Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo And Maybe More


  • This topic is locked This topic is locked
4 replies to this topic

#1 tarnation

tarnation

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 30 August 2008 - 08:28 AM

Hi, this is not my computer's Hijackthis log, it is a friends, however the issues he is having are slowing down all internet browsers he has (firefox and IE) to t point where they will not load a site, thus I am posting his log for him.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:03 PM, on 8/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.103\ccSvcHst.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\AJO170\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0CA34611-82A6-4146-8DF8-0CDA87FA1FAD} - C:\Users\AJO170\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB9WM8SH\3077htsbdjyf[1].dll
O2 - BHO: (no name) - {2643BE8D-FD3C-4283-A321-D202FC176F3D} - C:\Windows\system32\vtUnkkkH.dll
O2 - BHO: (no name) - {35CFE9B1-81C2-4D01-A350-A759292AD7FC} - C:\Windows\system32\wvUkIYoL.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8C9FE254-BA2D-4893-8290-C4E72E1C6CA5} - C:\Windows\system32\rqRLcYSK.dll
O2 - BHO: {bf822187-7f32-ac99-f5d4-9a181e88058d} - {d85088e1-81a9-4d5f-99ca-23f7781228fb} - C:\Windows\system32\bnglyb.dll
O2 - BHO: (no name) - {FCE07C09-0DE8-4AB2-8F17-59C7528657Cc} - C:\Windows\system32\rvbbpkbg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\coIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUkIYoL.dll,#1
O4 - HKLM\..\Run: [769d420e] rundll32.exe "C:\Windows\system32\irotylrw.dll",b
O4 - HKLM\..\Run: [BM75ae7192] Rundll32.exe "C:\Windows\system32\bekgcqqg.dll",s
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D43F928-AAE0-456E-9805-BD6B009CED03}: NameServer = 10.66.160.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11431 bytes

I also just want to say thanks guys, you do a great service here. Is there any way I can donate to this forum? I would love to help you guys in any way I can.

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 30 August 2008 - 12:31 PM

Hi Tarnation. :thumbsup: My name is Extremeboy and I will be helping you with your log.

I will need some time to look over your computer's log(s).

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic.
The topics you are tracking can be found here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Important Note to Others: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 tarnation

tarnation
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 01 September 2008 - 07:19 PM

info.txt logfile of random's system information tool 2008-09-01 20:30:05

Uninstall list

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Age of Empires III-->C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
AIM 6-->C:\Program Files\AIM6\uninst.exe
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
AVI Movie Player-->C:\Program Files\AVI Movie Player\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWiSVHez.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
DigitalPersona Personal 3.0.0-->MsiExec.exe /I{C7AF7F33-9092-997E-2D29-DE8095863FE3}
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Users\AJO170\Downloads\HijackThis.exe" /uninstall
Hotspot Shield 1.05-->C:\Program Files\Hotspot Shield\Uninstall.exe
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}\setup\hpzscr01.exe -datfile hphscr26.dat -onestop
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HP User Guides 0090-->MsiExec.exe /I{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mm.BOT-->"C:\Windows\mm.BOT\uninstall.exe" "/U:C:\Windows\mm.BOT\uninstall.xml"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\3EAA38BF\16.0.0.103\InstallStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenSSL 0.9.6m-->C:\OpenSSL\unins000.exe
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb955433)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->"C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"

Security center information

AS: Windows Defender

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:
"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf

-----------------EOF-----------------






















Logfile of random's system information tool (written by random/random)
Run by AJO170 at 2008-09-01 20:29:41
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 144 GB (49%) free of 293 GB
Total RAM: 3070 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:03 PM, on 9/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.103\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.103\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AJO170\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\AJO170\Downloads\AJO170.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0CA34611-82A6-4146-8DF8-0CDA87FA1FAD} - C:\Users\AJO170\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB9WM8SH\3077htsbdjyf[1].dll
O2 - BHO: (no name) - {2F9FD046-0B98-4A23-9C46-CA8A8AB4CAE6} - C:\Windows\system32\vtUnkkkH.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM75ae7192] Rundll32.exe "C:\Windows\system32\iylelskn.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D43F928-AAE0-456E-9805-BD6B009CED03}: NameServer = 10.66.160.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13176 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CA34611-82A6-4146-8DF8-0CDA87FA1FAD}]
C:\Users\AJO170\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB9WM8SH\3077htsbdjyf[1].dll [2008-08-27 91648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F9FD046-0B98-4A23-9C46-CA8A8AB4CAE6}]
C:\Windows\system32\vtUnkkkH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\coIEPlg.dll [2008-08-26 341872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\IPSBHO.DLL [2008-08-26 103800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.0.0.103\coIEPlg.dll [2008-08-26 341872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-03-11 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-25 174616]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-17 218408]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2007-09-20 671744]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-07-16 1166216]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-19 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-19 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"Aim6"= []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"BM75ae7192"=C:\Windows\system32\iylelskn.dll [2008-08-30 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM75ae7192]
C:\Windows\system32\iylelskn.dll [2008-08-30 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\awtsRiih.dll []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\AJO170\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\vtUnkkkH
"authentication packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4edbaa6a-5863-11dd-b5f3-001e37e972ed}]
shell\AutoRun\command - K:\LaunchU3.exe -a


List of files/folders created in the last three months

2008-09-01 20:29:41 ----D---- C:\rsit
2008-09-01 18:10:06 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-01 16:54:54 ----D---- C:\Windows\system32\quicktime
2008-09-01 16:54:53 ----D---- C:\Program Files\AVI Movie Player
2008-08-30 15:37:43 ----D---- C:\ProgramData\PC Tools
2008-08-30 12:40:41 ----D---- C:\Program Files\Common Files\PC Tools
2008-08-30 11:55:23 ----A---- C:\Windows\system32\ptpgdosk.dll
2008-08-30 11:53:10 ----A---- C:\Windows\system32\dmhqxcpl.exe
2008-08-30 11:51:49 ----AD---- C:\ProgramData\TEMP
2008-08-30 11:51:45 ----A---- C:\Windows\system32\gygkbjtl.dll
2008-08-30 11:51:44 ----SH---- C:\Windows\system32\ayrkxotq.ini
2008-08-30 11:51:27 ----D---- C:\Users\AJO170\AppData\Roaming\PC Tools
2008-08-30 11:51:27 ----D---- C:\Program Files\Spyware Doctor
2008-08-30 11:49:23 ----A---- C:\Windows\system32\iylelskn.dll
2008-08-30 11:46:50 ----A---- C:\Windows\system32\wvwgsmlg.dll
2008-08-30 11:40:43 ----N---- C:\Windows\system32\efcBturO.dll
2008-08-30 11:32:38 ----SH---- C:\Windows\system32\vdaosiag.ini
2008-08-30 11:32:36 ----N---- C:\Windows\system32\gaisoadv.dll
2008-08-30 11:32:28 ----A---- C:\Windows\system32\cdrkohvu.dll
2008-08-30 11:29:27 ----ASH---- C:\Windows\system32\HkkknUtv.ini2
2008-08-30 02:36:43 ----A---- C:\Windows\system32\vgmsfhix.dll
2008-08-30 02:33:43 ----A---- C:\Windows\system32\kdgmjatw.dll
2008-08-30 02:30:46 ----A---- C:\Windows\system32\iabdig.dll
2008-08-30 02:30:44 ----A---- C:\Windows\system32\kblxuhsc.dll
2008-08-30 02:27:43 ----A---- C:\Windows\system32\fopvwwsc.dll
2008-08-30 02:24:44 ----A---- C:\Windows\system32\rwxwupge.exe
2008-08-30 02:21:46 ----SH---- C:\Windows\system32\yhvjyxld.ini
2008-08-30 02:18:43 ----A---- C:\Windows\system32\psxvwumn.dll
2008-08-30 02:15:44 ----A---- C:\Windows\system32\apsxbbxg.dll
2008-08-30 02:13:54 ----A---- C:\Windows\system32\mfdcutqn.dll
2008-08-30 02:09:43 ----ASH---- C:\Windows\system32\ehgMonnn.ini2
2008-08-30 02:09:43 ----ASH---- C:\Windows\system32\ehgMonnn.ini
2008-08-30 02:09:39 ----A---- C:\Windows\system32\nnnoMghe.dll
2008-08-29 22:58:50 ----ASH---- C:\Windows\system32\HkkknUtv.ini
2008-08-29 22:57:33 ----SH---- C:\Windows\system32\lognssgx.ini
2008-08-29 22:52:13 ----A---- C:\Windows\system32\nmkyfhmx.dll
2008-08-29 10:33:52 ----A---- C:\Windows\system32\bnglyb.dll
2008-08-29 10:33:50 ----A---- C:\Windows\system32\maobohiq.dll
2008-08-29 10:33:47 ----A---- C:\Windows\system32\rvbbpkbg.dll
2008-08-29 10:31:31 ----A---- C:\Windows\system32\rurysebk.dll
2008-08-29 10:28:44 ----SH---- C:\Windows\system32\wrlytori.ini
2008-08-29 10:28:41 ----A---- C:\Windows\system32\msidcfvk.exe
2008-08-29 10:26:53 ----A---- C:\Windows\system32\bekgcqqg.dll
2008-08-28 23:05:04 ----ASH---- C:\Windows\system32\jkkUtBeg.ini2
2008-08-28 23:05:04 ----ASH---- C:\Windows\system32\jkkUtBeg.ini
2008-08-28 23:04:54 ----A---- C:\Windows\system32\geBtUkkj.dll
2008-08-28 21:33:31 ----D---- C:\Program Files\Enigma Software Group
2008-08-28 03:24:41 ----D---- C:\Program Files\Lavasoft
2008-08-28 03:24:40 ----D---- C:\ProgramData\Lavasoft
2008-08-28 03:23:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 01:36:43 ----SH---- C:\Windows\system32\oabbinge.ini
2008-08-28 01:33:41 ----A---- C:\Windows\system32\buywmwvo.exe
2008-08-28 01:32:12 ----A---- C:\Windows\system32\dpnxgd.dll
2008-08-28 01:32:12 ----A---- C:\Windows\system32\abrpmmdr.dll
2008-08-27 23:44:43 ----A---- C:\Windows\system32\hwetqyct.dll
2008-08-27 23:31:49 ----SH---- C:\Windows\system32\runxfmoj.ini
2008-08-27 23:26:22 ----A---- C:\Windows\system32\jqkqnplq.dll
2008-08-27 23:25:38 ----ASH---- C:\Windows\system32\WGQsYyxx.ini2
2008-08-27 23:25:38 ----ASH---- C:\Windows\system32\WGQsYyxx.ini
2008-08-27 23:25:34 ----A---- C:\Windows\system32\xxyYsQGW.dll
2008-08-27 09:42:56 ----A---- C:\Windows\system32\mcrh.tmp
2008-08-26 23:46:34 ----A---- C:\Windows\system32\jrumsvbf.dll
2008-08-26 23:43:57 ----SH---- C:\Windows\system32\qgowpykd.ini
2008-08-26 23:43:20 ----A---- C:\Windows\system32\enipxjar.dll
2008-08-26 23:42:23----A----C:\ProgramData\pskt.ini
2008-08-26 23:42:23----A----C:\ProgramData\BM75ae7192.txt
2008-08-26 23:41:55 ----A---- C:\Windows\system32\7dbe8670-.txt
2008-08-26 20:02:09 ----D---- C:\Program Files\Symantec
2008-08-26 20:01:32 ----D---- C:\Program Files\Norton Internet Security
2008-08-26 19:47:24 ----D---- C:\ProgramData\PCSettings
2008-08-26 19:47:19 ----D---- C:\ProgramData\Norton
2008-08-26 19:47:05 ----D---- C:\ProgramData\NortonInstaller
2008-08-26 19:47:05 ----D---- C:\Program Files\NortonInstaller
2008-08-26 18:45:45 ----D---- C:\ProgramData\WEBREG
2008-08-26 18:30:18 ----D---- C:\ProgramData\HP Product Assistant
2008-08-26 18:23:47 ----A---- C:\Windows\system32\hpzids01.dll
2008-08-26 18:23:44 ----A---- C:\Windows\system32\hpzll5mu.dll
2008-08-24 13:23:12 ----ASH---- C:\Windows\system32\npWHNqru.ini2
2008-08-24 13:23:12 ----ASH---- C:\Windows\system32\npWHNqru.ini
2008-08-24 13:18:01 ----A---- C:\Windows\system32\nnnmmjJB.dll
2008-08-23 21:23:05 ----D---- C:\Program Files\Common Files\Adobe
2008-08-23 21:23:05 ----D---- C:\Program Files\Adobe
2008-08-14 00:51:02 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 19:13:03 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 19:13:02 ----A---- C:\Windows\system32\es.dll
2008-08-13 19:12:57 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 19:12:56 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 19:12:56 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 19:12:56 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 19:12:56 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 19:12:56 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 19:10:58 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-13 03:33:18 ----A---- C:\Windows\ntbtlog.txt
2008-08-08 09:15:32 ----D---- C:\Users\AJO170\AppData\Roaming\HP
2008-08-01 15:38:55 ----D---- C:\Program Files\mm.BOT
2008-08-01 15:38:12 ----D---- C:\Windows\mm.BOT
2008-07-31 03:00:49 ----A---- C:\Windows\system32\msshooks.dll
2008-07-31 03:00:48 ----A---- C:\Windows\system32\msscb.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\thawbrkr.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-07-31 03:00:43 ----A---- C:\Windows\system32\propsys.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\propdefs.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\msstrc.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\mssprxy.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\mssitlb.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\msshsq.dll
2008-07-31 03:00:43 ----A---- C:\Windows\system32\korwbrkr.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\xmlfilter.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\wsepno.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\srchadmin.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-07-31 03:00:42 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-07-31 03:00:42 ----A---- C:\Windows\system32\rtffilt.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\offfilt.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\nlhtml.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\msscntrs.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\mimefilt.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\chtbrkr.dll
2008-07-31 03:00:42 ----A---- C:\Windows\system32\chsbrkr.dll
2008-07-31 03:00:41 ----A---- C:\Windows\system32\tquery.dll
2008-07-31 03:00:41 ----A---- C:\Windows\system32\mssvp.dll
2008-07-31 03:00:41 ----A---- C:\Windows\system32\mssrch.dll
2008-07-31 03:00:41 ----A---- C:\Windows\system32\mssphtb.dll
2008-07-31 03:00:41 ----A---- C:\Windows\system32\mssph.dll
2008-07-25 17:57:40 ----D---- C:\Users\AJO170\AppData\Roaming\Download Manager
2008-07-20 10:32:07 ----A---- C:\wepkeys.txt
2008-07-17 11:17:17 ----A---- C:\Windows\system32\javaws.exe
2008-07-17 11:17:17 ----A---- C:\Windows\system32\javaw.exe
2008-07-17 11:17:17 ----A---- C:\Windows\system32\java.exe
2008-07-14 11:36:07 ----D---- C:\Users\AJO170\AppData\Roaming\teamspeak2
2008-07-14 11:35:52 ----D---- C:\Program Files\Teamspeak2_RC2
2008-07-11 22:26:08 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-11 22:25:38 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-11 22:25:35 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-09 23:10:48 ----D---- C:\Windows\Sun
2008-07-09 14:41:34 ----D---- C:\rapget
2008-07-09 08:20:11 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-09 08:20:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-09 08:20:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-09 08:20:08 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-09 08:20:08 ----A---- C:\Windows\system32\emdmgmt.dll
2008-07-09 08:20:04 ----A---- C:\Windows\system32\shell32.dll
2008-07-09 08:19:58 ----A---- C:\Windows\system32\wshext.dll
2008-07-09 08:19:58 ----A---- C:\Windows\system32\wscript.exe
2008-07-09 08:19:58 ----A---- C:\Windows\system32\vbscript.dll
2008-07-09 08:19:58 ----A---- C:\Windows\system32\scrrun.dll
2008-07-09 08:19:58 ----A---- C:\Windows\system32\scrobj.dll
2008-07-09 08:19:58 ----A---- C:\Windows\system32\jscript.dll
2008-07-09 08:19:58 ----A---- C:\Windows\system32\cscript.exe
2008-07-08 02:35:18 ----D---- C:\download
2008-07-08 02:31:27 ----A---- C:\Windows\system32\libssl32.dll
2008-07-08 02:31:25 ----D---- C:\OpenSSL
2008-07-06 15:34:07 ----D---- C:\Program Files\Microsoft Visual Studio
2008-07-06 15:28:57 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-07-03 23:29:34 ----A---- C:\Windows\PhotoSnapViewer.INI
2008-07-02 22:28:04 ----D---- C:\Program Files\Hotspot Shield
2008-07-02 19:18:13 ----A---- C:\BnetLog.txt
2008-07-02 19:13:08 ----D---- C:\Program Files\Diablo II
2008-07-01 23:58:41 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-01 22:36:33 ----D---- C:\Program Files\EA GAMES
2008-07-01 22:36:32 ----RA---- C:\Windows\system32\vp6vfw.dll
2008-06-28 18:30:27 ----D---- C:\ProgramData\Age of Empires 3
2008-06-28 18:22:38 ----D---- C:\Program Files\Common Files\Microsoft Games
2008-06-27 13:29:03 ----D---- C:\Users\AJO170\AppData\Roaming\CyberLink
2008-06-27 11:39:59 ----D---- C:\Users\AJO170\AppData\Roaming\vlc
2008-06-27 11:38:52 ----D---- C:\Program Files\VideoLAN
2008-06-26 17:50:24 ----D---- C:\Program Files\Warcraft III
2008-06-26 17:49:08 ----A---- C:\Windows\NeroDigital.ini
2008-06-26 13:00:08 ----D---- C:\Users\AJO170\AppData\Roaming\Ahead
2008-06-26 02:01:31 ----D---- C:\Users\AJO170\AppData\Roaming\WinRAR
2008-06-26 01:37:18 ----D---- C:\Windows\WinRAR
2008-06-26 01:37:18 ----D---- C:\Program Files\WinRAR
2008-06-26 01:33:18 ----D---- C:\Program Files\PowerISO
2008-06-26 00:44:07 ----D---- C:\ProgramData\Nero
2008-06-26 00:44:07 ----D---- C:\Program Files\Nero
2008-06-26 00:44:07 ----D---- C:\Program Files\Common Files\Ahead
2008-06-25 21:17:45 ----D---- C:\ProgramData\Azureus
2008-06-25 21:17:40 ----D---- C:\Users\AJO170\AppData\Roaming\Azureus
2008-06-25 21:17:03 ----D---- C:\Program Files\Vuze
2008-06-25 18:35:20 ----D---- C:\Users\AJO170\AppData\Roaming\Adobe
2008-06-25 16:06:21 ----SHD---- C:\System Volume Information
2008-06-25 10:08:36 ----D---- C:\ProgramData\LightScribe
2008-06-25 09:38:28 ----D---- C:\Users\AJO170\AppData\Roaming\acccore
2008-06-25 09:37:51 ----D---- C:\ProgramData\acccore
2008-06-25 09:37:46 ----D---- C:\ProgramData\AOL OCP
2008-06-25 09:37:46 ----D---- C:\ProgramData\AOL
2008-06-25 09:36:11 ----D---- C:\Program Files\MSXML 4.0
2008-06-25 09:34:53 ----A---- C:\Windows\system32\EncDec.dll
2008-06-25 09:34:52 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-25 09:34:42 ----A---- C:\Windows\system32\gameux.dll
2008-06-25 09:34:41 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-06-25 09:34:40 ----A---- C:\Windows\system32\gdi32.dll
2008-06-25 09:34:32 ----A---- C:\Windows\system32\winresume.exe
2008-06-25 09:34:32 ----A---- C:\Windows\system32\winload.exe
2008-06-25 09:34:32 ----A---- C:\Windows\system32\kd1394.dll
2008-06-25 09:34:32 ----A---- C:\Windows\system32\ci.dll
2008-06-25 09:34:31 ----A---- C:\Windows\system32\srdelayed.exe
2008-06-25 09:34:31 ----A---- C:\Windows\system32\srcore.dll
2008-06-25 09:34:31 ----A---- C:\Windows\system32\srclient.dll
2008-06-25 09:34:31 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-06-25 09:34:31 ----A---- C:\Windows\system32\rstrui.exe
2008-06-25 09:34:31 ----A---- C:\Windows\system32\kbd106n.dll
2008-06-25 09:34:23 ----A---- C:\Windows\system32\quartz.dll
2008-06-25 09:34:22 ----A---- C:\Windows\system32\fsquirt.exe
2008-06-25 09:33:54 ----D---- C:\Users\AJO170\AppData\Roaming\Mozilla
2008-06-25 09:33:48 ----D---- C:\Program Files\Mozilla Firefox
2008-06-25 09:28:50 ----D---- C:\Users\AJO170\AppData\Roaming\Symantec
2008-06-25 09:28:21 ----D---- C:\Users\AJO170\AppData\Roaming\DigitalPersona
2008-06-25 09:28:09 ----D---- C:\Users\AJO170\AppData\Roaming\Identities
2008-06-25 09:24:54 ----D---- C:\Users\AJO170\AppData\Roaming\Macromedia
2008-06-25 09:23:53 ----D---- C:\Users\AJO170\AppData\Roaming\Hewlett-Packard
2008-06-25 09:21:52 ----D---- C:\ProgramData\Electronic Arts
2008-06-25 09:18:44 ----D---- C:\Program Files\Electronic Arts
2008-06-25 09:18:35 ----A---- C:\Windows\system32\xinput1_2.dll
2008-06-25 09:18:35 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-06-25 09:18:34 ----A---- C:\Windows\system32\xinput1_1.dll
2008-06-25 09:18:34 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-06-25 09:18:34 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-06-25 09:18:29 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-06-25 09:18:28 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-06-25 09:18:28 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-06-25 09:18:28 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-06-25 09:18:28 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-06-25 09:18:27 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-06-25 09:18:26 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-06-25 09:18:26 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-06-25 09:18:25 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-06-25 09:17:47 ----D---- C:\Users\AJO170\AppData\Roaming\Macrovision
2008-06-25 09:17:38 ----D---- C:\Program Files\Common Files\LightScribe
2008-06-25 09:16:46 ----SD---- C:\Users\AJO170\AppData\Roaming\Microsoft
2008-06-25 09:16:46 ----D---- C:\Users\AJO170\AppData\Roaming\Media Center Programs
2008-06-19 19:42:03 ----D---- C:\ProgramData\NVIDIA
2008-06-19 19:39:48 ----D---- C:\Windows\system32\tr
2008-06-19 19:39:48 ----D---- C:\Windows\system32\ru
2008-06-19 19:39:47 ----D---- C:\Windows\system32\ko
2008-06-19 19:39:47 ----D---- C:\Windows\system32\ja
2008-06-19 19:39:47 ----D---- C:\Windows\system32\it
2008-06-19 19:39:47 ----D---- C:\Windows\system32\fr
2008-06-19 19:39:47 ----D---- C:\Windows\system32\es
2008-06-19 19:39:47 ----D---- C:\Windows\system32\de
2008-06-19 19:39:46 ----D---- C:\Windows\DPDrv
2008-06-19 19:39:30 ----D---- C:\ProgramData\Macrovision
2008-06-19 19:39:30 ----D---- C:\Program Files\DigitalPersona
2008-06-19 19:36:36 ----D---- C:\ProgramData\WildTangent
2008-06-19 19:32:37 ----D---- C:\Program Files\HPQ
2008-06-19 19:32:36 ----A---- C:\Windows\system32\BttnCmns_64.dll
2008-06-19 19:32:36 ----A---- C:\Windows\system32\BttnCmns.dll
2008-06-19 19:32:36 ----A---- C:\Windows\system32\BttnCmn.dll
2008-06-19 19:32:18 ----D---- C:\ProgramData\CyberLink
2008-06-19 19:32:01 ----A---- C:\Windows\system32\msxml4r.dll
2008-06-19 19:32:01 ----A---- C:\Windows\system32\msxml4a.dll
2008-06-19 19:31:28 ----N---- C:\Windows\system32\atl71.dll
2008-06-19 19:25:12 ----A---- C:\Windows\system32\BtwRSupport.dll
2008-06-19 19:25:07 ----D---- C:\Windows\system32\es-MX
2008-06-19 19:25:07 ----D---- C:\Windows\system32\es-AR
2008-06-19 19:25:03 ----D---- C:\Program Files\WIDCOMM
2008-06-19 19:24:00 ----D---- C:\Windows\system32\ENU
2008-06-19 19:23:59 ----D---- C:\Windows\system32\Lang
2008-06-19 19:23:59 ----D---- C:\Program Files\Intel
2008-06-19 19:23:59 ----A---- C:\Windows\system32\imsmudlg.exe
2008-06-19 19:23:59 ----A---- C:\Windows\system32\difxapi.dll
2008-06-19 19:23:53 ----D---- C:\Program Files\Marvell
2008-06-19 19:22:31 ----A---- C:\Windows\system32\rixdicon.dll
2008-06-19 19:22:30 ----A---- C:\Windows\system32\snymsico.dll
2008-06-19 19:22:16 ----D---- C:\Program Files\NetWaiting
2008-06-19 19:22:04 ----D---- C:\Program Files\CONEXANT
2008-06-19 19:21:26 ----D---- C:\Program Files\Apoint2K
2008-06-19 19:21:01 ----A---- C:\Windows\system32\nvexpbar.dll
2008-06-19 19:21:01 ----A---- C:\Windows\system32\nvcpluir.dll
2008-06-19 19:21:01 ----A---- C:\Windows\system32\nvcplui.exe
2008-06-19 19:20:01 ----D---- C:\Windows\system32\Hauppauge
2008-06-19 19:20:00 ----D---- C:\Program Files\WinTV
2008-06-19 19:20:00 ----A---- C:\Windows\system32\hcwpnp32.dll
2008-06-19 19:19:59 ----A---- C:\Windows\system32\hcwutl32_priv.dll
2008-06-19 19:19:59 ----A---- C:\Windows\system32\hcwutl32.dll
2008-06-19 19:19:59 ----A---- C:\Windows\system32\hcwi2c32.dll
2008-06-19 19:19:52 ----D---- C:\Intel
2008-06-19 19:19:21 ----A---- C:\Windows\system32\NETw4r32.dll
2008-06-19 19:19:21 ----A---- C:\Windows\system32\NETw4c32.dll
2008-06-19 19:19:06 ----D---- C:\Program Files\Fingerprint Sensor
2008-06-19 19:18:54 ----A---- C:\Windows\system32\nvwssr.dll
2008-06-19 19:18:54 ----A---- C:\Windows\system32\nvwss.dll
2008-06-19 19:18:54 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvvitvs.dll
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvuninst.exe
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvudisp.exe
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvsvc.dll
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvoglv32.dll
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-06-19 19:18:53 ----A---- C:\Windows\system32\nvmobls.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvmctray.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvmccssr.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvmccss.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvmccs.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvgamesr.dll
2008-06-19 19:18:52 ----A---- C:\Windows\system32\nvgames.dll
2008-06-19 19:18:51 ----A---- C:\Windows\system32\nvdispsr.dll
2008-06-19 19:18:51 ----A---- C:\Windows\system32\nvdisps.dll
2008-06-19 19:18:50 ----A---- C:\Windows\system32\nvd3dum.dll
2008-06-19 19:18:50 ----A---- C:\Windows\system32\nvcpl.dll
2008-06-19 19:18:50 ----A---- C:\Windows\system32\nvcolor.exe
2008-06-19 19:18:50 ----A---- C:\Windows\system32\nvcod100.dll
2008-06-19 19:18:50 ----A---- C:\Windows\system32\nvcod.dll
2008-06-19 19:18:50 ----A---- C:\Windows\system32\nvapi.dll
2008-06-19 19:18:50 ----A---- C:\Windows\system32\dpinst.exe
2008-06-19 19:18:34 ----A---- C:\Windows\system32\WdfCoinstaller01005.dll
2008-06-19 19:18:34 ----A---- C:\Windows\system32\Vxdif.dll
2008-06-19 19:18:28 ----A---- C:\Windows\system32\UCI32M21.dll
2008-06-19 19:18:27 ----A---- C:\Windows\system32\mdmxsdk.dll
2008-06-19 19:18:18 ----A---- C:\Windows\system32\UCI32A22.dll
2008-06-19 19:18:18 ----A---- C:\Windows\system32\CnxtAp32.dll
2008-06-19 19:13:57 ----D---- C:\Windows\SoftwareDistribution
2008-06-19 19:10:07 ----D---- C:\Windows\Prefetch

List of drivers

R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\Windows\system32\drivers\NIS\1000000.067\BHDrvx86.sys [2008-08-26 249392]
R1 ccHP;Symantec Hash Provider; \??\C:\Windows\system32\drivers\NIS\1000000.067\ccHPx86.sys [2008-08-26 360808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20080711.001\IDSVix86.sys [2008-08-26 287280]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-06-10 81288]
R1 pctfw2;pctfw2; \??\C:\Windows\System32\drivers\pctfw2.sys [2008-08-30 160792]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.067\SRTSP.SYS [2008-08-26 305200]
R1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.067\SRTSPX.SYS [2008-08-26 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-08-26 25136]
R1 SYMTDI;SYMTDI; \??\C:\Windows\system32\drivers\NIS\1000000.067\SYMTDI.SYS [2008-08-26 197168]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-04-18 141312]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-20 19456]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-08-29 99376]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080828.050\NAVENG.SYS [2008-08-26 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080828.050\NAVEX15.SYS [2008-08-26 873552]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-19 7626400]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-20 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.067\SYMDNS.SYS [2008-08-26 12976]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-08-26 123952]
R3 SYMFW;SYMFW; \??\C:\Windows\system32\drivers\NIS\1000000.067\SYMFW.SYS [2008-08-26 90800]
R3 SYMNDISV;SYMNDISV; \??\C:\Windows\system32\drivers\NIS\1000000.067\SYMNDISV.SYS [2008-08-26 40496]
R3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.067\SYMREDRV.SYS [2008-08-26 24752]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2008-08-30 33088]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-01 183352]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\system32\drivers\megasr.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-28 611664]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2007-09-20 299008]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-06-27 84440]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.103\ccSvcHst.exe [2008-08-26 120680]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2008-08-30 66880]
S2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Edited by tarnation, 01 September 2008 - 08:01 PM.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 03 September 2008 - 02:22 PM

Hi Tarnation and welcome to BleepingComputer. :thumbsup:

Hijackthis warning

HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.
If you do not have advanced knowledge about computers you should NOT fix entries using HijackThis without consulting an expert on using this program.

If you did fix some entrys using Hijackthis follow the below instructions. If NOT then skip the next part telling you how to restoring the backups.

Restoring Hijackthis backups

Open HijackThis, and click on "View the list of Backups".
Place a check mark next to everything in that window.
Click Restore, then click Yes
Reboot your computer, this is an important step.
Run HijackThis and post a new HijackThis log for review.
More information can be found here.

Peer-to-Peer, View Point and Weather Bug programs Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Emule). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

You appear to have Weather Bug installed. The free version of Weather Bug is generally considered to be adware. As such, it is up to you whether you wish to remove it or leave it installed. The information here and here may help you decide. If you wish to uninstall this: First, right click the WeatherBug icon in the systray and disable it, then go to Add/Remove Programs and uninstall from there.

Thanks :)

Download and Run Combofix

Before we start please disabe any anti-virus programs or any real-time protection that is enabled.
Please refer to this page if your unsure how.
  • Please follow the instructions for running Combofix from here
  • Please read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.
    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


  • Download the appropriate Windows XP setup boot disk and drag it on Combofix like the image below:
    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • After you succusfully install the recovery console, will see this window.
    Posted Image
    Please select Yes.
  • Combofix will then run, when combofix it finished, it will create a log for you. Please copy and paste that log in your next reply.
Note:
Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

------------
For your next reply please provide the following:
  • Combofix log
  • How is your computer running?
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:08:43 PM

Posted 08 September 2008 - 08:50 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users