Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log


  • This topic is locked This topic is locked
18 replies to this topic

#1 Daimeion

Daimeion

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 24 September 2008 - 05:28 PM

Greetings anti-malware gurus.

I have a customer's PC who has a vundo type infection. She used AVG to get rid of some of it, and I use Malware Bytes, Spybot S&D, Ad-Aware 2008 to get rid of what was left. However, when IE is brought up, pop-ups for Registry Defender, OVGuide, and other websites will start appearing. I found many entries for programs starting with "hp" in the windows firewall. I removed those entries. Please review the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:21 PM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222213801015
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpcdll32.dll
O20 - Winlogon Notify: fc91b131442 - C:\WINDOWS\System32\dpcdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

--
End of file - 9733 bytes

Thanks for your time!

Daimeion

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 04 October 2008 - 10:08 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 06 October 2008 - 10:37 AM

Billy,

Thanks for replying! I will post the logs today.

Daimeion

#4 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 06 October 2008 - 03:31 PM

OK, here we go.

OTViewIt logfile created on: 10/6/2008 8:55:19 AM - Run
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 118.24 Mb Available Physical Memory | 23.49% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.16% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.80 Gb Total Space | 158.81 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.71 Gb Free Space | 22.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/08/04 05:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
[2004/08/04 05:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[2004/08/04 05:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/09/23 12:38:03 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/06/10 16:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/14 20:55:55 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2005/07/25 06:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/06/08 13:48:26 | 00,195,360 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/01/11 18:54:42 | 00,061,856 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
[2008/08/14 20:56:00 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/08/14 20:55:56 | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2005/06/08 10:59:06 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/06/08 11:03:08 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2005/05/10 17:50:42 | 00,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[2006/02/19 03:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2004/12/16 18:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2007/12/11 13:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/11 18:54:52 | 00,166,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
[2008/08/14 20:55:56 | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/08/04 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[2007/07/20 22:22:27 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2005/05/03 18:43:50 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/05/03 18:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2005/05/04 10:01:36 | 02,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2005/06/08 11:02:22 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[1998/05/07 09:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2008/06/23 02:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/08/14 20:56:04 | 00,540,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\aAvgApi.exe
[2008/10/06 08:55:07 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/23 12:38:03 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Alerter [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe -- (ALG [On_Demand | Running])
[2004/10/22 14:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [On_Demand | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AudioSrv [Auto | Running])
[2008/08/14 20:55:56 | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/14 20:55:55 | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BITS [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Browser [Auto | Running])
[2004/08/04 05:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (CryptSvc [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (DcomLaunch [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dhcp [Auto | Running])
[2004/08/04 05:00:00 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (dmserver [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dnscache [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ERSvc [Auto | Running])
[2004/08/04 05:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EventSystem [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (FastUserSwitchingCompatibility [On_Demand | Running])
[2004/08/04 05:00:00 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxssvc.exe -- (Fax [On_Demand | Stopped])
[2007/02/15 20:05:53 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (helpsvc [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HidServ [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HTTPFilter [On_Demand | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,150,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
[2007/12/11 13:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanserver [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanworkstation [Auto | Running])
[2005/07/25 06:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (LmHosts [Auto | Running])
[2008/06/08 13:48:26 | 00,195,360 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Messenger [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
[2005/05/04 15:45:36 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Netman [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Nla [On_Demand | Running])
[2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (NtmsSvc [On_Demand | Stopped])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
[2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
[2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
[2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasAuto [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasMan [On_Demand | Running])
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteAccess [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RpcSs [Auto | Running])
[2004/08/04 05:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe -- (RSVP [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
[2004/08/04 05:00:00 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Schedule [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (seclogon [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SENS [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SharedAccess [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ShellHWDetection [Auto | Running])
[2005/06/10 16:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (srservice [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SSDPSRV [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (stisvc [Auto | Running])
[2004/08/04 05:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TapiSrv [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TermService [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Themes [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TrkWks [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (upnphost [On_Demand | Running])
[2004/08/04 05:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe -- (UPS [On_Demand | Stopped])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Stopped])
[2004/08/04 05:00:00 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe -- (VSS [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (W32Time [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WebClient [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (winmgmt [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WmdmPmSN [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wscsvc [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wuauserv [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WudfSvc [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WZCSVC [Auto | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (xmlprov [On_Demand | Stopped])
[2008/01/11 18:54:42 | 00,061,856 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
[2008/01/11 18:55:38 | 02,138,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Auto | Running])
[2008/01/11 18:54:58 | 00,245,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/03/22 20:17:34 | 00,450,400 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB [On_Demand | Running])
[2004/08/04 05:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI [Boot | Running])
[2004/08/04 05:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
[2006/02/14 17:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
[2008/06/20 03:44:38 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD [System | Running])
[2005/06/30 13:16:26 | 01,094,848 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
[2004/07/27 12:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])
[2004/08/04 12:00:00 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394 [On_Demand | Running])
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2004/08/04 05:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
[2001/08/17 13:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub [On_Demand | Running])
[2008/08/14 20:56:13 | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/08/14 20:56:11 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/08/14 20:56:19 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2003/11/05 15:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
[2004/08/04 12:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
[2004/08/04 05:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
[2004/08/04 05:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom [System | Running])
[2004/08/04 05:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk [Boot | Running])
[2004/08/04 05:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload [Disabled | Stopped])
[2004/08/04 06:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
[2004/08/04 06:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
[2004/10/14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2004/08/04 05:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
[2004/08/04 05:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc [System | Stopped])
[2004/08/04 05:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
[2004/08/04 05:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk [System | Stopped])
[2006/08/21 02:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
[2004/08/04 05:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk [Boot | Running])
[2005/04/14 21:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\glaide32.sys -- (glaide32 [System | Stopped])
[2004/08/04 05:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc [On_Demand | Running])
[2005/01/08 00:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/08 00:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2001/08/17 14:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb [On_Demand | Stopped])
[2006/04/12 18:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/12 18:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/03/16 17:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP [On_Demand | Running])
[2004/08/03 23:14:38 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt [System | Running])
[2005/06/08 11:27:04 | 01,050,140 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005/03/09 18:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2004/08/04 05:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi [System | Running])
[2005/06/08 16:22:20 | 03,160,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/04 05:00:00 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde [Boot | Running])
[2004/08/04 05:00:00 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2004/08/04 05:00:00 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp [On_Demand | Stopped])
[2004/09/29 15:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat [On_Demand | Running])
[2004/08/04 05:00:00 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec [System | Running])
[2004/08/04 05:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp [Boot | Running])
[2004/08/03 22:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass [System | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2006/06/14 01:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Running])
[2004/08/04 12:00:00 | 00,092,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
[2004/06/08 12:36:28 | 00,013,105 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2004/06/08 12:35:18 | 00,054,817 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou [On_Demand | Running])
[2004/06/08 12:34:48 | 00,024,637 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2004/06/08 12:35:26 | 00,038,081 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Stopped])
[2004/06/08 12:35:08 | 00,071,533 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Running])
[2004/06/08 12:36:20 | 00,014,975 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
[2004/08/04 12:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Stopped])
[2004/08/03 22:58:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass [System | Running])
[2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
[2007/12/18 02:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV [On_Demand | Running])
[2006/05/05 02:41:45 | 00,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb [System | Running])
[2004/08/04 05:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
[2004/08/04 05:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
[2004/08/04 05:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
[2004/08/04 05:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
[2004/08/04 12:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios [On_Demand | Running])
[2004/08/04 05:00:00 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
[2007/10/08 20:29:26 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2004/08/04 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
[2004/08/04 05:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi [On_Demand | Running])
[2004/08/04 12:00:00 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio [On_Demand | Running])
[2004/08/04 05:00:00 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan [On_Demand | Running])
[2004/08/04 05:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
[2004/08/04 05:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS [System | Running])
[2004/08/04 05:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT [System | Running])
[2004/08/04 12:00:00 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394 [On_Demand | Running])
[2004/08/04 05:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
[2007/02/09 04:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
[2004/08/04 05:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
[2004/08/04 05:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,061,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394 [Boot | Running])
[2004/08/04 12:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
[2004/08/04 05:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI [Boot | Running])
[2004/08/04 05:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2004/08/04 05:00:00 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
[2004/08/04 05:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport [On_Demand | Running])
[2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched [On_Demand | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/19 04:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 05:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd [System | Running])
[2004/08/04 05:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
[2004/08/04 05:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe [On_Demand | Running])
[2004/08/04 05:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti [On_Demand | Running])
[2006/05/05 02:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss [System | Running])
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD [System | Running])
[2005/06/09 21:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
[2004/08/03 22:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook [System | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial [Auto | Stopped])
[2004/08/04 05:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2006/06/14 01:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys -- (sr [Boot | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2006/08/14 03:34:41 | 00,332,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv [On_Demand | Running])
[2004/08/04 12:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum [On_Demand | Running])
[2001/08/17 21:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
[2004/08/04 06:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Running])
[2008/06/20 03:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip [System | Running])
[2004/08/04 05:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
[2004/08/04 08:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD [System | Running])
[2004/08/04 05:00:00 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
[2007/04/23 03:32:54 | 00,364,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys -- (Update [On_Demand | Running])
[2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/04 00:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/08/04 05:00:00 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub [On_Demand | Running])
[2004/08/04 00:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint [On_Demand | Stopped])
[2004/08/03 23:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor [On_Demand | Running])
[2004/08/04 05:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci [On_Demand | Running])
[2004/08/04 05:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave [System | Running])
[2004/08/04 05:00:00 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2004/08/04 05:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/08/04 05:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp [On_Demand | Running])
[2006/06/14 02:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Running])
[2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/01/11 18:39:34 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus [Auto | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"D-Link AirPlus XtremeG"=C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.)
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2006/02/19 05:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/07/15 11:56:56 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add To HP Organize...: C:\Program Files\Hewlett-Packard\HP Organize\bin [2005/09/01 17:19:55 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 09:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\Software\Microsoft\Internet Explorer\MenuExt\]
Add To HP Organize...: C:\Program Files\Hewlett-Packard\HP Organize\bin [2005/09/01 17:19:55 | 00,000,000 | ---D | M]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 09:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/08/14 13:39:52 | 01,562,448 | ---- | M] (Safer Networking Limited)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2005/09/01 17:22:50 | 00,000,735 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2005/09/01 17:22:50 | 00,000,735 | ---- | M] ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/08/14 13:39:52 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3561194634-2220908179-2487719719-1009\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2008/08/14 13:39:52 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1222213801015 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{0CB62287-7D7B-47C1-9F9B-821B3ABA79B8} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{2FE201CE-6628-46DC-93CF-75A7DB152B13} (Servers: | Description: 1394 Net Adapter)
{B00E081A-3927-4699-BBB4-7452B1F63DDB} (Servers: | Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.:thumbsup:)
{B79CD0E0-7DB7-4724-A9D0-ED3179536593} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\System32\dpcdll32.dll
>[2008/09/11 17:39:12 | 00,126,976 | ---- | M] () -- C:\WINDOWS\system32\dpcdll32.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2004/08/04 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

"UIHost"=logonui.exe
>[2004/08/04 05:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>[2007/10/25 20:36:51 | 08,454,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
>[2004/08/04 05:00:00 | 00,298,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sysdm.cpl


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
fc91b131442: "DllName" = C:\WINDOWS\System32\dpcdll32.dll -- C:\WINDOWS\system32\dpcdll32.dll ()
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>[2004/08/04 05:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msapsspc.dll
>[2007/04/25 07:21:15 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2004/08/04 05:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\digest.dll
>[2004/08/04 05:00:00 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msnsspc.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,
>[2004/08/04 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,
>[2005/06/15 10:49:30 | 00,295,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
>[2004/08/04 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
>[2007/04/25 07:21:15 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2004/08/04 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/09/01 17:15:11 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 20:36:51 | 08,454,656 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2008/10/06 08:54:53 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/09/24 16:33:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/09/24 15:34:40 | 00,323,616 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/24 15:34:40 | 00,004,388 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/24 15:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/09/24 15:31:30 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/24 15:31:11 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/09/24 15:31:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/09/24 15:30:56 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/24 15:30:34 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/24 15:30:34 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/09/24 15:30:21 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/09/24 15:30:21 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/09/24 15:30:13 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/09/24 15:30:12 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/09/24 15:30:12 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/09/24 15:30:11 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/09/24 15:30:11 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/09/24 15:30:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/09/24 15:30:11 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/09/24 15:30:09 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/09/24 15:30:09 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/24 15:29:34 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/09/24 15:29:34 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/09/24 15:29:34 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/09/24 15:29:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/09/24 15:27:59 | 46,829,456 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\zlsSetup_70_483_000_en.exe
[2008/09/24 15:07:55 | 00,000,000 | ---D | C] -- C:\Deckard
[2008/09/24 13:34:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/09/24 11:42:28 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/09/24 11:42:28 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/09/24 11:42:28 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/09/24 11:42:27 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/09/24 11:42:27 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/09/24 11:42:26 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/09/24 11:42:25 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/09/24 11:42:25 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/09/24 11:42:24 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/24 11:19:53 | 00,000,853 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2008/09/24 11:19:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/24 11:19:28 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/23 16:13:24 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/09/23 16:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2008/09/23 16:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/23 16:09:21 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2008/09/23 16:09:21 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2008/09/23 16:09:21 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/09/23 16:09:21 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2008/09/23 15:34:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/09/23 15:34:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/09/23 15:33:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/09/23 15:32:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/09/23 15:32:16 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/09/23 15:32:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/09/23 15:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My Received Files
[2008/09/23 14:27:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/09/23 14:27:17 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/23 14:01:15 | 00,003,496 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/23 12:36:53 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/23 12:36:53 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/23 12:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/23 12:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/23 12:35:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/23 11:15:14 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/23 11:15:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/09/23 11:15:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/23 11:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2008/09/23 11:02:15 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/23 11:02:14 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/23 11:02:13 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/23 11:02:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/23 11:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/23 10:51:58 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner.lnk
[2008/09/23 10:51:57 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/09/23 10:45:38 | 00,686,630 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\dss.exe
[2008/09/23 10:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Spyware Tools
[2008/09/23 10:44:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\PC Tools
[2008/09/16 18:45:09 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\the widom project.wps
[2008/09/14 18:59:03 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\the pearl.wps
[2008/09/11 17:39:12 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dpcdll32.dll
[2008/09/08 19:29:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2008/10/06 08:56:15 | 00,325,664 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/06 08:55:07 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTViewIt.exe
[2008/10/06 08:54:38 | 00,000,946 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\020000001d26735dP.manifest
[2008/10/06 08:51:26 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/06 08:51:25 | 28,294,481 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/06 08:47:27 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2008/10/06 08:45:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/06 08:43:56 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/06 08:43:41 | 00,000,107 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\020000001d26735dS.manifest
[2008/10/06 08:43:25 | 00,001,208 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\020000001d26735dC.manifest
[2008/10/06 08:43:22 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/06 08:43:17 | 00,000,331 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\020000001d26735dO.manifest
[2008/10/06 08:42:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 08:42:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/06 08:42:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/25 09:10:24 | 00,004,388 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/24 16:34:33 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/24 16:34:33 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/09/24 16:34:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/24 15:33:02 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/24 15:29:31 | 46,829,456 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\zlsSetup_70_483_000_en.exe
[2008/09/24 13:34:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/24 11:19:53 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2008/09/23 19:49:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/23 15:42:21 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\desktop.ini
[2008/09/23 14:31:42 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/23 14:01:15 | 00,003,496 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/23 12:36:53 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/23 12:36:53 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/23 11:15:14 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/23 11:11:44 | 00,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2008/09/23 11:02:15 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/23 10:51:58 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner.lnk
[2008/09/23 10:14:04 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/18 21:18:39 | 00,249,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/17 21:14:44 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\the widom project.wps
[2008/09/17 21:14:44 | 00,002,764 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2008/09/14 18:59:04 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\the pearl.wps
[2008/09/11 17:39:12 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\dpcdll32.dll
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 19:30:32 | 00,000,000 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\020000001d26735dR.manifest
[2008/09/06 15:36:36 | 00,873,425 | -HS- | M] () -- C:\WINDOWS\System32\twaaJkkj.ini2
< End of report >


OTViewIt Extras logfile created on: 10/6/2008 8:55:20 AM - Run
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 118.24 Mb Available Physical Memory | 23.49% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.16% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.80 Gb Total Space | 158.81 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.71 Gb Free Space | 22.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/12/11 13:10:18 | 17,152,808 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2005/09/01 17:20:06 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2007/11/30 19:18:41 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/09/01 17:20:06 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2004/10/13 16:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/11/30 19:18:41 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/08/14 20:55:56 | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/08/14 20:55:56 | 00,640,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2007/12/11 13:10:18 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -- C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/11/30 19:18:42 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 05:00:00 | 01,428,480 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/05/27 02:04:28 | 00,137,216 | ---- | M] (Microsoft Corporation) c:\WINDOWS\system32\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/14 20:56:02 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/11 11:50:43 | 00,683,520 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/05/27 02:04:28 | 00,137,216 | ---- | M] (Microsoft Corporation) c:\WINDOWS\system32\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 09:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 22:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/03 10:27:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 05:00:00 | 01,428,480 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 05:00:00 | 00,075,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 09:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/25 20:36:51 | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 05:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}"=Zune Language Pack (FR)
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}"=CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}"=IntelliMover Data Transfer Demo
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}"=iTunes
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}"=Microsoft Plus! Dancer LE
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}"=CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{2466E904-7E48-4597-9321-722CF02930EB}"=5600
"{2C3D719A-92C7-4323-89CC-C937D0267B84}"=muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}"=HP Deskjet Printer Preload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}"=Logitech SetPoint
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}"=McAfee SiteAdvisor
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{45EBDA59-D33B-433A-956E-B2F236468B56}"=MUSICMATCH® Jukebox
"{4C590030-7469-453E-8589-D15DA9D03F52}"=ANIWZCS2 Service
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}"=NewCopy
"{57B2281D-A34A-4a48-8C68-169B8873659D}"=c4100_Help
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}"=HP PSC & OfficeJet 5.3.B
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{70545C06-47EC-41B4-8829-011B289A809F}"=6100
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{7583239A-D4BE-48CA-A253-396122B3D3E9}"=Zune
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}"=AiOSoftware
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}"=AirPlus XtremeG
"{7B1DA06C-4F50-48DB-902C-4EA9C5846C0C}"=6100_Help
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}"=ANIO Service
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}"=ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8D2B09E2-6B04-4960-B780-4B0CE90780EE}"=LightScribe 1.4.39.1
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B49E5189-A263-423B-BA00-BAAA54CE2C3E}"=6100Tour
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5C209B1-8DDB-4642-A573-375B951514CB}"=Apple Mobile Device Support
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{B6A594F0-84D4-4BB7-896C-63DD223BF5A2}"=6100Trb
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}"=CP_Package_Variety2
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}"=HP Software Update
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}"=iPod for Windows 2006-06-28
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}"=HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}"=Office 2003 Tour
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}"=5600Trb
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}"=HP Photosmart Cameras 5.0
"{C871525F-7116-4d26-BA6D-215F59B6F88B}"=C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}"=5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}"=Fax
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}"=HP Organize
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}"=CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0D51394-1D45-460A-B62D-383BC4F8B335}"=QuickTime
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}"=Zune Language Pack (ES)
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}"=DocumentViewer
"Adobe Shockwave Player"=Adobe Shockwave Player
"Agere Systems Soft Modem"=Agere Systems PCI Soft Modem
"AVG8Uninstall"=AVG Free 8.0
"ccleaner"=CCleaner (remove only)
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 7.0
"HP Game Console"=HP Game Console and games
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"HPOCR"=OCR Software by I.R.I.S 7.0
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}"=AirPlus XtremeG
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}"=iPod for Windows 2006-06-28
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KBD"=Enhanced Multimedia Keyboard Solution
"malwarebytes' anti-malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pocket Tanks_is1"=Pocket Tanks v1.3
"PROSet"=Intel® PRO Network Connections Drivers
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA"=WildTangent Web Driver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 10
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm"=ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2008 12:04:50 AM | Computer Name = YOUR-27E1513D96 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 8/25/2008 9:48:34 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application .ttC6.tmp, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2008 11:49:52 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 8.0.0.134, faulting module
avgtray.exe, version 8.0.0.134, fault address 0x000454cc.

Error - 8/25/2008 11:50:32 PM | Computer Name = YOUR-27E1513D96 | Source = Application Hang | ID = 1002
Description = Hanging application .ttC6.tmp.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2008 9:20:17 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 8.0.0.134, faulting module
avgtray.exe, version 8.0.0.134, fault address 0x000454a9.

Error - 8/31/2008 5:38:29 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application ptloader.exe, version 0.0.0.0, faulting module
dmusic.dll, version 5.3.2600.2180, fault address 0x0000d404.

Error - 8/31/2008 5:39:17 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1001
Description = Fault bucket 379058555.

Error - 9/11/2008 8:42:20 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 9/20/2008 9:12:21 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 9/24/2008 5:16:03 AM | Computer Name = YOUR-27E1513D96 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 9/25/2008 11:27:28 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:29 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/25/2008 11:27:30 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/6/2008 11:42:46 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2


< End of report >

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 06, 2008 13:05:11
Records in database: 1294374
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 75774
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:17:27


File name / Threat name / Threats count
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
D:\I386\Apps\APP07578\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.


Thanks for the help!

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 06 October 2008 - 08:06 PM

Hello, Daimeion.

You're welcome :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\System32\twaaJkkj.ini2
    C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE
    D:\I386\Apps\APP07578\src\HPSummer2005.exe
    C:\WINDOWS\System32\dpcdll32.dll
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fc91b131442]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New HiJack This log
  • ESET OnlineScan's Log

Billy3

Edited by Billy O'Neal, 06 October 2008 - 08:06 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 07 October 2008 - 03:37 PM

Here's the logs. By the way, 2 IE windows popped up with ads while replying, so think we still have some work to do!

========== FILES ==========
C:\WINDOWS\System32\twaaJkkj.ini2 moved successfully.
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE moved successfully.
D:\I386\Apps\APP07578\src\HPSummer2005.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dpcdll32.dll
C:\WINDOWS\System32\dpcdll32.dll NOT unregistered.
C:\WINDOWS\System32\dpcdll32.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fc91b131442\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"":commands /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10072008_084133



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:01 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222213801015
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: ":command,C:\WINDOWS\System32\dpcdll32.dll
O20 - Winlogon Notify: fc91b131442 - C:\WINDOWS\System32\dpcdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9749 bytes


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3501 (20081007)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9b0be651ad837049aa0e9f0169eeabdd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-07 06:42:54
# local_time=2008-10-07 11:42:54 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=391994
# found=0
# scan_time=9848


Thanks,

Daimeion

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 07 October 2008 - 08:39 PM

Hello, Daimeion.
Yep.. seems it's reinstalling itself :thumbsup:

We need to run ComboFix.In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 October 2008 - 04:02 PM

Here you go.

ComboFix 08-10-08.01 - HP_Owner 2008-10-08 13:37:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfxcqqvf.ini2
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\JknpoXbc.ini2
C:\WINDOWS\system32\KUBKnUtv.ini2
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-07 08:45 . 2008-10-07 11:42 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-07 08:41 . 2008-10-07 08:41 <DIR> d-------- C:\_OTMoveIt
2008-09-24 15:34 . 2008-10-08 13:45 11,841,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 15:34 . 2008-10-08 13:42 159,620 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 15:31 . 2008-09-24 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-24 15:31 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-24 15:31 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-09-24 15:31 . 2008-09-24 15:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-09-24 15:30 . 2008-09-24 15:30 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-24 15:29 . 2008-10-08 13:35 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-24 15:07 . 2008-09-24 15:07 <DIR> d-------- C:\Deckard
2008-09-24 11:42 . 2008-06-23 09:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-24 11:42 . 2007-04-17 02:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-24 11:42 . 2007-03-07 22:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-24 11:42 . 2008-06-23 09:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-24 11:42 . 2008-06-23 09:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-24 11:42 . 2008-06-23 09:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-24 11:42 . 2008-06-23 09:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-24 11:42 . 2008-06-23 09:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-24 11:42 . 2008-06-23 02:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-24 11:19 . 2008-09-24 11:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 16:10 . 2008-09-23 16:10 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-23 16:09 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-23 15:32 . 2008-09-24 13:34 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-23 14:01 . 2008-09-23 14:01 3,496 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-23 12:36 . 2008-09-23 12:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-23 12:36 . 2008-09-23 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-23 12:35 . 2008-09-23 12:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 11:15 . 2008-09-23 11:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-23 11:15 . 2008-09-23 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-23 11:02 . 2008-09-23 10:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-23 11:02 . 2008-09-23 11:02 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-09-23 11:02 . 2008-09-23 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-23 11:02 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-23 11:02 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 10:51 . 2008-09-23 10:51 <DIR> d-------- C:\Program Files\CCleaner
2008-09-11 17:39 . 2008-10-07 08:41 126,976 --a------ C:\WINDOWS\system32\dpcdll32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 23:09 --------- d-----w C:\Program Files\Java
2008-09-23 18:11 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-09-18 04:14 2,764 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-09-14 16:25 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-08-26 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-15 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-15 03:56 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-15 03:56 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-15 03:56 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 03:23 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-08-15 00:58 --------- d-----w C:\Program Files\LimeWire
2008-08-15 00:50 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-14 22:58 --------- d-----w C:\Program Files\AVG
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-09 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-01 180269]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 166304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-14 1232152]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-10-08 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fc91b131442]
2008-10-07 08:41 126976 C:\WINDOWS\system32\dpcdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\dpcdll32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-03-30 22:12 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-08 00:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-14 96520]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-14 873752]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-14 231192]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-14 76040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2008-06-08 195360]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
S1 glaide32;glaide32;C:\WINDOWS\system32\drivers\glaide32.sys [ ]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-09-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-08 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - %~$path:i
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 13:44:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\dpcdll32.dll

PROCESS: C:\WINDOWS\explorer.exe
-> c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> C:\WINDOWS\System32\dpcdll32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Zune\ZuneNss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-08 13:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 20:48:18

Pre-Run: 170,222,755,840 bytes free
Post-Run: 170,230,231,040 bytes free

223 --- E O F --- 2008-09-24 20:34:50


Thanks!

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 08 October 2008 - 07:58 PM

Hello, Daimeion.
That looks much better. How are things running?

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to run a scan using the F-Secure Online Scanner
  • Please follow the link to the F-Secure Online Scanner
    Note: This Scanner is for Internet Explorer Only!
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • F-Secure OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 October 2008 - 03:03 PM

Billy,

It's still popping up the extra IE windows.

I ran both, but unfortunately the F-secure scan IE window disappeared before I could collect a log. I did see that it had found 10 virus items an 11 spyware items, and cleaned them, but I was not able to collect the log. Should I run it again? Here's the OT log:

========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_092921

Edited by Daimeion, 09 October 2008 - 03:03 PM.


#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 09 October 2008 - 03:08 PM

Hello, Daimeion.
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Hmm.. something's gotta be hiding in there :thumbsup:

We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 October 2008 - 06:02 PM

Billy,

I got the F-secure scan to complete finally, which finished before I saw yor post. I'm including it just in case.

Scanning Report
Thursday, October 09, 2008 13:05:52 - 15:08:43
Computer name: YOUR-27E1513D96
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 12 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adinterax (spyware)
System
Trojan-Downloader.Win32.Agent (virus)
System
Trojan-Downloader.Win32.Agent.aghx (virus)
C:\_OTMOVEIT\MOVEDFILES\10072008_084133\WINDOWS\SYSTEM32\DPCDLL32.DLL (Renamed & Submitted)
C:\WINDOWS\SYSTEM32\DPCDLL32.DLL (Renamed & Submitted)
Vundo.gen197 (virus)
C:\WINDOWS\SYSTEM32\2640B00C__.INI (Submitted)
C:\WINDOWS\SYSTEM32\4025F00C__.INI (Submitted)
C:\WINDOWS\SYSTEM32\404DA00C__.INI (Submitted)
C:\WINDOWS\SYSTEM32\C834700C__.INI (Submitted)
C:\WINDOWS\SYSTEM32\E358800C__.INI (Submitted)
C:\WINDOWS\SYSTEM32\FD8F200C__.INI (Submitted)
C:\WINDOWS\SYSTEM32\XWSCMGSC.INI (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 47751
System: 4915
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 10
Submitted: 9
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\SQLITE_DJNYG4BHKRFRWTP
C:\WINDOWS\TEMP\SQLITE_Q6JFKOYCJRFF7SL
C:\WINDOWS\TEMP\SQLITE_ZNNS9UVQW7W3PBV
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Blacklight: 1.0.68
F-Secure Hydra: 2.8.8110, 2008-10-09
F-Secure Pegasus: 1.20.0, 2008-09-01
F-Secure AVP: 7.0.171, 2008-10-09
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2008-10-09 15:43:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C08 805039BC 1 Byte [ 40 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C0A 805039BE 2 Bytes [ AA, AA ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 10, 35, AA, AA, 70, 98, AA, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C84 80503A38 8 Bytes [ 20, FF, A9, AA, E0, B6, AA, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E8C 80503C40 8 Bytes [ 50, C2, AA, AA, B0, BC, AA, ... ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys

---- EOF - GMER 1.0.12 ----

Thanks for the time!

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 09 October 2008 - 06:14 PM

Looks good. How are things running?

Please post a fresh HJT Log :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 Daimeion

Daimeion
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 October 2008 - 06:35 PM

No self-generating windows so far! Hopefully that stays.

Here's HJT log

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2008-10-09 15:43:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C08 805039BC 1 Byte [ 40 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C0A 805039BE 2 Bytes [ AA, AA ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 10, 35, AA, AA, 70, 98, AA, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C84 80503A38 8 Bytes [ 20, FF, A9, AA, E0, B6, AA, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E8C 80503C40 8 Bytes [ 50, C2, AA, AA, B0, BC, AA, ... ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [AA2645A8] avgtdix.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [AAAB4C20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [AA26543E] avgtdix.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [AAAB4C20] vsdatant.sys

---- EOF - GMER 1.0.12 ----

I'll let you know if I get any new activity.

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:23 AM

Posted 09 October 2008 - 06:41 PM

Eh... did you just copy and paste the wrong one?

Should begin with Logfile of Trend Micro HiJack This....

Billy3

Edited by Billy O'Neal, 09 October 2008 - 06:41 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users