Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home Page Hijacked , Trojan , Hackers Have My Comp , Help


  • This topic is locked This topic is locked
15 replies to this topic

#1 gonefishin

gonefishin

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 27 August 2008 - 04:31 PM

Made the mistake of downloading a torrentbooster i seen on a youtube video . turns out the video is made by some hackers . after installing software home page changes to askyoda . trojan is installed . Trojan was detected and deleted by spyware doctor . homepage hijacked still remains . geting ocasional error messages . I seen a post on the internet some where about if you get your firefox browser hijacked to contact the the makers of firefox so I did .
the following is there reply to me an email .

From: "Mozilla Security" <security@mozilla.org>

The torrentspeed.zip download was identified by Sophos as "Mal/StartP-A"
and by Trend Micro as "TROJ_DROPPER.DO"
http://www.sophos.com/security/analyses/vi...malstartpa.html
http://www.trendmicro.com/vinfo/virusencyc...TROJ_DROPPER.DO

Several other scanners didn't find anything suspicious, but these things
mutate fairly quickly to avoid detection. That's a pretty generic
identification, it's a small bit of code that downloads the real payload
which is now running loose on your computer.

Disabling the addons in IE7 is unlikely to have cleaned up your
computer, usually these things install quite a collection of different
nasties. In fact, easy-to-remove IE7 modifications may just be extras
thrown in so you'd think you "fixed" the problem.

At the very least you're going to have to scan and clean your computer
using an anti-virus program that comes with an emergency "boot disk". By
running your computer in a limited mode from a CD the anti-virus
software can scan your hard drives without the bad stuff being able to
detect and hide from the scan.


I dont know anything about creating emergancy boot disks .

I currently have avast antivirus , spyware doctor , malwarebytes , sdfix , windows defender and spybot search destory , ccleaner , and Atf cleaner all installed . I recently had a rootkit forever that caused similar problems
and had to whipe my computer with the restore disks . and my restore disks have about had it there so old and scratched I dunno if they will work again to be quite honest .
and i dont know nothing about making an antivirus disk arent they made by a floppy ? I dont even have a floppy on my computer . im not very computer smart I know a tad about computers but not enough . im hopeing you guys can help me get my comp running normal . Just know this im not the smartest guy in the world when it comes to computer talk


any ways here is my hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:18 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: exet.lnk = C:\WINDOWS\system32\setup.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: R - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9018 bytes

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 30 August 2008 - 07:23 PM

Hello and welcome to BC


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
    Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply please post back with the following reports:
  • RSIT log.txt
  • RSIT info.txt
  • Kaspersky report
Regards
SNOWHITE
Posted Image

#3 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 31 August 2008 - 10:32 AM

Im gonna try to upload the file here that started the whole mess on my computer . maybe someone wants look at it . sent it to panda and norton as well . panada emailed replied back and said they detected Trojan/Agent.JSO .
the file i uploaded im gonna stress here all of the antivrus ive scanned it with pretty much show the file is clean .
as i stated in another post i uploaded the file to one of those istes with multiple antivirus scans for files . and i think if i can remember it was like 36 scans and only one could detect anything . I was told to run kaspersky online scanner . i havent got around to that yet . But the file i uploaded to yall now and sent to antivirus companys is setting in a zip folder on my comp hamrlessly as long as i dont click the files and try to install the thing ya know . but im willing to bet the kaspersky online scan will not detect that though it should . just trying to stress how good this junk is at hiding so you dont think well we had gonefishin scan with this online scanner and that online scanner and they didnt detect anything guess hes hes just maken it up or paranoid .

heres some info on the file Trojan/Agent.JSO


Name Trojan.Agent.jso
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan
Category Description Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer

now here is the rsit log


Logfile of random's system information tool (written by random/random)
Run by Compaq_Owner at 2008-08-31 09:55:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 157 GB (86%) free of 183 GB
Total RAM: 446 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:34 AM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: exet.lnk = C:\WINDOWS\system32\setup.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: R - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7869 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-08-16 121120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-08-16 121120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2006-01-24 1519616]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-17 185896]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe
exet.lnk - C:\WINDOWS\system32\setup.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Compaq_Owner\Desktop\icp\utorrent_1.1.7.1.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\icp\utorrent_1.1.7.1.exe:*:Enabled:utorrent_1.1.7.1"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S3N3J3B4\utorrent_1.4.2-beta-build-427[1].exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S3N3J3B4\utorrent_1.4.2-beta-build-427[1].exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-08-31 09:55:23 ----D---- C:\rsit
2008-08-30 20:57:36 ----D---- C:\Downloads
2008-08-30 20:57:08 ----D---- C:\Program Files\BitComet
2008-08-30 12:00:28 ----D---- C:\Program Files\LimeWire
2008-08-29 17:36:22 ----D---- C:\Program Files\Spyware Doctor
2008-08-29 17:36:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2008-08-28 20:17:19 ----SHD---- C:\Config.Msi
2008-08-28 20:10:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-28 14:38:40 ----D---- C:\Program Files\Common Files\PC Tools
2008-08-27 22:25:59 ----D---- C:\fsaua.data
2008-08-26 17:21:28 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-08-26 17:21:25 ----D---- C:\Program Files\Alwil Software
2008-08-26 17:02:29 ----D---- C:\Program Files\Trend Micro
2008-08-26 10:55:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-08-25 20:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 12:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 12:00:44 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-25 12:00:44 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-08-25 10:38:27 ----A---- C:\WINDOWS\setuplog.txt
2008-08-25 10:37:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-25 09:30:28 ----D---- C:\Program Files\EsetOnlineScanner
2008-08-24 16:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-08-24 16:04:41 ----D---- C:\WINDOWS\ERUNT
2008-08-24 15:57:52 ----D---- C:\SDFix
2008-08-24 01:05:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-08-24 01:05:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 01:05:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 16:27:07 ----A---- C:\WINDOWS\system32\settings46.txt
2008-08-22 16:26:07 ----A---- C:\WINDOWS\system32\settings45.txt
2008-08-21 18:21:03 ----D---- C:\WINDOWS\ie7updates
2008-08-21 18:20:20 ----D---- C:\WINDOWS\WBEM
2008-08-21 18:19:03 ----HDC---- C:\WINDOWS\ie7
2008-08-21 18:18:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-21 18:18:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-21 18:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-08-21 18:18:02 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-21 18:15:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-21 18:15:21 ----D---- C:\WINDOWS\network diagnostic
2008-08-21 18:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-08-21 18:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-08-21 18:11:51 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-21 16:22:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\HPQ
2008-08-19 11:34:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 11:24:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
2008-08-18 14:34:13 ----D---- C:\WINDOWS\Sun
2008-08-18 14:34:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
2008-08-17 21:21:48 ----A---- C:\WINDOWS\cdplayer.ini
2008-08-17 21:20:30 ----D---- C:\Program Files\Common Files\xing shared
2008-08-17 21:20:16 ----D---- C:\Program Files\Real
2008-08-17 21:13:18 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Any Video Converter
2008-08-17 21:13:14 ----D---- C:\Program Files\Any Video Converter
2008-08-17 21:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 13:43:49 ----D---- C:\Program Files\QuickTime
2008-08-16 13:43:44 ----D---- C:\Program Files\Xilisoft
2008-08-16 09:39:13 ----D---- C:\Program Files\Common Files\McAfee
2008-08-16 09:38:38 ----D---- C:\Program Files\McAfee
2008-08-16 09:30:49 ----D---- C:\Program Files\Paint.NET
2008-08-16 09:29:15 ----D---- C:\Program Files\MSBuild
2008-08-16 09:29:10 ----D---- C:\WINDOWS\system32\XPSViewer
2008-08-16 09:29:03 ----D---- C:\WINDOWS\system32\en-us
2008-08-16 09:29:03 ----D---- C:\Program Files\Reference Assemblies
2008-08-16 09:28:34 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-08-16 09:25:34 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-08-16 09:25:25 ----D---- C:\Program Files\MSXML 6.0
2008-08-15 16:49:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-15 16:43:40 ----D---- C:\Program Files\CCleaner
2008-08-15 16:29:58 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SiteAdvisor
2008-08-15 16:26:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-08-15 16:26:35 ----D---- C:\Program Files\Mozilla Firefox
2008-08-14 19:43:03 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DVD Flick
2008-08-14 19:42:40 ----D---- C:\Program Files\DVD Flick
2008-08-14 18:53:45 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-08-14 17:46:30 ----A---- C:\WINDOWS\system32\unrar.dll
2008-08-14 17:46:29 ----A---- C:\WINDOWS\avisplitter.ini
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-08-14 17:46:26 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-08-14 17:46:26 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-08-14 17:46:24 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-14 17:46:24 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-08-14 17:46:23 ----D---- C:\Program Files\K-Lite Codec Pack
2008-08-14 17:46:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2008-08-14 17:46:23 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2008-08-14 17:03:33 ----D---- C:\Program Files\DivX
2008-08-14 16:35:49 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
2008-08-14 16:33:48 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
2008-08-14 09:41:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Media Player Classic
2008-08-14 09:37:24 ----D---- C:\Program Files\Essentials Codec Pack
2008-08-12 19:06:42 ----D---- C:\Program Files\YouTube Downloader
2008-08-11 14:32:32 ----D---- C:\Program Files\Sun
2008-08-11 14:32:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-11 14:32:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-11 14:32:22 ----A---- C:\WINDOWS\system32\java.exe
2008-08-11 11:49:08 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-08-11 11:46:46 ----D---- C:\Program Files\SiteAdvisor
2008-08-11 11:46:41 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-11 11:46:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-11 11:34:38 ----SHD---- C:\RECYCLER
2008-08-11 10:27:32 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-11 03:00:34 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-11 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-10 22:52:26 ----D---- C:\WINDOWS\Prefetch
2008-08-10 22:50:07 ----SHD---- C:\System Volume Information
2008-08-10 22:49:05 ----RASH---- C:\BOOT.BAK
2008-08-10 22:48:50 ----RSHD---- C:\cmdcons
2008-08-10 22:48:50 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-08-10 22:48:47 ----D---- C:\WINDOWS\setup.pss
2008-08-10 22:48:29 ----D---- C:\WINDOWS\setupupd
2008-08-10 22:37:40 ----RHD---- C:\MSOCache
2008-08-10 22:37:02 ----RSD---- C:\WINDOWS\assembly
2008-08-10 22:36:55 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-10 22:34:13 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-08-10 22:18:48 ----D---- C:\temp
2008-08-10 21:07:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-10 21:07:23 ----A---- C:\YServer.txt
2008-08-10 21:07:15 ----D---- C:\Program Files\Yahoo!
2008-08-10 21:01:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-10 21:00:28 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2008-08-10 20:59:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Google
2008-08-10 20:58:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia
2008-08-10 20:58:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-08-10 20:55:47 ----ASH---- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
2008-08-10 20:55:43 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2008-08-10 20:55:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Intuit
2008-08-10 20:55:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Identities
2008-08-10 20:52:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-07-25 03:36:00 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-07-25 03:34:54 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-07-25 03:34:52 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-07-25 03:34:50 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-07-25 03:34:42 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-07-25 03:34:36 ----A---- C:\WINDOWS\system32\DivX.dll
2008-07-25 03:34:30 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-23 11:50:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 11:46:38 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 catchme;catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\system32\drivers\ikfilesec.sys []
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\sr.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 211232]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 R;R; C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------





and here is the rsit info


info.txt logfile of random's system information tool 2008-08-31 09:55:36

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Alien Outbreak 2-->"C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe"
Ancient Sudoku-->"C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
Any Video Converter 2.5.9-->"C:\Program Files\Any Video Converter\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bejeweled 2 Deluxe-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Big Kahuna Reef-->"C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Remix-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
Bookworm Deluxe-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
Bounce Symphony-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Diner Dash-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Fairies-->"C:\Program Files\HP Games\Fairies\Uninstall.exe"
Family Feud-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FATE-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
Flip Words-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Support Overview-->"C:\WINDOWS\unins000.exe"
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Insaniquarium Deluxe-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
K-Lite Mega Codec Pack 4.1.4-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
Mah Jong Quest-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint.NET v3.35-->MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Poker Superstars-->"C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Ricochet Lost Worlds-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Xilisoft Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Hosts File

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

Security center information

AV: avast! antivirus 4.8.1229 [VPS 080830-0]
FW: Norton Internet Worm Protection (disabled)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------


Note : I havent had time to do the kaspersky online scan .
I will try to get it up here soon as I can gotta busy day today . so not sure when i'll get the kaspersky scan log up .
It might end up being late tonight at 12 am . or tomorrow morning some time .
But I figured i'd at least get the rsit logs up in case someone comes along to look

2nd Note: box pops up soon as i log on my account and it says

windows xp set up

please go to control panel to install and configure components

The monitor is doing weird things also . like it will go off some times when loading a site then come back on
never done that before . and I know its not the monitor messing up . .
Also it done it while restarting computer as windows was loading monitor went black . then comes back on and shows me loged in on my acount

Edited by SNOWHITE, 31 August 2008 - 10:54 AM.
Removed attachment with malicious file


#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 31 August 2008 - 11:01 AM

Hello again,

I have removed the attachment to prevent someone from downloading it and infect their system, I will send it to antivirus companies so they can add detection to it, so thanks for the file.

Please give me some time to check your reports and I will post back to you when done, please also run the kaspersky scan and post back with the report, that can help us to make decision how to proceed with next steps.

Thank you
SNOWHITE
Posted Image

#5 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 31 August 2008 - 01:19 PM

I scanned with kaspersky online scan . Just to make a point I left the file I uploaded to bleeping on my computer in a folder . figure if kaspersky couldnt detect that file right on my desk top doubt it would be able to detect any hidden threats . I was right kaspersky didnt detect the file on my desk top . I have now deleted the file off my desk top so it wont cause any confusion at a later date in a log or future scan or fix .......



Sunday, August 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 31, 2008 15:31:42
Records in database: 1172087
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Files scanned 85915
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:45:05

No malware has been detected. The scan area is clean.
The selected area was scanned.


guess i need to add this in dunno if it matters or not . but in my first post with just the hijack this before doing the logs as requested to ..... in just my firsthijack this post . it showed a couple of r1 numbers and had redirections on them .
I didnt think they looked right and they redirected to this small aol google search bar in the middle of a blank page i believe it was . and the original trojan that i got out with spyware doctor disgised its self as an AOL icon on my desktop .
So i figured since the redirect was strange looking and had aol in it . id go head and click fix on on hijack this .

Thought i better say this in case this makes a huge difference in somthun

Edited by gonefishin, 31 August 2008 - 01:39 PM.


#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 01 September 2008 - 08:59 PM

Hello gonefishin :thumbsup:

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK


Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - Startup: exet.lnk = C:\WINDOWS\system32\setup.exe
O23 - Service: R - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R.exe (file missing)


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete these files:

C:\WINDOWS\system32\settings46.txt <-- This file
C:\WINDOWS\system32\settings45.txt <-- This file
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\exet.lnk <-- This file

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.* Older Java versions have vulnerabilities that malicious sites can use to exploit and infect your system, therefor it is better that are removed from the computer

J2SE Runtime Environment 5.0 Update 5

Optional:
* The next program is very likely the reason your system is infested with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this programs from your system.

LimeWire 4.18.6

* Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.


WildTangent Web Driver
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Next:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
I do not see sign of installed and active firewall program at your reports, I see you have/had Norton Internet Worm Protection but it looks to me like a leftover.. Please let me know do you have firewall at your computer which is working properly.

Post back with the following reports:
  • SUPERAntiSpyware Scan Log
  • Blacklight report
  • Fresh RSIT log.txt
Let me know how is the computer running and of any remaining problems.

Regards
SNOWHITE
Posted Image

#7 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 01 September 2008 - 09:58 PM

Hi

Im to the part about

Use Windows Explorer to find and delete these files:

C:\WINDOWS\system32\settings46.txt <-- This file
C:\WINDOWS\system32\settings45.txt <-- This file
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\exet.lnk <-- This file

I dleted the first 2 no prob . but the last one isnt showing up . theres only 2 objects in the start up folder .
one says adobe media player short cut and the other is somethun called desktop.ini and says configuration settings
also the desktop.ini poped up on my desktop when i made the hidden stuff in the folder present . when i click on desktop.ini it opens up notepad and says the following

[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://windowsmedia.com/redir/buynow9.asp?providerName=AMG&albumID=175AB2D3-4040-44DF-8D8C-E5290FD3811D&a_id=R%20

musicbuyurl hmm that file looks suspicious to me . should i delete that ? and what about the file i cant find . what should i do . im fixing to do the rest of the stuff you sugested but thought id ask about the file

#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 01 September 2008 - 10:01 PM

Hi, just proceed with the rest of the steps.

desktop.ini is a legit file, they are hidden by default .
SNOWHITE
Posted Image

#9 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 01 September 2008 - 11:40 PM

new logs for bleeping

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2008 at 10:55 PM

Application Version : 4.20.1046

Core Rules Database Version : 3553
Trace Rules Database Version: 1542

Scan type : Complete Scan
Total Scan Time : 00:36:59

Memory items scanned : 379
Memory threats detected : 0
Registry items scanned : 5629
Registry threats detected : 0
File items scanned : 80979
File threats detected : 0


the fsbl-20080902040950.log

09/01/08 23:09:50 [Info]: BlackLight Engine 1.0.70 initialized
09/01/08 23:09:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/01/08 23:09:50 [Note]: 7019 4
09/01/08 23:09:50 [Note]: 7005 0
09/01/08 23:09:58 [Note]: 7006 0
09/01/08 23:09:58 [Note]: 7022 0
09/01/08 23:09:58 [Note]: 7011 1572
09/01/08 23:09:58 [Note]: 7035 0
09/01/08 23:09:58 [Note]: 7026 0
09/01/08 23:09:58 [Note]: 7026 0
09/01/08 23:10:07 [Note]: FSRAW library version 1.7.1024
09/01/08 23:15:37 [Note]: 7007 0

thats all that was in the log figured there be more to it than that ...

just have the windows firewall on .

by the way the funny setup box and the other stuff quit.
after clicking fix on the hijack this log.only thing i can see with my eyes
thats wrong now is that firefox browser is still hijacked .

oh and i was gonna ask u about this on word pad . all the saved have .rtf at the end
example i saved all these logs on word pad to post and saved it as new logs for bleeping
and it shows it as new logs for bleeping.rtf
thought id ask its never done that before and i use word pad all the time ...


rsit log.txt

Logfile of random's system information tool (written by random/random)
Run by Compaq_Owner at 2008-09-01 23:18:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 155 GB (85%) free of 183 GB
Total RAM: 446 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:22 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7841 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-08-16 121120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-08-16 121120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2006-01-24 1519616]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-17 185896]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Compaq_Owner\Desktop\icp\utorrent_1.1.7.1.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\icp\utorrent_1.1.7.1.exe:*:Enabled:utorrent_1.1.7.1"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S3N3J3B4\utorrent_1.4.2-beta-build-427[1].exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S3N3J3B4\utorrent_1.4.2-beta-build-427[1].exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{705fd1f7-6758-11dd-a390-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


List of files/folders created in the last three months

2008-09-01 23:08:41 ----A---- C:\fsbl.exe
2008-09-01 22:04:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-01 19:24:34 ----D---- C:\SMCLpav
2008-09-01 18:47:31 ----D---- C:\Program Files\Panda Security
2008-09-01 10:04:37 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-08-31 23:59:48 ----D---- C:\Program Files\uTorrent
2008-08-31 09:55:23 ----D---- C:\rsit
2008-08-30 20:57:36 ----D---- C:\Downloads
2008-08-30 20:57:08 ----D---- C:\Program Files\BitComet
2008-08-30 12:00:28 ----D---- C:\Program Files\LimeWire
2008-08-29 17:36:22 ----D---- C:\Program Files\Spyware Doctor
2008-08-29 17:36:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2008-08-28 20:10:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-28 14:38:40 ----D---- C:\Program Files\Common Files\PC Tools
2008-08-27 22:25:59 ----D---- C:\fsaua.data
2008-08-26 17:21:28 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-08-26 17:21:25 ----D---- C:\Program Files\Alwil Software
2008-08-26 17:02:29 ----D---- C:\Program Files\Trend Micro
2008-08-26 10:55:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-08-25 20:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 12:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-25 12:00:44 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-25 12:00:44 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-08-25 10:38:27 ----A---- C:\WINDOWS\setuplog.txt
2008-08-25 10:37:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-24 16:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-08-24 16:04:41 ----D---- C:\WINDOWS\ERUNT
2008-08-24 15:57:52 ----D---- C:\SDFix
2008-08-24 01:05:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-08-24 01:05:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 01:05:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 16:26:07 ----A---- C:\WINDOWS\system32\settings45.txt
2008-08-21 18:21:03 ----D---- C:\WINDOWS\ie7updates
2008-08-21 18:20:20 ----D---- C:\WINDOWS\WBEM
2008-08-21 18:19:03 ----HDC---- C:\WINDOWS\ie7
2008-08-21 18:18:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-21 18:18:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-21 18:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-08-21 18:18:02 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-21 18:15:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-21 18:15:21 ----D---- C:\WINDOWS\network diagnostic
2008-08-21 18:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-08-21 18:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-08-21 18:11:51 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-21 16:22:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\HPQ
2008-08-19 11:34:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 11:24:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
2008-08-18 14:34:13 ----D---- C:\WINDOWS\Sun
2008-08-18 14:34:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
2008-08-17 21:21:48 ----A---- C:\WINDOWS\cdplayer.ini
2008-08-17 21:20:30 ----D---- C:\Program Files\Common Files\xing shared
2008-08-17 21:20:16 ----D---- C:\Program Files\Real
2008-08-17 21:13:18 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Any Video Converter
2008-08-17 21:13:14 ----D---- C:\Program Files\Any Video Converter
2008-08-17 21:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 13:43:49 ----D---- C:\Program Files\QuickTime
2008-08-16 13:43:44 ----D---- C:\Program Files\Xilisoft
2008-08-16 09:39:13 ----D---- C:\Program Files\Common Files\McAfee
2008-08-16 09:38:38 ----D---- C:\Program Files\McAfee
2008-08-16 09:30:49 ----D---- C:\Program Files\Paint.NET
2008-08-16 09:29:15 ----D---- C:\Program Files\MSBuild
2008-08-16 09:29:10 ----D---- C:\WINDOWS\system32\XPSViewer
2008-08-16 09:29:03 ----D---- C:\WINDOWS\system32\en-us
2008-08-16 09:29:03 ----D---- C:\Program Files\Reference Assemblies
2008-08-16 09:28:34 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-08-16 09:25:34 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-08-16 09:25:25 ----D---- C:\Program Files\MSXML 6.0
2008-08-15 16:49:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-15 16:43:40 ----D---- C:\Program Files\CCleaner
2008-08-15 16:29:58 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SiteAdvisor
2008-08-15 16:26:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-08-15 16:26:35 ----D---- C:\Program Files\Mozilla Firefox
2008-08-14 19:43:03 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DVD Flick
2008-08-14 19:42:40 ----D---- C:\Program Files\DVD Flick
2008-08-14 18:53:45 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-08-14 17:48:59 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-08-14 17:46:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-08-14 17:46:30 ----A---- C:\WINDOWS\system32\unrar.dll
2008-08-14 17:46:29 ----A---- C:\WINDOWS\avisplitter.ini
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-08-14 17:46:27 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-08-14 17:46:26 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-08-14 17:46:26 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-08-14 17:46:24 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-14 17:46:24 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-08-14 17:46:23 ----D---- C:\Program Files\K-Lite Codec Pack
2008-08-14 17:46:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2008-08-14 17:46:23 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2008-08-14 17:03:33 ----D---- C:\Program Files\DivX
2008-08-14 16:35:49 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
2008-08-14 16:33:48 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
2008-08-14 09:41:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Media Player Classic
2008-08-14 09:37:24 ----D---- C:\Program Files\Essentials Codec Pack
2008-08-12 19:06:42 ----D---- C:\Program Files\YouTube Downloader
2008-08-11 14:32:32 ----D---- C:\Program Files\Sun
2008-08-11 14:32:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-11 14:32:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-11 14:32:22 ----A---- C:\WINDOWS\system32\java.exe
2008-08-11 11:49:08 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-08-11 11:46:46 ----D---- C:\Program Files\SiteAdvisor
2008-08-11 11:46:41 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-11 11:46:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-11 11:34:38 ----SHD---- C:\RECYCLER
2008-08-11 10:27:32 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-11 03:00:34 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-11 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-10 22:52:26 ----D---- C:\WINDOWS\Prefetch
2008-08-10 22:50:07 ----SHD---- C:\System Volume Information
2008-08-10 22:49:05 ----RASH---- C:\BOOT.BAK
2008-08-10 22:48:50 ----RSHD---- C:\cmdcons
2008-08-10 22:48:50 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-08-10 22:48:47 ----D---- C:\WINDOWS\setup.pss
2008-08-10 22:48:29 ----D---- C:\WINDOWS\setupupd
2008-08-10 22:37:40 ----RHD---- C:\MSOCache
2008-08-10 22:37:02 ----RSD---- C:\WINDOWS\assembly
2008-08-10 22:36:55 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-10 22:34:13 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-08-10 22:18:48 ----D---- C:\temp
2008-08-10 21:07:38 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-10 21:07:23 ----A---- C:\YServer.txt
2008-08-10 21:07:15 ----D---- C:\Program Files\Yahoo!
2008-08-10 21:01:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-10 21:00:28 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2008-08-10 20:59:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Google
2008-08-10 20:58:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia
2008-08-10 20:58:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-08-10 20:55:47 ----ASH---- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
2008-08-10 20:55:43 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2008-08-10 20:55:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Intuit
2008-08-10 20:55:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Identities
2008-08-10 20:52:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-07-25 03:36:00 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-07-25 03:34:54 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-07-25 03:34:52 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-07-25 03:34:50 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-07-25 03:34:42 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-07-25 03:34:36 ----A---- C:\WINDOWS\system32\DivX.dll
2008-07-25 03:34:30 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-23 11:50:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 11:46:38 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 catchme;catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\system32\drivers\ikfilesec.sys []
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 211232]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 R;R; C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R.exe []

-----------------EOF-----------------

#10 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 02 September 2008 - 12:43 PM

I took a picture of the firefox browser so you could see it .

I circled couple things on the picture in red . at the very top I circled some kinda house thats stuck on the browser and if you run mouse pointer over it has askyoda . com on it . and at the bottom circled mcafee site advisor it moved it from
top left of screen to the very bottom for some reason . ...

http://s231.photobucket.com/albums/ee33/ma...nt=11111111.jpg



in my last post i said hey the word pad logs have .rtf at the end i noticed my pics now all have .jpg at the end . is that to do with me showing hidden files ?

By the way thanks for the help Snow I appreciate it :thumbsup:

also I read your reply to another user saying he should use a different firewall instead of windows firewall . so I added zone alarm free firewall

Edited by gonefishin, 02 September 2008 - 01:21 PM.


#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 03 September 2008 - 08:46 PM

Hello gonefishin :thumbsup:

Lets proceed with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


Regards
SNOWHITE
Posted Image

#12 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 03 September 2008 - 10:28 PM

I dunno if im going to be able to do combofix its to technical and im not smart neough about this kind of stuff. and am confused after trying to read the instructions . like no set of windows cd's came with my computer . I went to the link on microsoft and it has some kind of isntructions to make the windows disk and says the flollwing

Who should download the Setup disks?
You should download the Setup disks if all the following conditions are true:

• You are installing a new, full retail version of Windows XP.

Note An upgrade installation of Windows XP does not require the Setup disks.
• You have a working CD drive, but you cannot start your computer from your CD-ROM.
• You can start your computer from a floppy disk drive.

I do not have a floppy drive .

also it says on bleepingcomputer

If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.

I have an xp service pack 2 home computer . and its saying if you have service pack 3 to pick service pack 2 ?
and if your useing xp media center . i ddont even know what that is xp media center ?? to use windows xp pro ?

I dont think theres anyway I can do this. Im not smart enough or ocmputer savy to do all of these things . Might just have to leave my comp infected and say thanks for the help

Edited by gonefishin, 03 September 2008 - 10:31 PM.


#13 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 03 September 2008 - 10:59 PM

Don't worry gonefishin :thumbsup:

I will post more detailed instructions later, that will be easy to follow.

Now It is 6 am here, and I am very tired, so I need to take a rest. Will post back to you after I get some sleep.

Regards
SNOWHITE
Posted Image

#14 gonefishin

gonefishin
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 PM

Posted 04 September 2008 - 03:07 PM

Had to take computer to a computer shop owner for an un-related issue . The sound is messing up im pretty sure its the sound card . since its been doing it since i bought the pc about 2 years ago the sound has a high pitch beep ocasionally . That has become more frequent and worse over time to the point of being anoying.... if try to listen to anything music wise or watch a video . Figure since im having some fixs that ... told his wife to tell him to fix hijacked browser and clean out infection

Gone Fishin

Edited by gonefishin, 04 September 2008 - 03:07 PM.


#15 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:40 PM

Posted 05 September 2008 - 02:47 PM

Had to take computer to a computer shop owner for an un-related issue . The sound is messing up im pretty sure its the sound card . since its been doing it since i bought the pc about 2 years ago the sound has a high pitch beep ocasionally . That has become more frequent and worse over time to the point of being anoying.... if try to listen to anything music wise or watch a video . Figure since im having some fixs that ... told his wife to tell him to fix hijacked browser and clean out infection

Gone Fishin

Thanks for letting me know gonefishin :thumbsup:

Regards
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users