Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help My Computer Is Infected Beyond Belief.


  • Please log in to reply
36 replies to this topic

#1 Cheri_Esperon

Cheri_Esperon

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 16 September 2007 - 12:11 PM

I tried to follow all the directions before running a HJT log but I am running into problems. Everytime I make a change to my computer, even someting minor like putting a desktop item or changing a startup option- it is changed back after I restart. I'm thinking rootkit or hook- but rootkit revealer freezes up after about an hour or so... I am really a complete dummy when it comes to registry entries etc. But anyways this has been a nightmare. To back it up to the beginning I noticed my computer was running slowly and went to run an antivirus scan. I had my antivirus set to run 3 nights a week so I figured I was in good shape, but when I tried to run it I got a pop-up warning that my serial number was in use on another computer & I could not run it. (now isn't that great- even my antivirus wasn't safe!) I bought Trend Micro and ran it- found several hundred problems & corrected them all. At about the same time I went to my web site & found that it had been suspended, tried to log in & my password had been changed. I sent email after email to my hosting company w/ no response. Finally they emailed me from a yahoo email telling me the emails were blocked. I have never had a problem with emails being blocked from them & calling my ISP (roadrunner) resulted in a guarantee that they were not blocked they went in and canceled all forwarders. I had been suspended for violating the tos & uploading porn. Great... The very next day- my email quit working- yep they changed the password. So disabled internet wirewall & installed Comodo.

Since then I am still having a myriad of problems:

*When I try to open some programs (namely adobe programs- which I use daily) I get the error message that I can't open them because they are already in use. A check of task manager does not any adobe associated proccesses running. Also oddly enough- my name has disappeared from the splash screen

*Add remove programs will not populate the list- it just hangs there. I tried following directions on the web re registering several dlls.. didn't help. Finally downloaded Tweak This, which allowed me to delete a bunch of trial programs & unused programs... now it won't run either. It stops responding.

*regedit & msconfig were disabled. I was able to enable them by following some instructions on the web. But anything I change doesn't stick.. (yes I hit apply when available)

*Google toolbar will not install.. nor will IE 7.

* Windows update would not install SP3- finally fixed that by saving it on my desktop & installing it that way.

*Antivirus scans keep alerting me that HP processes - killwind cloaker & a bunch of other files in HP bin are dangerous.

*Some items in recycle bin will not delete. When I try I get error messages that I can't delete because it is in use or I don't have the priveledge. (I am administrator- I double checked)

*Online virus scans will not run- they hang (sometimes for days) & I get an IE needs to close message

*Now even though I am online on this computer right now as I type... wireless connection icon is still trying to acquire a network address. Strange..

*Spybot, Adaware & Super AntiSpyware are now only finding cookies... no spyware.

*Trend Micro is a resource hog... right now tavsvc.exe is using 70,640 K TMproxy.exe is using 57,824 K- should it be using that much?? Seems pretty high. Asked TM & of course they blame on the fact that I have other antimalware programs installed but none are set to monitor my computer- on demand scans only.

*Can't get online in safemode with networking. ... It is just a MESS!!!!! :thumbsup:


Here is my HJT log. Any other logs you need- I will be more than happy to provide. This is affecting me professionally since I can't work on this computer as well as has caused me to drop an online class because of this insanity.

----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:33 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
F3 - REG:win.ini: load=
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk.disabled
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bootsec - bootsec.dll (file missing)
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 8673 bytes



Thanks for reading this...

9/17 Noticed new problem... new HJT log to follow. I am not sure if this is related or if this is a consequence of reinstalling some windows files but now I have a new set of user files. My XP user is & has always been Cheri and when I logged in all settings files ect were under the user Hp_administrator. Now all of a sudden when I log in as Cheri I am now using the profile hp_administrator.cheri. I can still access everything in the old profile by doing a little leapfrogging and hopping around in my computer but first off this is a pain & secondly it concerns me. Also within this new profile- all my outlook express messages are gone (I suspect they still exist but don't know how to get to them.) How can I point my user name back to hp_administrator? or migrate everything to the new user- either way I don't care as long as I can get to them. I tried copying them & pasting them to this new profile but It says the profile is in use??? HUH??? Perhaps this is posted in the wrong place, but I didn't want to muck things up by posting it somewhere else. BTW.. all antivirus programs & show no infections except for some cookies. I am running nanoscan by panda now. If It shows anything, I will post the results. THANKS !!!!!

Here is the new HJT log for this morning.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:59 AM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bootsec - bootsec.dll (file missing)
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 9237 bytes

Edited by Cheri_Esperon, 17 September 2007 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 September 2007 - 01:16 PM

Hi cheri,

I see you have also posted in another forum but that thread looks lost and abandon.

If you still need help,let me know and ill see if i can help. :thumbsup:

#3 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 20 September 2007 - 08:24 AM

Yeah... never got a reply. Thanks for helping out!!! :thumbsup: Here is the new HHT log. Anitvirus (comodo & Trend micro ) scans are running clean- but I am not convinced. I can't seem to get an online scan to complete, which seems suspicious & can't get online in safe mode with networking to run one in safe mode. Comodo has a file in quarantine that it says a win32.zlob but nothing else finds it & I can't delete it since it is in my HPbin file. There has been a lot of suspicious files according to different scans located in that folder. But googling the files keeps saying they are safe. Computer is out of warantee & frankly I don't use HP support anyways, so I am not emotionally attached to any HP files & don't mind getting rid of them if I can.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:04 AM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bootsec - bootsec.dll (file missing)
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 9450 bytes

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 11:25 AM

Here is what Id like you to do,restart the machine in safe mode and Let me see a HijackThis Start Up log.

Open HijackThis and Click the "Open Misc Tools Section" tab.(Config-> Misc Tools)

Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to copy the entire contents of that page to the next reply.

After you post that log,Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 September 2007 - 12:48 PM

OH thanks... I will do that right now- just one quick question. Do you want the log from combofix and the second hjt log also from safemode??

#6 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 20 September 2007 - 01:24 PM

OK here is the HJT startup log...

StartupList report, 9/20/2007, 1:01:04 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
Updates from HP.lnk.disabled

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Trend Micro AntiVirus 2007 = C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
COMODO Firewall Pro = "C:\Program Files\Comodo\Firewall\CPF.exe" /background
cnfgCav = "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[KB910393]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

[{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath = rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\GPhotos.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ad-Aware SE Personal.job
AppleSoftwareUpdate.job
MP Scheduled Scan.job
Norton Security Scan.job
Spybot - Search & Destroy - Scheduled Task.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

[SysData Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SysInfo.dll
CODEBASE = http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

[TotalScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ascstubie.dll
CODEBASE = http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[NanoInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll
CODEBASE = http://www.nanoscan.com/cabs/nanoinst.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[Zenturi Active Programs Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sasatl.dll
CODEBASE = http://www.programchecker.com/dll/nixon.cab

[SABScanProcesses Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sabspx.dll
CODEBASE = http://www.superadblocker.com/activex/sabspx.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\CavEmLSP.dll
Protocol #2: C:\WINDOWS\system32\CavEmLSP.dll
Protocol #3: C:\WINDOWS\system32\CavEmLSP.dll
Protocol #4: C:\WINDOWS\system32\tmlsp.dll
Protocol #5: C:\WINDOWS\system32\tmlsp.dll
Protocol #6: C:\WINDOWS\system32\tmlsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\rsvpsp.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\tmlsp.dll
Protocol #27: C:\WINDOWS\system32\CavEmLSP.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)
Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
aracpi: system32\DRIVERS\aracpi.sys (manual start)
MS Ar HID Filter Driver: system32\DRIVERS\arhidfltr.sys (manual start)
Microsoft PS2 Keyboard Filter: system32\DRIVERS\arkbcfltr.sys (manual start)
Microsoft PS2 Mouse Filter: system32\DRIVERS\armoucfltr.sys (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ARPolicy: system32\DRIVERS\arpolicy.sys (manual start)
ARSVC: C:\WINDOWS\arservice.exe (autostart)
ASAPIW2K: system32\drivers\Asapiw2k.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVC Device: system32\DRIVERS\avc.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
BOClean Kernel Monitor.: \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys (manual start)
Brother MFC Filter Driver: System32\Drivers\Brfilt.sys (manual start)
BrSplService: C:\WINDOWS\system32\brsvc01a.exe (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Brother WDM Serial driver: System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Scanner driver: System32\Drivers\BrUsbScn.sys (manual start)
USB Card Reader Writer driver: System32\Drivers\busbcrw.sys (manual start)
Cavasm: system32\DRIVERS\cavasm.sys (system)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Comodo Application Agent: C:\Program Files\Comodo\Firewall\cmdagent.exe (autostart)
Comodo Application Engine: System32\DRIVERS\cmdmon.sys (system)
Comodo Anti-Virus and Anti-Spyware Service: "C:\Program Files\Comodo\common\CAVASpy\cavasm.exe" (autostart)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
ftsata2: system32\DRIVERS\ftsata2.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
giveio: \??\C:\WINDOWS\system32\giveio.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Hauppauge WinTV PVR PCI II ([23|25|26]xxx): system32\DRIVERS\hcwPP2.sys (manual start)
Microsoft Infrared HID Driver: system32\DRIVERS\hidir.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Hostnt: \??\C:\WINDOWS\system32\drivers\hostnt.sys (autostart)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel RAID Controller: system32\DRIVERS\iaStor.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (autostart)
Comodo Network Engine: System32\DRIVERS\inspect.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
Infrared bus filter driver for eHome remote controls: system32\DRIVERS\IrBus.sys (manual start)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Pinnacle Marvin Bus: system32\DRIVERS\MarvinBus.sys (manual start)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
mf: system32\DRIVERS\mf.sys (manual start)
Mhdrv: \??\C:\WINDOWS\system32\drivers\mhdrv.sys (autostart)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
MSSQL$SONY_MEDIAMGR: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR (manual start)
MSSQLServerADHelper: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PCLEPCI: \??\C:\WINDOWS\system32\drivers\pclepci.sys (system)
Pen Class: system32\Drivers\PenClass.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (system)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
procguard: \??\C:\WINDOWS\system32\drivers\procguard.sys (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
ProtexisLicensing: "C:\Program Files\Common Files\Protexis\License Service\PSIService.exe" (autostart)
PS2: system32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
RCMHDOG: \??\C:\WINDOWS\system32\drivers\rcmhdog.sys (autostart)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtlnicxp.sys (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver: system32\DRIVERS\wg111v2.sys (manual start)
SABProcEnum: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sony Digital Imaging Video2: system32\DRIVERS\sonypvs1.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
SQLAgent$SONY_MEDIAMGR: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR (manual start)
System Restore Filter Driver: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
TabletService: C:\WINDOWS\system32\Tablet.exe (autostart)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Trend Micro AntiVirus Protection Service: C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe (autostart)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
tmpreflt: system32\DRIVERS\tmpreflt.sys (autostart)
Trend Micro Proxy Service: C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe (autostart)
tmxpflt: system32\DRIVERS\tmxpflt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
User Profile Hive Cleanup: C:\Program Files\UPHClean\uphclean.exe (autostart)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
vsapint: system32\DRIVERS\vsapint.sys (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
wampapache: "c:\wamp\apache2\bin\Apache.exe" -k runservice (manual start)
wampmysqld: c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (disabled)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
LIteon Wireless PCI Network Adapter Service: system32\DRIVERS\wn5301.sys (manual start)
WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

UpdateManager = C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe

--------------------------------------------------

End of report, 40,159 bytes
Report generated in 0.281 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 02:01 PM

Can you see this file:

C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe

If so,have it scanned at www.virutotal.com,if there are any detections at all ill need to see the scan results,just copy them to notepad and post in the next reply.

#8 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 September 2007 - 03:33 PM

I don't see it. I even tried to search for it... no luck.

Do you still want me to run combofix? Should I do that in my regular profile or should I do it in safemode?

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 September 2007 - 03:51 PM

Go ahead and run combofix from a full account with admin privlages from normal mode please.

#10 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 September 2007 - 09:10 PM

Ok here is the combofix log- I uploaded the file as requested in the log.

ComboFix 07-09-20.1 - "HP_Administrator" 2007-09-20 20:35:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT -5:00]
.
ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
to: http://www.bleepingcomputer.com/submit-malware.php?channel=4

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-07-05 20:09]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-07 13:48]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-07 13:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bootsec]
bootsec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-07 13:49 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk.disabled]
backup=C:\WINDOWS\pss\Free WebSite Tools.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"d98dd1d2.exe"=C:\WINDOWS\system32\d98dd1d2.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 06:44:00 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
"2007-09-07 15:46:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-20 07:29:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-15 06:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-09-19 06:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 21:00:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-20 21:04:31
C:\ComboFix-quarantined-files.txt ... 2007-09-20 21:03
.
--- E O F ---




and here is the new HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:39 PM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\2a2715f6180c3bfa2a58178525f24c67\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bootsec - bootsec.dll (file missing)
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 8971 bytes

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 September 2007 - 03:40 AM

First thing,are you aware of these 2 apps and are they fully up to date?

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe

O20 - Winlogon Notify: bootsec - bootsec.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Next,Copy the text below to notepad and save it to the desktop with the name CFScript.txt

File::
C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe
C:\WINDOWS\system32\d98dd1d2.exe
C:\WINDOWS\system32\bootsec.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"d98dd1d2.exe"=-

Once saved,drag CFScript.txt on top of ComboFix.exe and ComboFix will launch automatically and begin the script.

Wait for the log to appear and post that log along with a fresh HijackThis log into the next reply.

#12 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  

Posted 21 September 2007 - 09:26 AM

OK.. did that but now Trend Micro is crashing.... I hope I did everything alright. I was also getting warnings from comodo that there was a keylogger in the combofix file, but I remember reading that you might get false positives with combofix so I ignored it. (is that ok?)

As far as those two apache programs- yes I am aware of them- I downloaded them a while back to test some php. I don't know if they are up to date- but I don't need them anymore- if you think they may be causing problems, I can remove them.

Here is the combofix log:

ComboFix 07-09-20.1 - "HP_Administrator" 2007-09-21 8:16:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.15 [GMT -5:00]
Command switches used :: C:\Documents and Settings\HP_Administrator.CHERI\Desktop\CFScript.txt.txt
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.

FILE::
C:\Program Files\Common Files\Microsoft Shared\TextConv\avupdate.exe
C:\WINDOWS\system32\d98dd1d2.exe
C:\WINDOWS\system32\bootsec.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\57546148.exe
C:\DOCUME~1\HP_ADM~1\MYDOCU~1\ICROSO~1
C:\DOCUME~1\HP_ADM~1\MYDOCU~1\PPATCH~1
C:\DOCUME~1\HP_ADM~1\MYDOCU~1\PPATCH~1\??pPatch\
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.55\assets\ui\upgrades\icon_table_c.png

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 08:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-20 21:57 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\APPLIC~1\WinRAR
2007-09-20 21:38 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\APPLIC~1\Corel
2007-09-20 16:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 12:49 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2007-09-19 21:15 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-19 08:38 <DIR> d-------- C:\Program Files\UPHClean
2007-09-18 15:22 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\.housecall6.6
2007-09-17 17:54 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\APPLIC~1\WinBatch
2007-09-17 08:31 <DIR> d-------- C:\Program Files\Panda Security
2007-09-16 23:27 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\APPLIC~1\Syntrillium
2007-09-16 17:49 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\APPLIC~1\Google
2007-09-16 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-16 10:07 7,668 --a------ C:\WINDOWS\system32\drivers\RKREVEAL150.SYS
2007-09-16 00:00 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2007-09-16 00:00 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-09-16 00:00 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-09-16 00:00 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-09-15 23:59 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2007-09-15 23:59 5,632 --a------ C:\WINDOWS\system32\dllcache\write.exe
2007-09-15 23:59 214,528 --a------ C:\WINDOWS\system32\dllcache\wordpad.exe
2007-09-15 23:58 221,184 --a------ C:\WINDOWS\system32\dllcache\wmpns.dll
2007-09-15 23:57 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-09-15 23:56 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2007-09-15 23:56 35,328 --a------ C:\WINDOWS\system32\dllcache\winchat.exe
2007-09-15 23:56 34,890 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-09-15 23:56 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-09-15 23:55 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-09-15 23:55 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-09-15 23:55 53,760 --a------ C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-09-15 23:55 41,600 --a------ C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-09-15 23:55 31,744 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-09-15 23:55 31,232 --a------ C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-09-15 23:55 23,615 --a------ C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-09-15 23:52 604,253 --a------ C:\WINDOWS\system32\dllcache\vmodem.sys
2007-09-15 23:52 42,240 --a------ C:\WINDOWS\system32\dllcache\viaagp.sys
2007-09-15 23:52 249,402 --a------ C:\WINDOWS\system32\dllcache\vinwm.sys
2007-09-15 23:52 24,576 --a------ C:\WINDOWS\system32\dllcache\viairda.sys
2007-09-15 23:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1.CHE\APPLIC~1\Share-to-Web Upload Folder
2007-09-15 23:51 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2007-09-15 23:51 7,556 --a------ C:\WINDOWS\system32\dllcache\usroslba.sys
2007-09-15 23:51 687,999 --a------ C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-09-15 23:51 113,762 --a------ C:\WINDOWS\system32\dllcache\usrpda.sys
2007-09-15 23:51 11,325 --a------ C:\WINDOWS\system32\dllcache\vchnt5.dll
2007-09-15 23:50 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2007-09-15 23:50 794,399 --a------ C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-09-15 23:50 793,598 --a------ C:\WINDOWS\system32\dllcache\usr1806.sys
2007-09-15 23:50 78,464 --a------ C:\WINDOWS\system32\dllcache\usbvideo.sys
2007-09-15 23:50 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2007-09-15 23:50 224,802 --a------ C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-09-15 23:50 12,672 --a------ C:\WINDOWS\system32\dllcache\usb8023x.sys
2007-09-15 23:49 94,720 --a------ C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-09-15 23:49 76,288 --a------ C:\WINDOWS\system32\dllcache\uniime.dll
2007-09-15 23:49 69,632 --a------ C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-09-15 23:49 50,688 --a------ C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-09-15 23:49 32,384 --a------ C:\WINDOWS\system32\dllcache\usb101et.sys
2007-09-15 23:49 32,339 --a------ C:\WINDOWS\system32\dllcache\uniansi.dll
2007-09-15 23:49 28,160 --a------ C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-09-15 23:49 26,624 --a------ C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-09-15 23:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2007-09-15 23:47 440,576 --a------ C:\WINDOWS\system32\dllcache\tridkb.dll
2007-09-15 23:47 315,520 --a------ C:\WINDOWS\system32\dllcache\trid3d.dll
2007-09-15 23:47 222,336 --a------ C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-09-15 23:47 166,784 --a------ C:\WINDOWS\system32\dllcache\tridxpm.sys
2007-09-15 23:47 159,232 --a------ C:\WINDOWS\system32\dllcache\tridkbm.sys
2007-09-15 23:45 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-09-15 23:45 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-09-15 23:45 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
2007-09-15 23:45 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
2007-09-15 23:45 185,344 --a------ C:\WINDOWS\system32\dllcache\thawbrkr.dll
2007-09-15 23:45 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-09-15 23:45 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2007-09-15 23:45 138,528 --a------ C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-09-15 23:45 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
2007-09-15 23:44 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
2007-09-15 23:44 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-09-15 23:44 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-09-15 23:44 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-09-15 23:43 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
2007-09-15 23:43 32,640 --a------ C:\WINDOWS\system32\dllcache\symc8xx.sys
2007-09-15 23:43 30,688 --a------ C:\WINDOWS\system32\dllcache\sym_u3.sys
2007-09-15 23:43 28,384 --a------ C:\WINDOWS\system32\dllcache\sym_hi.sys
2007-09-15 23:43 16,256 --a------ C:\WINDOWS\system32\dllcache\symc810.sys
2007-09-15 23:43 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
2007-09-15 23:42 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
2007-09-15 23:42 53,248 --a------ C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-09-15 23:42 46,592 --a------ C:\WINDOWS\system32\dllcache\svcext51.dll
2007-09-15 23:42 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
2007-09-15 23:42 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
2007-09-15 23:42 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2007-09-15 23:42 155,648 --a------ C:\WINDOWS\system32\dllcache\stlnprop.dll
2007-09-15 23:42 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
2007-09-15 23:42 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
2007-09-15 23:41 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2007-09-15 23:41 48,736 --a------ C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-09-15 23:41 46,592 --a------ C:\WINDOWS\system32\dllcache\sspifilt.dll
2007-09-15 23:41 45,056 --a------ C:\WINDOWS\system32\dllcache\ssinc51.dll
2007-09-15 23:41 16,896 --a------ C:\WINDOWS\system32\dllcache\stcusb.sys
2007-09-15 23:41 16,896 --a------ C:\WINDOWS\system32\dllcache\status.dll
2007-09-15 23:41 101,376 --a------ C:\WINDOWS\system32\dllcache\srusbusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 21:15 2454 --a------ C:\WINDOWS\system32\drivers\tmcomm.inf
2007-09-18 08:48 --------- d-a------ C:\Program Files\Common Files\LightScribe
2007-09-18 08:48 --------- d-------- C:\Program Files\WS_FTP Pro
2007-09-18 08:48 --------- d-------- C:\Program Files\Windows Defender
2007-09-18 08:48 --------- d-------- C:\Program Files\SmartFTP Client 2.0
2007-09-18 08:47 --------- d-------- C:\Program Files\Google
2007-09-16 17:15 --------- d-------- C:\Program Files\Smarty Uninstaller Pro
2007-09-16 11:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 22:35 --------- d-------- C:\Program Files\MeetGate
2007-09-15 21:25 --------- d-------- C:\Program Files\Web Publish
2007-09-15 13:36 --------- d-------- C:\Program Files\MagicISO
2007-09-15 13:32 --------- d-------- C:\Program Files\Total Video Converter
2007-09-12 03:24 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 12:07 --------- d-------- C:\Program Files\Website Builder
2007-09-11 11:58 --------- d-------- C:\Program Files\PCPitstop
2007-09-11 11:49 --------- d-------- C:\Program Files\Advanced Font Viewer
2007-09-11 11:30 --------- d-------- C:\Program Files\Lavasoft
2007-09-11 10:09 --------- d-------- C:\Program Files\ewido anti-malware
2007-09-11 10:00 --------- d-------- C:\Program Files\Replay Converter
2007-09-11 09:58 --------- d-------- C:\Program Files\NoAdware4
2007-09-11 09:56 --------- d-------- C:\Program Files\Common Files\DAZ
2007-09-11 09:50 --------- d-------- C:\Program Files\iWin.com
2007-09-11 09:50 --------- d-------- C:\Program Files\Flash4D v5 - Home Edition Trial
2007-09-11 09:45 --------- d-------- C:\Program Files\Zards software
2007-09-11 09:44 --------- d-------- C:\Program Files\Bitcollider
2007-09-11 09:44 --------- d-------- C:\Program Files\Banner Maker Pro for Flash
2007-09-11 09:44 --------- d-------- C:\Program Files\Banner Maker Pro 6
2007-09-11 09:42 --------- d-------- C:\Program Files\Animated GIF Banner Maker
2007-09-08 11:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-09-07 13:49 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-07 13:49 434252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-09-07 13:49 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-07 13:49 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-07 09:26 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\ESTsoft
2007-09-07 09:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
2007-09-06 09:33 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-06 08:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-02 22:29 --------- d-------- C:\Program Files\XZAKTFrontFXFlash
2007-08-26 10:53 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-09 23:37 115200 --a------ C:\outsound.bin
2007-08-09 22:26 --------- d-------- C:\Program Files\GeoVid
2007-08-09 22:26 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\GeoVid
2007-08-09 22:22 --------- d-------- C:\Program Files\Ultra Video To Flash Converter
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 92504 --------- C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --------- C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --------- C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --------- C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --------- C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --------- C:\WINDOWS\system32\dllcache\wups.dll
2007-06-30 15:40 737280 --a------ C:\WINDOWS\iun6002.exe
2006-03-28 12:34 251 --------- C:\Program Files\wt3d.ini
2005-05-12 09:36 12288 --------- C:\WINDOWS\Fonts\RandFont.dll
2001-06-15 12:30 471098 --------- C:\DOCUME~1\HP_ADM~1\UNINSTAL.EXE
2001-06-14 13:25 1040384 --------- C:\DOCUME~1\HP_ADM~1\SETUPENU.DLL
2001-06-12 10:51 2826275 --------- C:\DOCUME~1\HP_ADM~1\zoo.exe
2001-06-12 10:20 466997 --------- C:\DOCUME~1\HP_ADM~1\lang0.dll
2001-06-07 13:38 118784 --------- C:\DOCUME~1\HP_ADM~1\res0.dll
2001-06-05 15:06 45056 --------- C:\DOCUME~1\HP_ADM~1\ImeUiRes.dll
2001-06-05 14:24 45056 --------- C:\DOCUME~1\HP_ADM~1\ImeUiResJpn.dll
2001-06-05 14:24 45056 --------- C:\DOCUME~1\HP_ADM~1\ImeUiResEnu.dll
2001-05-10 11:15 161184 --------- C:\DOCUME~1\HP_ADM~1\dw.exe
2001-05-10 11:15 1112504 --------- C:\DOCUME~1\HP_ADM~1\dwdebug.exe
2001-03-14 14:29 53300 --------- C:\DOCUME~1\HP_ADM~1\EBUEula.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-20_210215.79 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 65,536 2007-09-21 12:12:20 C:\WINDOWS\Installer\{32A72502-BC2C-4C39-ACEA-BC3D463F0697}\ARPPRODUCTICON.exe
----a-r 22,758 2007-09-21 12:11:01 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\ARPPRODUCTICON.exe
----a-r 65,536 2007-09-21 12:11:02 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut1.exe
----a-r 65,536 2007-09-21 12:11:02 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut2.exe
----a-r 65,536 2007-09-21 12:11:02 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut4.exe
----a-r 65,536 2007-09-21 12:11:01 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut5.exe
----a-r 65,536 2007-09-21 12:11:01 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut8.exe
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\02bf78654a17f7da57a4be756b6657c6\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\02bf78654a17f7da57a4be756b6657c6\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\02bf78654a17f7da57a4be756b6657c6\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\02bf78654a17f7da57a4be756b6657c6\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\spuninst.exe
------w 144,896 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\backup\sp2gdr\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\spuninst.exe
------w 395,776 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\backup\sp2gdr\rpcss.dll
------w 1,281,536 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\backup\sp2qfe\ole32.dll
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\1a72abe4120e101373a4e6a8f3333cc4\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\spuninst.exe
------w 123,904 2006-11-07 08:26:24 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\advpack.dll
------w 131,584 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\extmgr.dll
------w 54,784 2006-11-07 08:26:28 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ie4uinit.exe
------w 152,064 2006-11-07 08:26:56 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieakeng.dll
------w 229,376 2006-11-07 08:27:02 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieaksie.dll
------w 161,792 2006-11-07 08:25:14 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieakui.dll
------w 2,453,952 2007-04-03 04:36:20 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieapfltr.dat
------w 383,488 2007-04-03 14:46:37 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieapfltr.dll
------w 382,976 2006-11-07 08:27:10 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\iedkcs32.dll
------w 6,054,400 2007-03-07 17:45:16 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieframe.dll
------w 43,008 2006-11-07 08:26:28 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\iernonce.dll
------w 266,752 2007-03-07 17:45:16 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\iertutil.dll
------w 13,824 2007-02-27 08:20:47 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\ieudinit.exe
------w 622,080 2006-10-17 17:04:40 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\iexplore.exe
------w 27,136 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\jsproxy.dll
------w 458,752 2007-03-07 17:45:16 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\msfeeds.dll
------w 51,712 2007-03-07 17:45:16 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\msfeedsbs.dll
------w 3,577,856 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\mshtml.dll
------w 475,648 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\mshtmled.dll
------w 192,000 2006-10-17 17:05:10 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\msrating.dll
------w 670,720 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\mstime.dll
------w 101,376 2006-10-17 17:04:46 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\occache.dll
------w 105,984 2006-10-17 17:05:22 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\url.dll
------w 1,162,240 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\urlmon.dll
------w 231,424 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\webcheck.dll
------w 818,688 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2gdr\wininet.dll
------w 123,904 2006-11-07 08:26:24 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\advpack.dll
------w 131,584 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\extmgr.dll
------w 54,784 2006-11-07 08:26:28 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ie4uinit.exe
------w 152,064 2006-11-07 08:26:56 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ieakeng.dll
------w 229,376 2006-11-07 08:27:02 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ieaksie.dll
------w 161,792 2006-11-07 08:25:14 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ieakui.dll
------w 380,928 2006-10-17 16:27:56 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ieapfltr.dll
------w 382,976 2006-11-07 08:27:10 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\iedkcs32.dll
------w 6,049,280 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ieframe.dll
------w 43,008 2006-11-07 08:26:28 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\iernonce.dll
------w 266,752 2006-10-17 16:57:20 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\iertutil.dll
------w 13,312 2006-11-07 08:26:32 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\ieudinit.exe
------w 27,136 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\jsproxy.dll
------w 458,752 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\msfeeds.dll
------w 50,688 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\msfeedsbs.dll
------w 3,577,856 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\mshtml.dll
------w 475,648 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\mshtmled.dll
------w 192,000 2006-10-17 17:05:10 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\msrating.dll
------w 670,720 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\mstime.dll
------w 101,376 2006-10-17 17:04:46 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\occache.dll
------w 105,984 2006-10-17 17:05:22 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\url.dll
------w 1,162,240 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\urlmon.dll
------w 231,424 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\webcheck.dll
------w 818,688 2006-11-08 02:03:36 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\backup\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\1ba295bef2d06eaaa6232f30382de26b\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\286d3f4fe26a9c6ab877183f2e37aa91\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\286d3f4fe26a9c6ab877183f2e37aa91\spuninst.exe
------w 1,287,680 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\286d3f4fe26a9c6ab877183f2e37aa91\backup\sp2qfe\quartz.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\286d3f4fe26a9c6ab877183f2e37aa91\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\286d3f4fe26a9c6ab877183f2e37aa91\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\286d3f4fe26a9c6ab877183f2e37aa91\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\299962a31e45d27ead63e99f90e24465\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\299962a31e45d27ead63e99f90e24465\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\299962a31e45d27ead63e99f90e24465\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\299962a31e45d27ead63e99f90e24465\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\299962a31e45d27ead63e99f90e24465\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\spuninst.exe
------w 148,480 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\backup\sp2gdr\dnsapi.dll
------w 8,192 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\backup\sp2gdr\rasadhlp.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\2dde58e204c4be402ccbbcd0b600650e\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\spuninst.exe
------w 81,408 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\backup\sp2gdr\directdb.dll
------w 678,400 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\backup\sp2gdr\inetcomm.dll
------w 1,311,232 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\backup\sp2gdr\msoe.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\spuninst.exe
------w 333,312 2004-08-03 23:56:48 C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\backup\sp2gdr\wiaservc.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\spuninst.exe
------w 536,576 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\backup\sp2gdr\msado15.dll
------w 180,224 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\backup\sp2gdr\msadomd.dll
------w 200,704 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\backup\sp2gdr\msadox.dll
------w 102,400 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\backup\sp2gdr\msjro.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\update\updspapi.dll
----a-w 333,544 2005-02-07 22:59:43 C:\WINDOWS\SoftwareDistribution\Download\626eacb7c8acf36c15d9f790ff9b994b\WindowsXP-KB891781-x86-express-enu.exe
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\spuninst.exe
------w 39,936 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\backup\sp2gdr\mf3216.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\update\updspapi.dll
----a-w 14,048 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\70a4fbe7217488f673cf5d20367dabc9\spmsg.dll
----a-w 213,216 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\70a4fbe7217488f673cf5d20367dabc9\spuninst.exe
------w 256,512 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\70a4fbe7217488f673cf5d20367dabc9\backup\sp2gdr\agentsvr.exe
----a-w 22,752 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\70a4fbe7217488f673cf5d20367dabc9\update\spcustom.dll
----a-w 716,000 2005-10-12 23:16:51 C:\WINDOWS\SoftwareDistribution\Download\70a4fbe7217488f673cf5d20367dabc9\update\update.exe
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\70a4fbe7217488f673cf5d20367dabc9\update\updspapi.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\71c884b3a348fe876677e718ab666a66\spuninst.exe
------w 118,272 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\71c884b3a348fe876677e718ab666a66\backup\sp2gdr\umpnpmgr.dll
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\71c884b3a348fe876677e718ab666a66\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\7fc5ec3022b99fe3f9ce777d81a0a5f6\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\7fc5ec3022b99fe3f9ce777d81a0a5f6\spuninst.exe
----a-w 143,360 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\7fc5ec3022b99fe3f9ce777d81a0a5f6\backup\sp2gdr\msadco.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\7fc5ec3022b99fe3f9ce777d81a0a5f6\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\7fc5ec3022b99fe3f9ce777d81a0a5f6\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\7fc5ec3022b99fe3f9ce777d81a0a5f6\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\spuninst.exe
------w 229,888 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\catsrv.dll
------w 628,224 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\catsrvut.dll
------w 110,080 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\clbcatex.dll
------w 501,248 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\clbcatq.dll
------w 62,464 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\colbact.dll
------w 195,584 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\comadmin.dll
------w 540,160 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\comuid.dll
------w 243,200 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\es.dll
------w 7,680 2004-08-03 23:56:52 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\migregdb.exe
------w 1,281,536 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\ole32.dll
------w 395,776 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\backup\sp2gdr\rpcss.dll
----a-w 30,720 2005-07-26 00:21:18 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\8762af45850de85ac5e91f5a63cfe543\update\updspapi.dll
----a-w 7,168 2004-11-30 19:46:38 C:\WINDOWS\SoftwareDistribution\Download\9a2dcac64b311638f09a8890302a2c3e\spmsg.dll
----a-w 169,984 2004-12-01 01:22:42 C:\WINDOWS\SoftwareDistribution\Download\9a2dcac64b311638f09a8890302a2c3e\spuninst.exe
----a-w 21,504 2004-12-01 01:22:40 C:\WINDOWS\SoftwareDistribution\Download\9a2dcac64b311638f09a8890302a2c3e\update\spcustom.dll
----a-w 654,848 2004-11-30 19:46:40 C:\WINDOWS\SoftwareDistribution\Download\9a2dcac64b311638f09a8890302a2c3e\update\update.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a0d45ac61d8a7a5b7faa78852c46bf15\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\a0d45ac61d8a7a5b7faa78852c46bf15\spuninst.exe
------w 431,616 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\a0d45ac61d8a7a5b7faa78852c46bf15\backup\sp2gdr\riched20.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a0d45ac61d8a7a5b7faa78852c46bf15\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\a0d45ac61d8a7a5b7faa78852c46bf15\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\a0d45ac61d8a7a5b7faa78852c46bf15\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\spuninst.exe
----a-w 69,120 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\backup\sp2gdr\ciodm.dll
----a-w 1,435,648 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\backup\sp2gdr\query.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\a99eb7d5ff79aed3ff0979cb81b4434b\update\updspapi.dll
----a-w 14,048 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\ab3ff7345e588ae6b96775dfd8c062ed\spmsg.dll
----a-w 213,216 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\ab3ff7345e588ae6b96775dfd8c062ed\spuninst.exe
----a-w 22,752 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\ab3ff7345e588ae6b96775dfd8c062ed\update\spcustom.dll
----a-w 716,000 2005-10-12 23:16:51 C:\WINDOWS\SoftwareDistribution\Download\ab3ff7345e588ae6b96775dfd8c062ed\update\update.exe
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\ab3ff7345e588ae6b96775dfd8c062ed\update\updspapi.dll
----a-w 14,048 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\spmsg.dll
----a-w 209,632 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\spuninst.exe
------w 198,144 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\backup\sp2gdr\netman.dll
----a-w 30,720 2005-08-19 23:50:31 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\update\arpidfix.exe
----a-w 22,240 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\update\spcustom.dll
----a-w 718,048 2005-02-25 03:35:05 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\update\update.exe
----a-w 371,936 2005-02-25 03:35:06 C:\WINDOWS\SoftwareDistribution\Download\ad2c2d9dcaaf3288c7042746e49c8114\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\spuninst.exe
----a-w 924,432 2001-08-23 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\backup\sp2qfe\mfc40u.dll
----a-w 1,024,000 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\backup\sp2qfe\mfc42u.dll
----a-w 1,011,774 2007-01-19 20:15:24 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\sp2qfe\asms\60\msft\vcrtl\mfc42u.dll
----a-w 401,462 2007-01-19 20:15:24 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\sp2qfe\asms\60\msft\vcrtl\msvcp60.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\spuninst.exe
------w 8,384,000 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\backup\sp2gdr\shell32.dll
----a-w 925,184 2005-08-31 23:49:28 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 30,720 2005-09-26 22:36:24 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\update\arpidfix.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\update\updspapi.dll
----a-w 490,736 2005-04-12 03:19:42 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\WindowsXP-KB890859-x86-express-ENU.exe
----a-w 56,832 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp2gdr\authz.dll
------w 56,832 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\authz.dll
----a-w 925,184 2006-08-25 15:53:52 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
----a-w 617,472 2006-08-25 15:45:58 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\comctl32.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\spuninst.exe
------w 111,104 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\backup\sp2gdr\dhcpcsvc.dll
------w 148,480 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\backup\sp2gdr\dnsapi.dll
------w 94,720 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\backup\sp2gdr\iphlpapi.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\f800fb87a28ec4ca869706531385e23a\update\updspapi.dll
.
----a-r 65,536 2007-07-09 01:31:44 C:\WINDOWS\Installer\{32A72502-BC2C-4C39-ACEA-BC3D463F0697}\ARPPRODUCTICON.exe
----a-r 22,758 2007-07-09 01:30:56 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\ARPPRODUCTICON.exe
----a-r 65,536 2007-07-09 01:30:56 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut1.exe
----a-r 65,536 2007-07-09 01:30:56 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut2.exe
----a-r 65,536 2007-07-09 01:30:56 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut4.exe
----a-r 65,536 2007-07-09 01:30:56 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut5.exe
----a-r 65,536 2007-07-09 01:30:56 C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut8.exe
------w 56,832 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp2gdr\authz.dll
----a-w 56,832 2004-08-10 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\authz.dll
------w 925,184 2006-08-25 15:53:52 C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-07-05 20:09]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-07 13:48]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-07 13:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-07 13:49 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk.disabled]
backup=C:\WINDOWS\pss\Free WebSite Tools.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 06:44:00 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
"2007-09-07 15:46:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-21 07:29:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-15 06:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-09-19 06:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 08:49:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 8:57:03
C:\ComboFix-quarantined-files.txt ... 2007-09-21 08:57
C:\ComboFix2.txt ... 2007-09-20 21:04
.
--- E O F ---



Here is the new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:07 AM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Trend Micro\AntiVirus 2007\svc_au32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 8641 bytes


You are spending a lot of time with me.. I really appreciate it & will definately be donating!!!!!

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 September 2007 - 02:50 PM

OK,for the 2 programs you no longer use,id take the time when all things are sorted as well as we can get them and remove these.

So far it looks like things are getting a bit better,I see some windows updates were applied. :thumbsup:

As for trend,Im unfamiliar with the application but I wonder if you go to Add\Remove Programs and click the tab beside Trend,is there a repair option?

Since you have ActiveX still for Bit Defender and Pandas Nano Scan,try one of those now and let me know how it goes,if they complete with no issues,please save the report and post it in the next reply.

#14 Cheri_Esperon

Cheri_Esperon
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 23 September 2007 - 06:50 PM

Houston we have a problem.... I have been trying all weekend to run an anti-malware scan... any scan. I was able to get trend micro to run... it found nothing. But online scans keep hanging and spybot will not update. Comodo keeps crashing.. OMG I thought we were getting somewhere. I also keep getting errors that programs can't open because they are already in use.

Here is the HJT log. Do you see anything?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:56 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 8922 bytes

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 September 2007 - 07:42 PM

OK,first,find or download a new installer for comodo and then unplug your internet.

Im not a fan of trying to do a repair from add/remove programs but it is possible.

I believe your firewall has become corrupt and is no longer dependable.

I prefer you go to add\remove programs and remove commodo fully and then reboot.

Use your new installer and reinstall the application fresh.

Plug you internet back up and restart and go through the steps to configure commodo again.

After that,we will begin working on the other issues. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users