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:45301
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\PnkBstrB.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:44301
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\PnkBstrA.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:4812
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Internet Explorer\iexplore.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:2962
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1900
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\svchost.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1797
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1766
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Internet Explorer\iexplore.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1074
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\svchost.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:123
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\svchost.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:62928
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:61730
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:59810
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:59675
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:58088
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:54627
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:4500
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\lsass.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:4459
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:3776
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\ehome\mcrdsvc.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1900
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1196
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1130
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\spoolsv.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:1025
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Bonjour\mDNSResponder.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:500
    Remote Address: NA
    Type: UDP
    Process: C:\WINDOWS\system32\lsass.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:MICROSOFT-DS
    Remote Address: NA
    Type: UDP
    Process: System
    State: NA

    Local Address: YOUR-4DACD0EA75:138
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:68
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: NA

    Local Address: YOUR-4DACD0EA75:67
    Remote Address: NA
    Type: UDP
    Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    State: NA

    ******************************************************************************************
    ******************************************************************************************
    Hidden files/folders:
    Object: C:\System Volume Information\MountPointManagerRemoteDatabase
    Status: Access denied

    Object: C:\System Volume Information\tracking.log
    Status: Access denied

    Object: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}
    Status: Access denied

    Object: C:\WINDOWS\system32\drivers\geyekrsscupuve.sys
    Status: Hidden

    Object: C:\WINDOWS\system32\geyekrpwlgmaeo.dll
    Status: Hidden

    Object: C:\WINDOWS\system32\geyekrwittgyus.dat
    Status: Hidden

    Object: C:\WINDOWS\system32\geyekrwqdgxgnm.dll
    Status: Hidden

    Object: C:\WINDOWS\system32\geyekrxunbjivh.dat
    Status: Hidden

    Object: C:\WINDOWS\Temp\geyekrbvbrccotsb.tmp
    Status: Hidden

    Object: C:\WINDOWS\Temp\geyekrclnpfayulh.tmp
    Status: Hidden

    Object: C:\WINDOWS\Temp\geyekrimndnkrkjb.tmp
    Status: Hidden

    Object: C:\WINDOWS\Temp\geyekrntjvextvem.tmp
    Status: Hidden

    Object: C:\WINDOWS\Temp\geyekrnurhnvfrvb.tmp
    Status: Hidden

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Information

    REMOVE P2P PROGRAMS

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire 5.1.2

    Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
    The bad guys use P2P filesharing as a major conduit to spread their wares.

    Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


    Disable Teatimer
    We need to disable Teatimer as it may interfere with the cleaning.
    Please do not re-enable it until I give instructions.

    First step:
    • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident
    Second step, For Either Version :
    • Open Spybot S&D
    • Click Mode, choose Advanced Mode
    • Go To the bottom of the Vertical Panel on the Left, Click Tools
    • then, also in left panel, click Resident shows a red/white shield.
    • If your firewall raises a question, say OK
    • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
    • OK any prompts.
    • Use File, Exit to terminate Spybot
    • Click Link >>> HERE <<< Link and select "save as" and save it to your desktop
    • Double click TTWipe.bat
    • Reboot your machine for the changes to take effect.


    ----------------------------------------------------------------------------------------
    Step 1


    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    For instructions on how to disable your security programs, please see this topic
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    For instructions on how to disable your security programs, please see this topic
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • Combofix Log
    • MalwareBytes Log
    • How are things running now ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  9. #9
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default Combofix Log

    Here's the Combofix log, Malwarebytes Log to follow:

    ComboFix 09-08-07.04 - HP_Administrator 08/07/2009 15:11.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1641 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Installer\f5923.msi
    c:\windows\system32\drivers\geyekrsscupuve.sys
    c:\windows\system32\geyekrpwlgmaeo.dll
    c:\windows\system32\geyekrwittgyus.dat
    c:\windows\system32\geyekrwqdgxgnm.dll
    c:\windows\system32\geyekrxunbjivh.dat
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_geyekrumhnvnwg
    -------\Legacy_geyekrumhnvnwg


    ((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
    .

    2009-08-07 16:47 . 2009-08-07 16:47 -------- d-----w- C:\rsit
    2009-08-07 16:47 . 2009-08-07 16:47 -------- d-----w- c:\program files\trend micro
    2009-08-06 18:17 . 2009-08-06 18:17 -------- d-----w- c:\windows\McAfee.com
    2009-08-05 18:14 . 2009-08-05 18:14 -------- d-----w- c:\program files\iPod
    2009-08-05 18:13 . 2009-08-05 18:14 -------- d-----w- c:\program files\iTunes
    2009-08-05 18:13 . 2009-08-05 18:13 -------- d-----w- c:\program files\QuickTime
    2009-08-03 14:08 . 2009-08-03 14:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-07-31 00:49 . 2009-07-31 00:49 -------- d-----w- c:\program files\Infogrames Interactive
    2009-07-26 22:09 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2009-07-26 22:09 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2009-07-20 01:38 . 2009-07-20 01:38 -------- d-----w- C:\Barbie(TM)
    2009-07-20 01:36 . 2009-07-20 01:36 -------- d-----w- c:\program files\Barbie(TM)
    2009-07-20 01:36 . 2009-07-20 01:36 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
    2009-07-16 22:37 . 2009-07-16 22:37 -------- d-----w- c:\program files\AOL Toolbar
    2009-07-16 22:36 . 2009-07-16 22:36 -------- d-----w- c:\windows\aolshare
    2009-07-16 22:36 . 2009-07-20 18:21 -------- d-----w- c:\program files\AOL 9.1
    2009-07-16 22:36 . 2009-07-16 22:38 -------- d-----w- c:\program files\Common Files\aolshare
    2009-07-16 12:25 . 2009-07-16 12:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-07-15 15:03 . 2009-07-15 15:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-07-15 14:56 . 2009-07-15 14:56 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
    2009-07-15 14:54 . 2009-07-15 14:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-07-15 14:53 . 2009-07-15 14:53 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
    2009-07-15 14:51 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-07-15 14:51 . 2009-07-30 08:00 -------- d-----w- c:\windows\ie8updates
    2009-07-15 14:51 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-07-15 14:51 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-15 14:50 . 2009-07-15 14:50 -------- dc-h--w- c:\windows\ie8
    2009-07-14 21:40 . 2009-08-07 19:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-07-14 21:40 . 2009-08-06 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-07 03:06 . 2009-02-23 23:27 34 ----a-w- c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
    2009-08-05 18:14 . 2009-03-04 16:38 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-04 02:03 . 2009-04-11 18:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
    2009-08-01 01:57 . 2009-02-25 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-31 00:49 . 2006-11-01 22:46 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-30 18:27 . 2009-04-08 02:00 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-07-30 17:37 . 2009-04-08 02:00 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-07-29 02:32 . 2009-02-24 00:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Move Networks
    2009-07-16 22:39 . 2009-02-23 00:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
    2009-07-16 22:38 . 2009-02-23 00:55 -------- d-----w- c:\program files\Common Files\aol
    2009-07-16 22:38 . 2009-02-23 00:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL
    2009-07-16 22:15 . 2009-02-23 01:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
    2009-07-14 17:48 . 2009-02-23 01:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2009-07-11 21:40 . 2009-04-04 21:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Firefly Studios
    2009-07-11 21:25 . 2009-04-04 21:44 -------- d-----w- c:\program files\Firefly Studios
    2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Research In Motion
    2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\program files\Common Files\Research In Motion
    2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\program files\Research In Motion
    2009-07-06 20:08 . 2009-07-06 20:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Research In Motion
    2009-07-04 22:16 . 2009-07-04 22:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Viewpoint
    2009-07-03 17:09 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-27 22:51 . 2009-04-08 01:39 -------- d-----w- c:\program files\Activision
    2009-06-16 14:36 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
    2009-06-15 19:59 . 2009-06-07 01:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ubisoft
    2009-06-15 19:54 . 2009-06-07 01:04 -------- d-----w- c:\program files\Ubisoft
    2009-06-10 08:10 . 2009-02-21 17:42 -------- d-----w- c:\program files\Windows Desktop Search
    2009-06-04 23:25 . 2009-06-04 16:53 227 ----a-w- c:\windows\PowerReg.dat
    2009-06-03 19:09 . 2004-08-10 04:00 1291264 ------w- c:\windows\system32\quartz.dll
    2009-06-02 00:09 . 2009-06-02 00:09 1910315 ----a-w- c:\program files\oregon_trail_deluxe.zip
    2009-05-27 23:00 . 2009-05-27 23:00 96800 ----a-w- c:\windows\Fonts\anvers black.ttf
    2009-05-27 23:00 . 2009-05-27 23:00 110460 ----a-w- c:\windows\Fonts\anvers regular.ttf
    2009-05-27 23:00 . 2009-05-27 23:00 100676 ----a-w- c:\windows\Fonts\anvers bold.ttf
    2009-05-25 05:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
    2009-05-23 14:57 . 2009-05-23 14:57 10920 ----a-w- C:\aolconnfix.exe
    2009-05-19 15:59 . 2009-05-19 15:59 127877 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\uninstall.exe
    2009-05-19 15:59 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071500000347.dll
    2009-05-19 15:59 . 2009-05-19 15:59 1685856 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "HostManager"="c:\program files\Common Files\AOL\1235350536\ee\AOLSoftware.exe" [2008-11-06 41264]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-01 180269]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-03 148888]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
    "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\aol\\1235350536\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [11/1/2006 6:02 PM 6656]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008]
    R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [11/1/2006 5:49 PM 82048]
    S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [11/1/2006 5:48 PM 468768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: trymedia.com
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-07 15:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{22D78859-9CE9-4b77-BF18-AC83E81A9263}]
    "ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
    .
    Completion time: 2009-08-07 15:16
    ComboFix-quarantined-files.txt 2009-08-07 20:16

    Pre-Run: 287,626,993,664 bytes free
    Post-Run: 287,749,087,232 bytes free

    Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,1,2,3,4
    204 --- E O F --- 2009-07-31 08:00

  10. #10
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default Malwarebyte's Anti-Malware

    Malwarebytes' Anti-Malware 1.40
    Database version: 2575
    Windows 5.1.2600 Service Pack 3

    8/7/2009 5:05:11 PM
    mbam-log-2009-08-07 (17-05-11).txt

    Scan type: Full Scan (C:\|D:\|G:\|L:\|M:\|)
    Objects scanned: 262274
    Time elapsed: 1 hour(s), 36 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrpwlgmaeo.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrwqdgxgnm.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028481.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP205\A0028482.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


    Computer seems to be doing better, it didn't show all of the crazy disappearing command boxes when it first starts windows like it usually does. I'll keep playing with the programs and functions I had been having trouble with and let you know. Thank You SO MUCH! Let me know what follow up information you might need and when I can restart Spybot TeaTimer (i think that was the major thing you said to wait for clearance before restarting)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •