Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: TR/Crypt.XPACK.Gen2 found

  1. #1
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default TR/Crypt.XPACK.Gen2 found

    I have recently installed Avira on my computer and it found TR/Crypt.XPACK.Gen2 trojan among a few other things (like ADSPY, etc.). It quarantined it the first time it found it and I thought that would be the end of it. But... Avira is still finding it during scans. There is obviously more I need to do to get rid of it, but I don't know what that is! Any ideas???
    Thanks!!!
    DDS log below (I had not yet diabled the TeaTimer when I ran DDS so maybe I need to rerun?):


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Compaq_Owner at 8:19:12.01 on Wed 02/23/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.103 [GMT -6:00]

    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    mRun: [HPHUPD05] c:\program files\hewlett-packard\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-21 11608]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-21 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-21 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-21 61960]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
    R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2007-6-29 86656]
    R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2007-7-10 28928]

    =============== Created Last 30 ================

    2011-02-21 22:10:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-21 22:10:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-21 20:29:06 -------- d-----w- c:\docume~1\compaq~1\applic~1\Avira
    2011-02-21 19:53:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-21 19:42:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-02-21 19:42:51 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-02-21 19:32:49 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-02-21 19:04:24 -------- d-----w- c:\windows\system32\scripting
    2011-02-21 19:04:23 -------- d-----w- c:\windows\l2schemas
    2011-02-21 18:59:44 -------- d-----w- c:\windows\network diagnostic
    2011-02-21 17:32:56 -------- d-----w- c:\windows\system32\NtmsData
    2011-02-21 17:19:32 -------- d-----w- c:\program files\Avira
    2011-02-21 17:19:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-02-21 17:08:33 -------- d-----w- c:\program files\COMODO
    2011-02-21 17:07:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
    2011-02-21 16:29:07 -------- d-----w- c:\program files\SpywareBlaster
    2011-02-21 14:36:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-02-21 14:36:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-02-21 09:01:27 -------- d-----w- c:\windows\ie8updates
    2011-02-21 04:19:16 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
    2011-02-21 04:19:16 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
    2011-02-21 03:46:02 -------- d-sh--w- c:\documents and settings\compaq_owner\IECompatCache
    2011-02-21 03:45:40 -------- d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
    2011-02-21 02:07:07 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-21 02:07:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-21 02:07:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-21 02:07:05 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-21 02:07:05 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-21 02:07:05 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-21 02:07:02 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-21 02:05:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-02-21 02:05:09 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-02-21 02:04:49 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-02-21 02:04:49 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
    2011-02-21 01:57:59 -------- d-sh--w- c:\documents and settings\compaq_owner\IETldCache
    2011-02-18 21:03:38 -------- dc-h--w- c:\windows\ie8
    2011-02-13 22:16:19 -------- d-----w- c:\windows\Options

    ==================== Find3M ====================

    2011-02-21 19:08:04 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\localcontent\attachments\devcon.exe
    2011-02-21 19:08:02 307200 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchnotify.exe
    2010-12-29 07:42:04 285480 ----a-w- c:\windows\system32\guard32.dll

    ============= FINISH: 8:21:03.93 ===============

  2. #2
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi and welcome to Safer Networking Forums, sorry for the delay in answering your request for help the forum is really busy.
    My name is Cypher, and I will be helping you with your malware problems.
    If you no longer require help i would be grateful if you would let me know.

    Before we start please note the following important guidelines.
    • The instructions being given are for YOUR computer and system only!.
      Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
    • If you don't know or understand something, please don't hesitate to ask.
    • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
      Absence of symptoms does not mean that everything is clear.
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • Please DO NOT install any other software (or hardware) during the cleaning process.
    • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!


    Note: If you haven't done so already, please read this topic READ this Procedure BEFORE Requesting Assistance where the conditions for receiving help here are explained.
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    Because of this, I advise you to backup any personal files and folders before you start.
    Backup Made Easy - XP
    How to backup your data - Vista
    Backup your data - windows 7



    RSIT (Random's System Information Tool)

    Please download RSIT by random/random... and save it to your desktop.
    • Double click on RSIT.exe to run it.
    • Please read the disclaimer... click on Continue.
    • RSIT will start running. When done... 2 logs files...will be produced.
    • The first one, "log.txt", << will be maximized
    • The second one, "info.txt", << will be minimized.

    Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

  3. #3
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    Thanks for your help Cypher! I must step out for a couple of hours, but I will complete your requests later this afternoon and post the logs then.

    FYI - we have another computer at our house that is not infected according to my antivirus (AVG). I will use the clean one to respond to posts, etc.
    Thanks again!

  4. #4
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi Gigihns.
    Thanks for your help Cypher!
    You're most welcome.
    If possible carry out all my instructions on the infected computer.
    If you have any problems doing so just let me know, post the requested logs when ready.

  5. #5
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    Here is the first log file:

    Logfile of random's system information tool 1.08 (written by random/random)
    Run by Compaq_Owner at 2011-02-26 21:38:57
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 130 GB (88%) free of 147 GB
    Total RAM: 383 MB (27% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:39:34 PM, on 2/26/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
    C:\Program Files\trend micro\Compaq_Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shop.trendmicro.com/tmasy/eol...690&HEIGHT=480
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/...Uploader55.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8063 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\EasyShare Registration Task.job
    C:\WINDOWS\tasks\HP Usg Daily.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-21 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-21 79648]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-02-15 180269]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-14 278528]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
    "PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
    "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
    "HPHUPD05"=C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2004-03-31 49152]
    "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2003-12-05 49152]
    "HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2004-05-04 491520]
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2004-05-04 176128]
    "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-15 98304]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-01-10 281768]
    "COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-01-17 2548552]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

    ======List of files/folders created in the last 1 months======

    2011-02-26 21:38:59 ----D---- C:\Program Files\trend micro
    2011-02-26 21:38:57 ----D---- C:\rsit
    2011-02-23 08:14:21 ----D---- C:\WINDOWS\ERDNT
    2011-02-23 07:39:07 ----D---- C:\Program Files\ERUNT
    2011-02-21 16:10:29 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
    2011-02-21 16:10:04 ----A---- C:\WINDOWS\system32\javaws.exe
    2011-02-21 16:10:04 ----A---- C:\WINDOWS\system32\javaw.exe
    2011-02-21 16:10:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
    2011-02-21 16:10:03 ----A---- C:\WINDOWS\system32\java.exe
    2011-02-21 14:48:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2011-02-21 14:29:06 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Avira
    2011-02-21 14:27:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2011-02-21 13:53:46 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
    2011-02-21 13:53:30 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
    2011-02-21 13:53:29 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
    2011-02-21 13:53:29 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
    2011-02-21 13:53:29 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
    2011-02-21 13:45:26 ----D---- C:\WINDOWS\Prefetch
    2011-02-21 13:45:03 ----ASH---- C:\hiberfil.sys
    2011-02-21 13:32:49 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2011-02-21 13:18:24 ----A---- C:\WINDOWS\ntbtlog.txt
    2011-02-21 13:11:10 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(2)
    2011-02-21 13:11:01 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
    2011-02-21 13:10:53 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
    2011-02-21 13:10:47 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
    2011-02-21 13:10:36 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
    2011-02-21 13:10:30 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(2)
    2011-02-21 13:10:20 ----DC---- C:\WINDOWS\$NtUninstallKB923561$(2)
    2011-02-21 13:10:11 ----DC---- C:\WINDOWS\$NtUninstallKB2229593$(2)
    2011-02-21 13:04:24 ----D---- C:\WINDOWS\system32\scripting
    2011-02-21 13:04:23 ----D---- C:\WINDOWS\l2schemas
    2011-02-21 12:59:44 ----D---- C:\WINDOWS\network diagnostic
    2011-02-21 12:54:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2011-02-21 11:32:56 ----D---- C:\WINDOWS\system32\NtmsData
    2011-02-21 11:19:32 ----D---- C:\Program Files\Avira
    2011-02-21 11:19:32 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2011-02-21 11:08:33 ----D---- C:\Program Files\COMODO
    2011-02-21 11:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
    2011-02-21 10:52:39 ----A---- C:\WINDOWS\system32\LuResult.txt
    2011-02-21 10:29:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2011-02-21 10:29:07 ----D---- C:\Program Files\SpywareBlaster
    2011-02-21 09:12:42 ----A---- C:\WINDOWS\wininit.ini
    2011-02-21 08:36:19 ----D---- C:\Program Files\Spybot - Search & Destroy
    2011-02-21 08:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2011-02-21 03:01:27 ----D---- C:\WINDOWS\ie8updates
    2011-02-20 22:19:16 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
    2011-02-20 20:05:09 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
    2011-02-20 20:04:49 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
    2011-02-18 15:06:54 ----A---- C:\WINDOWS\system32\MRT.exe
    2011-02-18 15:06:05 ----D---- C:\WINDOWS\WBEM
    2011-02-18 15:03:38 ----HDC---- C:\WINDOWS\ie8
    2011-02-18 15:03:38 ----D---- C:\WINDOWS\system32\en-US
    2011-02-13 16:16:19 ----D---- C:\WINDOWS\Options
    2011-02-13 15:46:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Motive

    ======List of files/folders modified in the last 1 months======

    2011-02-26 21:38:59 ----D---- C:\Program Files
    2011-02-26 20:36:34 ----D---- C:\WINDOWS\Temp
    2011-02-26 19:41:41 ----D---- C:\WINDOWS
    2011-02-26 18:55:45 ----D---- C:\WINDOWS\system32\CatRoot2
    2011-02-26 18:53:44 ----A---- C:\WINDOWS\SchedLgU.Txt
    2011-02-25 19:56:37 ----D---- C:\WINDOWS\system32\FxsTmp
    2011-02-23 08:56:11 ----A---- C:\WINDOWS\win.ini
    2011-02-21 21:28:04 ----SHD---- C:\Config.Msi
    2011-02-21 16:10:29 ----SHD---- C:\WINDOWS\Installer
    2011-02-21 16:10:28 ----D---- C:\Program Files\Common Files\Java
    2011-02-21 16:10:05 ----D---- C:\WINDOWS\system32
    2011-02-21 16:09:32 ----D---- C:\Program Files\Java
    2011-02-21 15:54:58 ----D---- C:\Program Files\Magical Gatherings
    2011-02-21 15:54:58 ----D---- C:\Program Files\AOL Toolbar
    2011-02-21 15:46:47 ----SHD---- C:\System Volume Information
    2011-02-21 14:48:02 ----HD---- C:\WINDOWS\inf
    2011-02-21 14:46:01 ----D---- C:\WINDOWS\system32\CatRoot
    2011-02-21 14:30:40 ----D---- C:\WINDOWS\repair
    2011-02-21 14:30:36 ----D---- C:\WINDOWS\Registration
    2011-02-21 14:28:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
    2011-02-21 14:18:08 ----D---- C:\Program Files\Adobe
    2011-02-21 14:03:52 ----D---- C:\WINDOWS\system32\drivers
    2011-02-21 13:50:17 ----D---- C:\WINDOWS\WinSxS
    2011-02-21 13:50:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2011-02-21 13:44:55 ----RSD---- C:\WINDOWS\Fonts
    2011-02-21 13:44:55 ----D---- C:\WINDOWS\system32\wbem
    2011-02-21 13:44:55 ----D---- C:\WINDOWS\AppPatch
    2011-02-21 13:44:04 ----D---- C:\WINDOWS\system32\config
    2011-02-21 13:40:14 ----RSHD---- C:\WINDOWS\system32\dllcache
    2011-02-21 13:34:47 ----D---- C:\WINDOWS\system32\usmt
    2011-02-21 13:34:47 ----D---- C:\WINDOWS\system
    2011-02-21 13:34:45 ----D---- C:\WINDOWS\system32\oobe
    2011-02-21 13:34:42 ----D---- C:\WINDOWS\system32\Setup
    2011-02-21 13:34:31 ----D---- C:\WINDOWS\Help
    2011-02-21 13:34:31 ----D---- C:\Program Files\Common Files\System
    2011-02-21 13:34:30 ----D---- C:\Program Files\Outlook Express
    2011-02-21 13:34:27 ----D---- C:\Program Files\Windows NT
    2011-02-21 13:34:26 ----D---- C:\Program Files\Windows Media Player
    2011-02-21 13:34:25 ----D---- C:\WINDOWS\system32\Com
    2011-02-21 13:34:24 ----D---- C:\Program Files\NetMeeting
    2011-02-21 13:34:22 ----D---- C:\WINDOWS\ime
    2011-02-21 13:34:21 ----D---- C:\WINDOWS\srchasst
    2011-02-21 13:34:19 ----D---- C:\WINDOWS\msagent
    2011-02-21 13:34:17 ----D---- C:\WINDOWS\system32\Restore
    2011-02-21 13:34:17 ----D---- C:\WINDOWS\system32\npp
    2011-02-21 13:33:34 ----D---- C:\Program Files\Movie Maker
    2011-02-21 13:33:30 ----D---- C:\WINDOWS\PeerNet
    2011-02-21 13:33:28 ----D---- C:\Program Files\Internet Explorer
    2011-02-21 13:33:09 ----D---- C:\Program Files\Messenger
    2011-02-21 13:27:22 ----D---- C:\Documents and Settings
    2011-02-21 13:18:41 ----A---- C:\WINDOWS\setuplog.txt
    2011-02-21 13:09:31 ----D---- C:\WINDOWS\security
    2011-02-21 13:01:56 ----D---- C:\WINDOWS\ServicePackFiles
    2011-02-21 12:57:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2011-02-21 11:06:31 ----D---- C:\Program Files\Common Files\Symantec Shared
    2011-02-21 11:06:24 ----SD---- C:\WINDOWS\Tasks
    2011-02-21 11:04:44 ----D---- C:\Program Files\Common Files
    2011-02-21 10:59:04 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
    2011-02-21 10:57:08 ----D---- C:\Program Files\WildTangent
    2011-02-21 09:12:41 ----SD---- C:\WINDOWS\Downloaded Program Files
    2011-02-21 08:45:03 ----D---- C:\WINDOWS\system32\drivers\etc
    2011-02-21 03:04:37 ----HD---- C:\WINDOWS\$hf_mig$
    2011-02-20 22:19:19 ----D---- C:\Program Files\CONEXANT
    2011-02-18 15:06:55 ----D---- C:\WINDOWS\Debug
    2011-02-18 15:05:49 ----D---- C:\WINDOWS\Media
    2011-02-13 16:29:41 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2004-08-04 46464]
    R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-01-06 94784]
    R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-02-15 20576]
    R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-02-21 43672]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-01-10 135096]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-01-06 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-01-06 27576]
    R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-01-10 61960]
    R2 mdmxsdk;Modem SDK Driver; C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys [2007-03-15 12672]
    R3 acfva;acfva; C:\WINDOWS\system32\DRIVERS\ACFVA32.sys [2007-06-29 86656]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 dgcfltr;DGC Filter Driver; C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys [2007-07-10 28928]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
    R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
    R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
    R3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-17 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-17 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-17 21744]
    S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys []
    S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys []
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-10 267944]
    R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-01-17 1803224]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-21 153376]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-14 327680]
    R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

    -----------------EOF-----------------

  6. #6
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    Here is the 2nd log file:

    info.txt logfile of random's system information tool 1.08 2011-02-26 21:39:38

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
    Agere Systems PCI Soft Modem-->agrsmdel
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C}
    Compaq Connections-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
    Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
    Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
    HP Memories Disc-->MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302}
    HP Software Update-->MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
    InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
    InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
    InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
    Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
    Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
    KBD-->C:\HP\KBD\KBD.EXE uninstalled
    Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
    Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
    Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
    Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
    Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
    PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
    PS2-->C:\WINDOWS\system32\ps2.exe uninstall
    Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
    Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
    SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem3.inf
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
    Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
    Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
    Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
    USB Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_USB_ACF\UIU32c.exe -U -I*.INF
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AntiVir Desktop (outdated)
    FW: COMODO Firewall

    ======System event log======

    Computer Name: YOUR-4F1261A8E5
    Event Code: 7011
    Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Record Number: 9613
    Source Name: Service Control Manager
    Time Written: 20101201052228.000000-360
    Event Type: error
    User:

    Computer Name: YOUR-4F1261A8E5
    Event Code: 12
    Message: The device 'LITE-ON DVDRW SOHW-1633S' (IDE\CdRomLITE-ON_DVDRW_SOHW-1633S________________BPSA____\5&36942936&0&0.0.0) disappeared from the system without first being prepared for removal.

    Record Number: 9608
    Source Name: PlugPlayManager
    Time Written: 20101201050703.000000-360
    Event Type: error
    User:

    Computer Name: YOUR-4F1261A8E5
    Event Code: 7000
    Message: The Pml Driver HPZ12 service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    Record Number: 9605
    Source Name: Service Control Manager
    Time Written: 20101201050659.000000-360
    Event Type: error
    User:

    Computer Name: YOUR-4F1261A8E5
    Event Code: 7011
    Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Record Number: 9604
    Source Name: Service Control Manager
    Time Written: 20101201050659.000000-360
    Event Type: error
    User:

    Computer Name: YOUR-4F1261A8E5
    Event Code: 7009
    Message: Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.

    Record Number: 9603
    Source Name: Service Control Manager
    Time Written: 20101201050659.000000-360
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: YOUR-4F1261A8E5
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 33
    Source Name: MsiInstaller
    Time Written: 20090221231950.000000-360
    Event Type: warning
    User: YOUR-4F1261A8E5\Compaq_Owner

    Computer Name: YOUR-4F1261A8E5
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 31
    Source Name: MsiInstaller
    Time Written: 20090221231926.000000-360
    Event Type: warning
    User: YOUR-4F1261A8E5\Compaq_Owner

    Computer Name: YOUR-4F1261A8E5
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 29
    Source Name: MsiInstaller
    Time Written: 20090221231827.000000-360
    Event Type: warning
    User: YOUR-4F1261A8E5\Compaq_Owner

    Computer Name: YOUR-4F1261A8E5
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 27
    Source Name: MsiInstaller
    Time Written: 20090221231557.000000-360
    Event Type: warning
    User: YOUR-4F1261A8E5\Compaq_Owner

    Computer Name: YOUR-4F1261A8E5
    Event Code: 1002
    Message: Hanging application nda.exe, version 1.0.0.212, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 21
    Source Name: Application Hang
    Time Written: 20090221084529.000000-360
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0c00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------

  7. #7
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi Gigihns.
    Continue with the instructions below please.

    Disable Avira anti-virus

    • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
    • right click it-> untick the option AntiVir Guard enable.
    • You should now see a closed, white umbrella on a red background (looks to this: )
    • Note: Don't forget to re-enable it after the fix.


    Next.

    Download and Run ComboFix
    • Please download ComboFix from one of the following links.

      Link 1.

      Link 2.

      **IMPORTANT !!! Save ComboFix.exe to your Desktop**
    • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    • Double click on ComboFix.exe & follow the prompts
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper




    Logs/Information to Post in your Next Reply

    • ComboFix.txt.
    • Please give me an update on your computers performance.

  8. #8
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    I don't know if this is a problem, but when combofix restarted my computer, Avira and Comodo became enabled (they were both disabled while combofix was working.) I disabled them again while combofix was creating the log and re-enabled them when the log was complete.



    Here is the combo fix log:

    ComboFix 11-02-26.02 - Compaq_Owner 02/27/2011 12:56:01.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.106 [GMT -6:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
    c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
    c:\windows\explorer(2).exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
    .

    2011-02-23 13:39 . 2011-02-23 14:12 -------- d-----w- c:\program files\ERUNT
    2011-02-21 22:10 . 2011-02-21 22:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-21 22:10 . 2011-02-21 22:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-21 20:29 . 2011-02-21 20:29 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira
    2011-02-21 19:53 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-21 19:53 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-21 19:53 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-02-21 19:53 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-02-21 19:42 . 2011-02-21 19:42 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-02-21 19:32 . 2011-02-21 20:46 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-02-21 19:27 . 2011-02-21 19:31 -------- d-s---w- c:\documents and settings\Administrator
    2011-02-21 19:04 . 2011-02-21 19:04 -------- d-----w- c:\windows\system32\scripting
    2011-02-21 19:04 . 2011-02-21 19:04 -------- d-----w- c:\windows\l2schemas
    2011-02-21 17:32 . 2011-02-21 21:45 -------- d-----w- c:\windows\system32\NtmsData
    2011-02-21 17:19 . 2011-02-21 17:19 -------- d-----w- c:\program files\Avira
    2011-02-21 17:19 . 2011-02-21 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-02-21 17:12 . 2011-02-21 17:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-02-21 17:08 . 2011-02-21 17:08 -------- d-----w- c:\program files\COMODO
    2011-02-21 17:07 . 2011-02-21 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2011-02-21 16:29 . 2011-02-27 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-02-21 16:29 . 2011-02-23 03:13 -------- d-----w- c:\program files\SpywareBlaster
    2011-02-21 14:36 . 2011-02-21 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-02-21 14:36 . 2011-02-21 14:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-02-21 04:19 . 2004-08-04 05:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
    2011-02-21 04:19 . 2004-08-04 05:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
    2011-02-21 03:46 . 2011-02-21 03:46 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
    2011-02-21 03:45 . 2011-02-21 03:45 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
    2011-02-21 02:07 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-21 02:07 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-21 02:07 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-21 02:07 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-21 02:07 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-21 02:07 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-21 02:07 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-21 02:05 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-02-21 02:05 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-02-21 02:05 . 2011-02-21 02:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-02-21 02:04 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-02-21 02:04 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
    2011-02-21 01:57 . 2011-02-21 01:57 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
    2011-02-18 21:03 . 2011-02-18 21:05 -------- dc-h--w- c:\windows\ie8
    2011-02-13 22:16 . 2011-02-13 22:16 -------- d-----w- c:\windows\Options
    2011-02-13 21:56 . 2004-08-04 18:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-02-13 21:46 . 2011-02-13 21:46 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Motive

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-21 19:08 . 2011-02-21 19:08 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
    2011-02-21 19:08 . 2011-02-21 19:08 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
    2011-02-21 19:07 . 2011-02-21 19:07 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
    2011-02-21 19:07 . 2011-02-21 19:07 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
    2011-02-21 19:07 . 2011-02-21 19:07 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
    2011-02-21 19:07 . 2011-02-21 19:07 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
    2011-02-21 19:07 . 2011-02-21 19:07 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper.dll
    2011-02-21 19:07 . 2011-02-21 19:07 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
    2011-02-21 19:07 . 2011-02-21 19:07 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHI18N.dll
    2011-02-21 19:07 . 2011-02-21 19:07 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ContentUpdater.exe
    2011-02-21 19:07 . 2011-02-21 19:07 110592 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\DSAPI4.dll
    2011-02-21 19:07 . 2011-02-21 19:07 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PluginCtrl.dll
    2011-02-21 19:07 . 2011-02-21 19:07 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\HPBasicDetection.dll
    2011-02-21 19:07 . 2011-02-21 19:07 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\msxmlwrapper.dll
    2011-02-21 19:07 . 2011-02-21 19:07 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\GUI.dll
    2011-02-21 19:07 . 2011-02-21 19:07 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\ZipLib.dll
    2011-02-21 19:07 . 2011-02-21 19:07 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchapi.dll
    2011-02-21 19:07 . 2011-02-21 19:07 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\motivede.dll
    2011-02-21 19:07 . 2011-02-21 19:07 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchmsxml.dll
    2011-02-21 19:07 . 2011-02-21 19:07 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
    2011-02-21 19:07 . 2011-02-21 19:07 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\api.dll
    2011-02-21 19:07 . 2011-02-21 19:07 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pcdapi.dll
    2011-02-21 19:07 . 2011-02-21 19:07 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\util.dll
    2011-02-21 19:07 . 2011-02-21 19:07 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\client_motkt.dll
    2011-02-21 19:07 . 2011-02-21 19:07 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\InetWrap.dll
    2011-02-21 19:07 . 2011-02-21 19:07 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\clientutil52.dll
    2011-02-21 19:07 . 2011-02-21 19:07 102400 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCDrAccess.dll
    2011-02-21 19:07 . 2011-02-21 19:07 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\hwinv.dll
    2011-02-21 19:07 . 2011-02-21 19:07 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchmsxml.dll
    2011-02-21 19:07 . 2011-02-21 19:07 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\asst_ui.dll
    2011-02-21 19:07 . 2011-02-21 19:07 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\gnu.dll
    2011-02-21 19:07 . 2011-02-21 19:07 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\SearchCtrl.dll
    2011-02-21 19:07 . 2011-02-21 19:07 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\winverifytrustwrapper.dll
    2011-02-21 19:07 . 2011-02-21 19:07 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\jsharpinterp.dll
    2011-02-21 19:07 . 2011-02-21 19:07 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll
    2011-01-06 23:37 . 2011-01-06 23:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-06 23:37 . 2011-01-06 23:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-06 23:37 . 2011-01-06 23:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-06 23:37 . 2011-01-06 23:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2010-12-29 07:42 . 2010-12-29 07:42 285480 ----a-w- c:\windows\system32\guard32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-16 180269]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
    "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
    "HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
    "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-04 491520]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-16 98304]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-2-15 45056]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/21/2011 1:53 PM 135336]
    R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [6/29/2007 3:54 PM 86656]
    R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [7/10/2007 1:29 PM 28928]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-27 c:\windows\Tasks\HP Usg Daily.job
    - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 04:35]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-27 13:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1948)
    c:\windows\system32\WININET.dll
    c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\ALCXMNTR.EXE
    c:\windows\AGRSMMSG.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\HP\hpcoretech\comp\hptskmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-27 13:13:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-27 19:13

    Pre-Run: 136,717,635,584 bytes free
    Post-Run: 136,824,524,800 bytes free

    - - End Of File - - 497983499E8FC153F220AC953F1A9EBE

  9. #9
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi Gigihns.
    I don't know if this is a problem
    No thats ok don't worry about it.
    Are you still getting alerts from Avira? let me know in your next reply.


    Please download ATF Cleaner to your desktop.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    Next.

    Disable Avira anti-virus

    • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
    • right click it-> untick the option AntiVir Guard enable.
    • You should now see a closed, white umbrella on a red background (looks to this: )
    • Note: Don't forget to re-enable it after the below scan.


    Next.

    ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • Hold down Control then click on the following link to open a new window to ESET online scannner
    • Then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.



    Logs/Information to Post in your Next Reply

    • ESET log.
    • Please give me an update on your computers performance.

  10. #10
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    I have not received any more virus alerts from Avira. After running the ATF Cleaner, I noticed that the icon for Avira was missing from the system tray.
    It could have been missing before that point, but I noticed it when the next step was to "disable Avira anti-virus" by right-clicking the icon in the tray. I could open Avira from my desktop, and it looked like it was running but I could not find a way to disable it. I finally restarted my computer and the icon returned in the tray and I then disabled Avira and ran the ESET scanner without any trouble.

    Here's the ESET log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=9fbfc3588dc6ee4d9f5b3a1780060181
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-02-28 12:35:51
    # local_time=2011-02-27 06:35:51 (-0600, Central Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775145 100 93 0 34439429 0 0
    # compatibility_mode=3073 16777213 80 75 448128 14907292 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=97245
    # found=33
    # cleaned=0
    # scan_time=3672
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036612.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036613.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036614.DLL Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036615.DLL Win32/Toolbar.MyWebSearch.B application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036616.DLL Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036617.DLL Win32/FunWeb application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036618.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036619.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036620.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036621.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036622.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036623.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036624.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036625.DLL Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036626.SCR Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036627.DLL Win32/Toolbar.MyWebSearch.D application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036628.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036629.EXE Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036630.DLL Win32/FunWeb application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036632.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036633.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036634.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036635.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036637.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036638.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036639.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036640.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036641.DLL Win32/Toolbar.MyWebSearch.K application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036642.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036643.DLL Win32/Toolbar.MyWebSearch.J application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036644.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036645.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036646.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •