gift computer with issues

L

ladyjess

New member
I was given this computer by a family member to help with my school. I downloaded spybot search and destroy and ran a system scan and found a few problems and fixed them with the spybot. I would like a second opinion and if any further help is needed to fix this I would like to say thank you ahead of time.


KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 11, 2007 7:44:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/12/2007
Kaspersky Anti-Virus database records: 480182


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 130122
Number of viruses found 16
Number of infected objects 59
Number of suspicious objects 2
Duration of the scan process 02:12:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdMgr.exe.f0c5ac89.ini.inuse Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\temp\sgk.up Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\temp\_hphtra07.log Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\hijackthis\backups\backup-20071125-212741-486.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\hijackthis\backups\backup-20071125-212741-794.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071125-220538-494.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\hijackthis\backups\backup-20071125-220538-839.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071125-220717-740.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071126-123334-147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071126-181842-164.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped

C:\hijackthis\backups\backup-20071126-181842-467.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071127-011929-530.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped

C:\hijackthis\backups\backup-20071127-011929-750.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071127-224338-166.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\hijackthis\backups\backup-20071127-224338-718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\hijackthis\backups\backup-20071127-224338-980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped

C:\hijackthis\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\hijackthis\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\hijackthis\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\qoobox\Quarantine\catchme2007-11-28_ 14746.00.zip/pmnlm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped

C:\qoobox\Quarantine\catchme2007-11-28_ 14746.00.zip ZIP: infected - 1 skipped

C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\mrofinu1188.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir NSIS: infected - 1 skipped

C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\sgrrfqv.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\SDFix\backups_old2\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\SDFix\backups_old2\mrofinu1188.exe.tmp Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\SDFix\backups_old2\RMA05YY1080.0XE Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\SDFix\backups_old2\RMA18YY2328.0XE Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012415.exe Infected: Trojan-Downloader.Win32.Zlob.gen skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023306.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023306.exe 7-Zip: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023312.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023357.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023357.exe 7-Zip: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023569.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023569.exe 7-Zip: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023873.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023895.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023900.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023904.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023946.exe Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024949.exe Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024951.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024956.exe Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024957.exe Infected: Trojan.Win32.Agent.cmn skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024958.exe Infected: Trojan.Win32.Agent.cmn skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024996.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0026140.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032842.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032846.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0033022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Fonts\CRACK.0XE Infected: Trojan.Win32.Agent.cmn skipped

C:\WINDOWS\Fonts\SVCHOST.0XE Infected: Trojan.Win32.Agent.cmn skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6727E66B-B276-4FB3-848E-8C86F3BB53E5}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{DF363BAC-FDCD-438F-8F7E-E5233E343A0D}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\dvdavelq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped

C:\WINDOWS\system32\fccddef.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\lrbogxsu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\WINDOWS\system32\vhiudnlw.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped

C:\WINDOWS\system32\vtuurpo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\xbalfeal.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\change.log Object is locked skipped

Scan process completed.
 
hope this is the right report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:23 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\vaxxolfv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [40a788bc] rundll32.exe "C:\WINDOWS\system32\dvdavelq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 7142 bytes
 
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Download and Run ComboFix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3
  • Then double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
 
Thank you for your assistance and your time!!!!!

ComboFix 07-12-19.2 - HP_Administrator 2007-12-18 22:06:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\djuakejh.exe
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\efbkwijw.dll
C:\WINDOWS\system32\eojuvnyo.dll
C:\WINDOWS\system32\ewyurwfq.dll
C:\WINDOWS\system32\fbttdcvu.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\fluoghvy.dll
C:\WINDOWS\system32\geonejxw.dll
C:\WINDOWS\system32\hlxkrxmc.dll
C:\WINDOWS\system32\hqwohped.exe
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kpgiwutq.ini
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\mkanvofo.dll
C:\WINDOWS\system32\mmnugfpo.ini
C:\WINDOWS\system32\oefbtxvg.exe
C:\WINDOWS\system32\oiwmfvsn.exe
C:\WINDOWS\system32\opfgunmm.dll
C:\WINDOWS\system32\pgcjbjcd.dll
C:\WINDOWS\system32\qhlktbcn.exe
C:\WINDOWS\system32\qjouxpbm.exe
C:\WINDOWS\system32\qlevadvd.ini
C:\WINDOWS\system32\qtuwigpk.dll
C:\WINDOWS\system32\usxgobrl.ini
C:\WINDOWS\system32\uvcdttbf.ini
C:\WINDOWS\system32\vaxxolfv.exe
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vrkurmvu.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\wicvcxex.dll
C:\WINDOWS\system32\wjhavopy.ini
C:\WINDOWS\system32\wjiwkbfe.ini
C:\WINDOWS\system32\xbalfeal.exe
C:\WINDOWS\system32\xexcvciw.ini
C:\WINDOWS\system32\xvfvkvyw.exe
C:\WINDOWS\system32\ypovahjw.dll
C:\WINDOWS\system32\yvhgoulf.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-12 03:52 . 2007-12-12 03:52 <DIR> d-------- C:\Program Files\Netflix
2007-12-11 22:41 . 2007-12-11 22:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 16:27 . 2007-12-09 16:27 0 --a------ C:\WINDOWS\Hammerhead.INI
2007-12-09 16:23 . 2007-12-09 16:28 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-05 20:06 . 2007-12-05 21:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2007-12-05 03:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56 . 2007-12-04 14:40 <DIR> d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24 . 2007-12-04 04:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19 . 2007-12-04 04:19 <DIR> d-------- C:\Program Files\ImgBurn
2007-12-04 01:33 . 2007-12-04 01:33 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-04 01:33 . 2007-12-15 04:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:05 . 2007-12-04 01:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21 . 2007-12-04 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18 . 2007-12-04 00:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:44 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-12-03 23:39 . 2007-12-03 23:39 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:39 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-03 23:39 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-03 23:22 . 2007-12-18 22:30 <DIR> d-------- C:\Program Files\lx_cats
2007-12-03 23:22 . 2005-12-23 07:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-03 23:22 . 2005-12-23 07:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-03 23:22 . 2005-12-23 07:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-03 23:22 . 2006-02-02 01:12 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-03 23:22 . 2006-02-02 01:11 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-03 23:22 . 2006-02-02 01:26 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-12-03 23:21 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:21 . 2007-12-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:20 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19 . 2006-02-20 12:25 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:18 . 2007-12-03 23:22 26,172 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-03 23:17 . 2006-03-21 08:42 303,104 -ra------ C:\WINDOWS\system32\lxcrcoin.dll
2007-12-03 23:17 . 2006-01-30 08:13 73,728 -ra------ C:\WINDOWS\system32\lxcrcfg.dll
2007-12-03 23:17 . 2006-04-19 12:13 1,688 -ra------ C:\WINDOWS\system32\lxcr.loc
2007-12-03 23:03 . 2007-12-03 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 20:35 . 2007-12-03 22:40 <DIR> d-------- C:\FIVE_PENNIES
2007-12-03 20:25 . 2007-12-03 20:25 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-03 20:25 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:16 . 2007-12-03 20:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 . 2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 . 2007-11-27 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-27 01:28 . 2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 . 2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 . 2007-11-26 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 . 2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 . 2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 . 2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 . 2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 . 2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 . 2007-11-25 23:03 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 . 2007-11-25 23:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 . 2007-11-25 23:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 . 2007-11-25 23:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27 . 2007-11-25 23:03 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:01 . 2007-12-14 14:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-25 21:36 . 2007-11-27 22:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 21:22 . 2007-12-11 20:00 <DIR> d-------- C:\hijackthis
2007-11-25 19:01 . 2007-11-25 19:04 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 . 2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:54 . 2007-11-26 21:57 <DIR> d-------- C:\Temp
2007-11-25 18:53 . 2007-12-09 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 17:52 . 2007-11-25 17:53 <DIR> d-------- C:\partition magic
2007-11-25 17:24 . 2007-12-05 20:37 <DIR> dr------- C:\Linux
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 . 2007-11-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 15:14 . 2007-11-25 15:15 32 --a------ C:\WINDOWS\CD_Start.INI
2007-11-25 14:15 . 2007-11-25 15:02 <DIR> d-------- C:\nero
2007-11-25 11:40 . 2007-12-10 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 . 2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 . 2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 . 2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 . 2007-11-24 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10 . 2007-11-24 21:07 <DIR> d-------- C:\Photoshop
2007-11-24 16:46 . 2007-11-24 16:46 <DIR> d-------- C:\Program Files\SD EnterNET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_ 1.49.32.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 01:50:20 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2007-12-04 06:07:00 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2006-05-25 01:50:20 864,256 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2007-12-04 06:07:00 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-05-25 01:50:20 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2007-12-04 06:07:00 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2005-08-06 04:01:54 239,104 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2005-12-16 02:14:04 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
- 2005-12-16 02:06:16 864,256 ------w C:\WINDOWS\ehome\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ------w C:\WINDOWS\ehome\ehepg.dll
- 2005-12-16 02:14:50 332,288 ------w C:\WINDOWS\ehome\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ------w C:\WINDOWS\ehome\ehglid.dll
- 2004-08-10 10:11:48 178,688 ------w C:\WINDOWS\ehome\ehkeyctl.dll
+ 2006-10-09 23:18:32 178,176 ------w C:\WINDOWS\ehome\ehkeyctl.dll
- 2005-12-16 02:14:40 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
+ 2006-10-09 23:16:56 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
- 2005-12-16 02:18:12 3,219,456 ------w C:\WINDOWS\ehome\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ------w C:\WINDOWS\ehome\ehshell.exe
- 2005-12-16 02:14:28 558,080 ------w C:\WINDOWS\ehome\ehui.dll
+ 2006-10-09 23:16:30 558,592 ------w C:\WINDOWS\ehome\ehui.dll
- 2005-12-16 02:11:02 106,496 ------w C:\WINDOWS\ehome\mstvcapn.dll
+ 2006-10-09 23:12:52 107,008 ------w C:\WINDOWS\ehome\mstvcapn.dll
- 2004-08-10 04:00:00 192,512 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
- 2005-12-16 02:14:04 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
- 2005-12-16 02:06:16 864,256 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
- 2005-12-16 02:14:50 332,288 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
- 2005-12-16 02:18:12 3,219,456 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
- 2005-12-16 02:14:28 558,080 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
+ 2006-10-09 23:16:30 558,592 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2004-08-10 04:00:00 356,352 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
 
- 2006-10-02 19:30:10 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2004-08-10 04:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-10 04:00:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2005-06-24 01:09:49 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2006-02-20 19:22:16 610,304 ----a-w C:\WINDOWS\system32\lxcrcomc.dll
+ 2006-02-20 19:36:06 421,888 ----a-w C:\WINDOWS\system32\lxcrcomm.dll
+ 2006-02-20 19:23:08 495,616 ----a-w C:\WINDOWS\system32\lxcrcoms.exe
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\lxcrcur.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\lxcrgf.dll
+ 2006-02-20 19:06:52 393,216 ----a-w C:\WINDOWS\system32\lxcriesc.dll
+ 2006-02-20 19:24:42 380,928 ----a-w C:\WINDOWS\system32\lxcrih.exe
+ 2006-02-20 19:03:02 409,600 ----a-w C:\WINDOWS\system32\lxcrinpa.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\lxcrinsr.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\lxcrjswr.dll
+ 2006-02-20 19:24:30 536,576 ----a-w C:\WINDOWS\system32\lxcrlmpm.dll
+ 2006-02-20 19:46:24 667,648 ----a-w C:\WINDOWS\system32\lxcrpmui.dll
+ 2006-02-20 19:23:16 114,688 ----a-w C:\WINDOWS\system32\lxcrpplc.dll
+ 2006-02-20 19:21:22 163,840 ----a-w C:\WINDOWS\system32\lxcrprox.dll
+ 2006-02-20 19:44:44 1,183,744 ----a-w C:\WINDOWS\system32\lxcrserv.dll
+ 2006-02-20 19:15:16 995,328 ----a-w C:\WINDOWS\system32\lxcrusb1.dll
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\lxcrutil.dll
+ 2005-07-08 08:11:22 40,960 ----a-w C:\WINDOWS\system32\lxcrvs.dll
+ 2006-10-02 22:28:42 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\sbe.dll
- 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-01-30 15:13:22 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-01-30 15:13:22 73,728 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrv.dll
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrvui.dll
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unires.dll
+ 2006-01-12 14:20:04 114,688 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
- 2006-09-16 07:05:22 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-23 01:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 04:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 04:00:00 1,582,080 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 04:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 04:00:00 174,080 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 04:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2006-10-19 03:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dl
 
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 10:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 22:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a788bc]
rundll32.exe C:\WINDOWS\system32\lrbogxsu.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.6\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-27 01:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-27 01:28]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 09:25]
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 22:30:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-18 22:32:11 - machine was rebooted
.
2007-12-18 10:02:38 --- E O F ---
 
Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\xbalfeal.exe
C:\WINDOWS\system32\lrbogxsu.dll
Folder::
C:\Program Files\Web Buying

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a788bc]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
:
  • Save this as CFScript.txt and place it on your desktop.


    CFScript.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

How are things running now ?
 
ComboFix 07-12-19.2 - HP_Administrator 2007-12-18 23:21:55.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\xbalfeal.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-12 03:52 . 2007-12-12 03:52 <DIR> d-------- C:\Program Files\Netflix
2007-12-11 22:41 . 2007-12-11 22:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 16:27 . 2007-12-09 16:27 0 --a------ C:\WINDOWS\Hammerhead.INI
2007-12-09 16:23 . 2007-12-09 16:28 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-05 20:06 . 2007-12-05 21:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2007-12-05 03:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56 . 2007-12-04 14:40 <DIR> d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24 . 2007-12-04 04:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19 . 2007-12-04 04:19 <DIR> d-------- C:\Program Files\ImgBurn
2007-12-04 01:33 . 2007-12-04 01:33 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-04 01:33 . 2007-12-15 04:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:05 . 2007-12-04 01:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21 . 2007-12-04 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18 . 2007-12-04 00:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:44 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-12-03 23:39 . 2007-12-03 23:39 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:39 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-03 23:39 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-03 23:22 . 2007-12-18 22:30 <DIR> d-------- C:\Program Files\lx_cats
2007-12-03 23:22 . 2005-12-23 07:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-03 23:22 . 2005-12-23 07:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-03 23:22 . 2005-12-23 07:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-03 23:22 . 2006-02-02 01:12 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-03 23:22 . 2006-02-02 01:11 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-03 23:22 . 2006-02-02 01:26 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-12-03 23:21 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:21 . 2007-12-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:20 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19 . 2006-02-20 12:25 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:18 . 2007-12-03 23:22 26,172 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-03 23:17 . 2006-03-21 08:42 303,104 -ra------ C:\WINDOWS\system32\lxcrcoin.dll
2007-12-03 23:17 . 2006-01-30 08:13 73,728 -ra------ C:\WINDOWS\system32\lxcrcfg.dll
2007-12-03 23:17 . 2006-04-19 12:13 1,688 -ra------ C:\WINDOWS\system32\lxcr.loc
2007-12-03 23:03 . 2007-12-03 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 20:35 . 2007-12-03 22:40 <DIR> d-------- C:\FIVE_PENNIES
2007-12-03 20:25 . 2007-12-03 20:25 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-03 20:25 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:16 . 2007-12-03 20:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 . 2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 . 2007-11-27 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-27 01:28 . 2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 . 2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 . 2007-11-26 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 . 2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 . 2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 . 2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 . 2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 . 2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 . 2007-11-25 23:03 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 . 2007-11-25 23:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 . 2007-11-25 23:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 . 2007-11-25 23:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27 . 2007-11-25 23:03 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:01 . 2007-12-14 14:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-25 21:36 . 2007-11-27 22:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 21:22 . 2007-12-11 20:00 <DIR> d-------- C:\hijackthis
2007-11-25 19:01 . 2007-11-25 19:04 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 . 2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:54 . 2007-11-26 21:57 <DIR> d-------- C:\Temp
2007-11-25 18:53 . 2007-12-09 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 17:52 . 2007-11-25 17:53 <DIR> d-------- C:\partition magic
2007-11-25 17:24 . 2007-12-05 20:37 <DIR> dr------- C:\Linux
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 . 2007-11-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 15:14 . 2007-11-25 15:15 32 --a------ C:\WINDOWS\CD_Start.INI
2007-11-25 14:15 . 2007-11-25 15:02 <DIR> d-------- C:\nero
2007-11-25 11:40 . 2007-12-10 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 . 2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 . 2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 . 2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 . 2007-11-24 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10 . 2007-11-24 21:07 <DIR> d-------- C:\Photoshop
2007-11-24 16:46 . 2007-11-24 16:46 <DIR> d-------- C:\Program Files\SD EnterNET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 10:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 22:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-27 01:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-27 01:28]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 09:25]
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 23:36:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-18 23:37:11
C:\ComboFix2.txt ... 2007-12-18 22:32
.
2007-12-18 10:02:38 --- E O F ---
 
After running the text for combo fix I was unable to connect to the internet and tried to reinstall from my Comcast disc. It would not let me install, so I had to do a system restore to the point made by the first combofix. I am still having issues connecting to the internet. I have to open my task manager and delete the unused IEXPLORES that pop on. It usually takes me four of five different attempts to connect. The IEXPLORE appear to steal bandwidth. Not to sure though. Also I am not sure what was in the text that killed my internet connection??????
 
I ran a scan with spybot search and destroy.

adrevovler 2 entries
burstmedia 2 entries
doubleclick 1 entry
fastclick 1 entry
hitbox 1 entry
mediaplex 1 entry
statcounter 1 entry
virtumonde 3 entries
webtrends live 1 entry
zedo 1 entry

I didn't fix anything just looking for anything that could help you out. Hope it helped.
 
Did your machine reboot when you used ComboFix ?

If not then please delete your copy of Combofix, and download the updated version.
Run CF, and if you can't access the internet then reboot and try again.
If you still have trouble then you will have to restore and let me know.
 
ComboFix 07-12-19.2 - HP_Administrator 2007-12-19 13:07:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.452 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\xbalfeal.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\djuakejh.exe
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\efbkwijw.dll
C:\WINDOWS\system32\eojuvnyo.dll
C:\WINDOWS\system32\ewyurwfq.dll
C:\WINDOWS\system32\fbttdcvu.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\fluoghvy.dll
C:\WINDOWS\system32\geonejxw.dll
C:\WINDOWS\system32\hlxkrxmc.dll
C:\WINDOWS\system32\hqwohped.exe
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kpgiwutq.ini
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\mkanvofo.dll
C:\WINDOWS\system32\mmnugfpo.ini
C:\WINDOWS\system32\oefbtxvg.exe
C:\WINDOWS\system32\oiwmfvsn.exe
C:\WINDOWS\system32\opfgunmm.dll
C:\WINDOWS\system32\pgcjbjcd.dll
C:\WINDOWS\system32\qhlktbcn.exe
C:\WINDOWS\system32\qjouxpbm.exe
C:\WINDOWS\system32\qlevadvd.ini
C:\WINDOWS\system32\qtuwigpk.dll
C:\WINDOWS\system32\usxgobrl.ini
C:\WINDOWS\system32\uvcdttbf.ini
C:\WINDOWS\system32\vaxxolfv.exe
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vrkurmvu.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\wicvcxex.dll
C:\WINDOWS\system32\wjhavopy.ini
C:\WINDOWS\system32\wjiwkbfe.ini
C:\WINDOWS\system32\xbalfeal.exe
C:\WINDOWS\system32\xexcvciw.ini
C:\WINDOWS\system32\xvfvkvyw.exe
C:\WINDOWS\system32\ypovahjw.dll
C:\WINDOWS\system32\yvhgoulf.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-12 03:52 . 2007-12-12 03:52 <DIR> d-------- C:\Program Files\Netflix
2007-12-11 22:41 . 2007-12-11 22:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 16:27 . 2007-12-09 16:27 0 --a------ C:\WINDOWS\Hammerhead.INI
2007-12-09 16:23 . 2007-12-09 16:28 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-05 20:06 . 2007-12-05 21:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2007-12-05 03:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56 . 2007-12-04 14:40 <DIR> d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24 . 2007-12-04 04:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19 . 2007-12-04 04:19 <DIR> d-------- C:\Program Files\ImgBurn
2007-12-04 01:33 . 2007-12-04 01:33 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-04 01:33 . 2007-12-15 04:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:05 . 2007-12-04 01:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21 . 2007-12-04 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18 . 2007-12-04 00:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:44 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-12-03 23:39 . 2007-12-03 23:39 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:39 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-03 23:39 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-03 23:22 . 2007-12-19 13:28 <DIR> d-------- C:\Program Files\lx_cats
2007-12-03 23:22 . 2005-12-23 07:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-03 23:22 . 2005-12-23 07:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-03 23:22 . 2005-12-23 07:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-03 23:22 . 2006-02-02 01:12 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-03 23:22 . 2006-02-02 01:11 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-03 23:22 . 2006-02-02 01:26 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-12-03 23:21 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:21 . 2007-12-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:20 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19 . 2006-02-20 12:25 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:18 . 2007-12-03 23:22 26,172 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-03 23:17 . 2006-03-21 08:42 303,104 -ra------ C:\WINDOWS\system32\lxcrcoin.dll
2007-12-03 23:17 . 2006-01-30 08:13 73,728 -ra------ C:\WINDOWS\system32\lxcrcfg.dll
2007-12-03 23:17 . 2006-04-19 12:13 1,688 -ra------ C:\WINDOWS\system32\lxcr.loc
2007-12-03 23:03 . 2007-12-03 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 20:35 . 2007-12-03 22:40 <DIR> d-------- C:\FIVE_PENNIES
2007-12-03 20:25 . 2007-12-03 20:25 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-03 20:25 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:16 . 2007-12-03 20:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 . 2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 . 2007-11-27 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32(2).dll
2007-11-27 01:28 . 2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 . 2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 . 2007-11-26 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 . 2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 . 2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 . 2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 . 2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 . 2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 . 2007-11-25 23:03 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 . 2007-11-25 23:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 . 2007-11-25 23:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 . 2007-11-25 23:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27 . 2007-11-25 23:03 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:01 . 2007-12-19 13:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-25 21:36 . 2007-11-27 22:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 21:22 . 2007-12-11 20:00 <DIR> d-------- C:\hijackthis
2007-11-25 19:01 . 2007-11-25 19:04 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 . 2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:54 . 2007-11-26 21:57 <DIR> d-------- C:\Temp
2007-11-25 18:53 . 2007-12-09 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 17:52 . 2007-11-25 17:53 <DIR> d-------- C:\partition magic
2007-11-25 17:24 . 2007-12-05 20:37 <DIR> dr------- C:\Linux
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 . 2007-11-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 15:14 . 2007-11-25 15:15 32 --a------ C:\WINDOWS\CD_Start.INI
2007-11-25 14:15 . 2007-11-25 15:02 <DIR> d-------- C:\nero
2007-11-25 11:40 . 2007-12-10 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 . 2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 . 2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 . 2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 . 2007-11-24 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10 . 2007-11-24 21:07 <DIR> d-------- C:\Photoshop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_ 1.49.32.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 01:50:20 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2007-12-04 06:07:00 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2006-05-25 01:50:20 864,256 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2007-12-04 06:07:00 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-05-25 01:50:20 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2007-12-04 06:07:00 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2005-08-06 04:01:54 239,104 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2005-12-16 02:14:04 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
- 2005-12-16 02:06:16 864,256 ------w C:\WINDOWS\ehome\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ------w C:\WINDOWS\ehome\ehepg.dll
- 2005-12-16 02:14:50 332,288 ------w C:\WINDOWS\ehome\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ------w C:\WINDOWS\ehome\ehglid.dll
- 2004-08-10 10:11:48 178,688 ------w C:\WINDOWS\ehome\ehkeyctl.dll
+ 2006-10-09 23:18:32 178,176 ------w C:\WINDOWS\ehome\ehkeyctl.dll
- 2005-12-16 02:14:40 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
+ 2006-10-09 23:16:56 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
- 2005-12-16 02:18:12 3,219,456 ------w C:\WINDOWS\ehome\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ------w C:\WINDOWS\ehome\ehshell.exe
- 2005-12-16 02:14:28 558,080 ------w C:\WINDOWS\ehome\ehui.dll
+ 2006-10-09 23:16:30 558,592 ------w C:\WINDOWS\ehome\ehui.dll
- 2005-12-16 02:11:02 106,496 ------w C:\WINDOWS\ehome\mstvcapn.dll
+ 2006-10-09 23:12:52 107,008 ------w C:\WINDOWS\ehome\mstvcapn.dll
- 2004-08-10 04:00:00 192,512 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
- 2005-12-16 02:14:04 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
- 2005-12-16 02:06:16 864,256 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
- 2005-12-16 02:14:50 332,288 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
- 2005-12-16 02:18:12 3,219,456 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
- 2005-12-16 02:14:28 558,080 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
+ 2006-10-09 23:16:30 558,592 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2004-08-10 04:00:00 356,352 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
- 2006-10-02 19:30:10 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2004-08-10 04:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-10 04:00:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2005-06-24 01:09:49 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
 
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2006-02-20 19:22:16 610,304 ----a-w C:\WINDOWS\system32\lxcrcomc.dll
+ 2006-02-20 19:36:06 421,888 ----a-w C:\WINDOWS\system32\lxcrcomm.dll
+ 2006-02-20 19:23:08 495,616 ----a-w C:\WINDOWS\system32\lxcrcoms.exe
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\lxcrcur.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\lxcrgf.dll
+ 2006-02-20 19:06:52 393,216 ----a-w C:\WINDOWS\system32\lxcriesc.dll
+ 2006-02-20 19:24:42 380,928 ----a-w C:\WINDOWS\system32\lxcrih.exe
+ 2006-02-20 19:03:02 409,600 ----a-w C:\WINDOWS\system32\lxcrinpa.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\lxcrinsr.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\lxcrjswr.dll
+ 2006-02-20 19:24:30 536,576 ----a-w C:\WINDOWS\system32\lxcrlmpm.dll
+ 2006-02-20 19:46:24 667,648 ----a-w C:\WINDOWS\system32\lxcrpmui.dll
+ 2006-02-20 19:23:16 114,688 ----a-w C:\WINDOWS\system32\lxcrpplc.dll
+ 2006-02-20 19:21:22 163,840 ----a-w C:\WINDOWS\system32\lxcrprox.dll
+ 2006-02-20 19:44:44 1,183,744 ----a-w C:\WINDOWS\system32\lxcrserv.dll
+ 2006-02-20 19:15:16 995,328 ----a-w C:\WINDOWS\system32\lxcrusb1.dll
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\lxcrutil.dll
+ 2005-07-08 08:11:22 40,960 ----a-w C:\WINDOWS\system32\lxcrvs.dll
+ 2006-10-02 22:28:42 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2007-11-28 01:26:40 33,856 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-12-19 06:51:34 1,243,124 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\sbe.dll
- 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-01-30 15:13:22 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-01-30 15:13:22 73,728 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrv.dll
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrvui.dll
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unires.dll
+ 2006-01-12 14:20:04 114,688 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
- 2006-09-16 07:05:22 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-23 01:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 04:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 04:00:00 1,582,080 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 04:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 04:00:00 174,080 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 04:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2006-10-19 03:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 10:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 22:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-27 01:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-27 01:28]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 09:25]
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]
--- E O F ---
 
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 13:28:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-19 13:30:12 - machine was rebooted [HP_Administrator]
C:\ComboFix2.txt ... 2007-12-18 23:37
C:\ComboFix3.txt ... 2007-12-18 22:32
.
2007-12-19 10:00:51



It worked this time, but still having issues pulling up an internet explorer. The task manager is still having the issues with the IEXPLORE. Opening a internet explorer it stalls at around 14k. It usually takes about three or four attempts to get one to actually open a new window. Thank you again for your time and effort with this I appreciate it.
 
There is nothing much showing now, so we will have to do a couple more scans.


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
 
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-20 02:56:28
PROTECTIONS: 0
MALWARE: 42
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29\A0028159.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\hijackthis\SmitfraudFix\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\hijackthis\SmitfraudFix.zip[SmitfraudFix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\hijackthis\SDFix.exe[SDFix\apps\Process.exe]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tickle[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[2].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@web.tickle[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00517584 Application/SuperFast HackTools No 0 Yes No C:\hijackthis\SmitfraudFix.zip[SmitfraudFix/restart.exe]
00517584 Application/SuperFast HackTools No 0 Yes No C:\hijackthis\SmitfraudFix\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045173.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP63\A0044107.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0044070.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP61\A0043716.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045173.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\hijackthis\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024994.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024946.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\hijackthis\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045217.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045191.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0033002.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe[nircmd.exe]
01308048 Adware/TTC Adware No 0 Yes No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir
01308048 Adware/TTC Adware No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe
01308049 Adware/TTC Adware No 0 No No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir[TTC.dll]
01308049 Adware/TTC Adware No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe[TTC.dll]
01308049 Adware/TTC Adware No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023873.dll
01308049 Adware/TTC Adware No 0 Yes No C:\hijackthis\backups\backup-20071125-220538-494.dll
01658945 Adware/TTC Adware No 0 No No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir[folder.js]
01658945 Adware/TTC Adware No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe[folder.js]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\hijackthis\SmitfraudFix\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\hijackthis\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
02673602 Trj/Agent.GZA Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\Fonts\CRACK.0XE.vir
02673602 Trj/Agent.GZA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024957.exe
02677501 Trj/Downloader.QZJ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024958.exe
02677501 Trj/Downloader.QZJ Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\Fonts\SVCHOST.0XE.vir
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\xbalfeal.exe.vir
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044981.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043866.exe
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-224338-166.dll
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032842.dll
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032846.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\lrbogxsu.dll.vir
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043877.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044992.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043873.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071125-212741-794.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071125-220538-839.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-224338-718.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043900.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071126-123334-147.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071125-220717-740.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\fccddef.dll.vir
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044988.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071126-181842-467.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-011929-750.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\catchme2007-12-18_223019.45.zip[vtuurpo.dll]
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\catchme2007-12-19_132802.23.zip[vtuurpo.dll]
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\SDFix\backups_old2\mrofinu1188.exe.tmp
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\SDFix\backups_old2\mrofinu1000106.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023895.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\mrofinu1188.exe.vir
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0026140.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024996.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023904.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024951.exe
 
02882738 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-224338-561.dll
02882738 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0030664.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\vhiudnlw.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\vrkurmvu.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044986.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\hlxkrxmc.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\eojuvnyo.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\geonejxw.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043882.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043883.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043880.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043878.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044998.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044997.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\pgcjbjcd.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\mkanvofo.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044995.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043876.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043875.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044993.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\ewyurwfq.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044991.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044990.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043871.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043870.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044985.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043868.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044989.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043872.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\fbttdcvu.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043874.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044994.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\opfgunmm.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044996.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044999.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043879.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\qtuwigpk.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043881.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045000.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\wicvcxex.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043884.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043885.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044987.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\efbkwijw.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\dvdavelq.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\ypovahjw.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043869.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044984.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044983.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\fluoghvy.dll.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044978.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044979.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044980.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044977.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044982.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044976.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044975.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044974.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\djuakejh.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\hqwohped.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\oefbtxvg.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043867.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\oiwmfvsn.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043865.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043864.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043863.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043862.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043860.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043859.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\xvfvkvyw.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\qhlktbcn.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\qjouxpbm.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\vaxxolfv.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043861.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023940.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0034027.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043910.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0025045.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045029.sys
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-20 02:58:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2007-12-20 09:59:05 UTC - RP67 - Deckard's System Scanner Restore Point
66: 2007-12-19 20:05:42 UTC - RP66 - ComboFix created restore point
65: 2007-12-19 10:00:19 UTC - RP65 - Software Distribution Service 3.0
64: 2007-12-19 06:48:45 UTC - RP64 - Restore Operation
63: 2007-12-19 06:21:41 UTC - RP63 - ComboFix created restore point


-- First Restore Point --
1: 2007-12-09 23:40:24 UTC - RP1 - Installed Java(TM) 6 Update 2


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:07 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\4fb06badf893aaaff075a5955e07f0f6\update\update.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 8132 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 catchme - c:\docume~1\hp_adm~1\locals~1\temp\catchme.sys (file missing)

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: 2400 Series
Device ID: USB\VID_043D&PID_00E9&MI_00\6&29B7DDFC&0&0000
Manufacturer:
Name: 2400 Series
PNP Device ID: USB\VID_043D&PID_00E9&MI_00\6&29B7DDFC&0&0000
Service:


-- Files created between 2007-11-20 and 2007-12-20 -----------------------------

2007-12-20 02:10:11 0 d-------- C:\Program Files\Panda Security
2007-12-19 23:52:39 0 d-------- C:\WINDOWS\LastGood
2007-12-14 13:53:12 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2007-12-12 03:52:45 0 d-------- C:\Program Files\Netflix
2007-12-11 22:41:52 0 d-------- C:\Program Files\Trend Micro
2007-12-09 16:23:29 0 d-------- C:\Program Files\Oberon Media
2007-12-05 20:06:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56:22 0 d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19:33 0 d-------- C:\Program Files\ImgBurn
2007-12-04 01:33:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:33:40 0 d-------- C:\Program Files\BitTorrent
2007-12-04 01:32:10 0 d-------- C:\bittorrent
2007-12-04 01:05:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:39:41 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2007-12-03 23:39:41 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-12-03 23:39:30 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:22:40 0 d-------- C:\Program Files\lx_cats
2007-12-03 23:22:02 40960 --a------ C:\WINDOWS\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-12-03 23:22:02 32768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-12-03 23:22:02 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2007-12-03 23:22:02 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-03 23:22:02 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-03 23:21:50 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:21:22 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:20:48 0 d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20:47 0 d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19:24 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19:03 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:03:14 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 22:58:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-03 20:35:05 0 d-------- C:\FIVE_PENNIES
2007-12-03 20:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:25:40 0 d-------- C:\Program Files\DVD Shrink
2007-12-03 20:16:41 0 d--h----- C:\WINDOWS\PIF
2007-11-28 15:49:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-11-27 18:26:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-27 12:39:01 0 d-------- C:\WINDOWS\uninstall
2007-11-27 04:14:10 0 d-------- C:\Program Files\CCleaner
2007-11-27 01:28:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28:51 0 d-------- C:\Program Files\COMODO
2007-11-27 01:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-26 22:12:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 22:12:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 21:15:34 0 d-------- C:\WINDOWS\ERUNT
2007-11-26 18:32:51 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-26 13:00:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 00:28:34 3746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-26 00:27:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-26 00:27:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-26 00:27:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27:57 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-25 21:22:05 0 d-------- C:\hijackthis
2007-11-25 19:01:11 0 d-------- C:\Program Files\Incomplete
2007-11-25 18:58:21 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-25 18:54:29 0 d-------- C:\Temp
2007-11-25 18:53:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34:16 0 d-------- C:\Program Files\LimeWire
2007-11-25 17:52:37 0 d-------- C:\partition magic
2007-11-25 17:24:00 0 dr------- C:\Linux
2007-11-25 15:24:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-11-25 15:24:46 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-11-25 15:24:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24:43 0 d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24:43 0 d-------- C:\Program Files\Ahead
2007-11-25 15:18:08 0 d-------- C:\Program Files\Nero
2007-11-25 15:18:08 0 d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 14:15:00 0 d-------- C:\nero
2007-11-25 13:58:29 0 d-------- C:\WINDOWS\pss
2007-11-25 11:40:06 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36:00 0 d-------- C:\Program Files\Bonjour
2007-11-25 11:28:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09:10 0 d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10:27 0 d-------- C:\Photoshop
2007-11-24 16:46:05 0 d-------- C:\Program Files\SD EnterNET
2007-11-24 16:15:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-24 16:06:51 0 d-------- C:\Program Files\Download Manager
2007-11-24 15:52:54 0 d-------- C:\navy field
2007-11-24 15:36:26 0 d-------- C:\Program Files\Ventrilo
2007-11-24 15:35:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 15:32:19 0 d-------- C:\Program Files\blackdeath.nf.forumer
2007-11-24 15:07:57 0 d-------- C:\Program Files\support.com
2007-11-24 15:07:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com


-- Find3M Report ---------------------------------------------------------------

2007-12-14 14:09:52 187 --a------ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2007-11-27 02:00:12 0 d-------- C:\Program Files\Java
2007-11-27 01:21:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 01:12:48 0 d-------- C:\Program Files\Common Files
2007-11-26 20:12:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 12:39:42 0 d-------- C:\Program Files\The Weather Channel FW
2007-11-25 22:38:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-11-25 18:54:34 0 d-------- C:\Program Files\Movie Maker
2007-11-25 18:42:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 11:35:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-24 21:13:09 0 d-------- C:\Program Files\Yahoo!
 
main txt second post

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/16/2006 02:11 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 09:05 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/15/2005 06:18 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [11/27/2007 01:28 AM]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 10:48 AM]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/06/2006 10:10 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 01:11 AM]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [02/24/2006 04:54 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 09:00 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 6:40:44 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2007-12-20 03:04:03 ------------
 
extra.txt 1st post

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 Mobile Technology ML-34
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 958.48 MiB / 490.84 MiB
Pagefile Memory (total/avail): 2312.31 MiB / 1958.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.44 MiB

C: is Fixed (NTFS) - 177.54 GiB total, 138.73 GiB free.
D: is Fixed (FAT32) - 8.75 GiB total, 0.43 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200827AS - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 177.54 GiB - C:
\PARTITION1 - Unknown - 8.76 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
Asianata --> "C:\Program Files\HP Games\Asianata\Uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Bo-Shot 1.02 --> C:\WINDOWS\uninstall\Bo-Shot\setup.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover --> "C:\Program Files\DISC\uninstall.exe"
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ENFUNS Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626713B4-F070-4605-9DF6-31783A5AEAAE}\setup.exe" -l0x9 -removeonly
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /remove
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Glary Utilities 2.3.3 --> "C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet 3740 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3740 Series
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console --> "C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Insaniquarium Deluxe --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
NavyFIELD NorthAmerica --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D425D2-803F-40E8-9D65-3DC00D577C11}\setup.exe" -l0x9 -removeonly
Nero 8 --> MsiExec.exe /X{5E6EC4DD-7B1F-4E10-82B9-EA1B90791033}
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Sea Life Safari --> "C:\Program Files\HP Games\Sea Life Safari\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Collapse! 3 --> C:\PROGRA~1\YAHOO!~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\SUPERC~1\INSTALL.LOG
Tradewinds --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
 
You must log in or register to reply here.
Back
Top